Ad-Aware SE Build 1.05
Logfile Created on:Friday, May 13, 2005 8:07:50 PM
Using definitions file:SE1R45 13.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):8 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):19 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R45 13.05.2005
Internal build : 53
File location : C:\PROGRA~1\PROTEC~1\Lavasoft\AD-AWA~1\defs.ref
File size : 473168 Bytes
Total size : 1430575 Bytes
Signature data size : 1399518 Bytes
Reference data size : 30545 Bytes
Signatures total : 39932
Fingerprints total : 881
Fingerprints size : 30173 Bytes
Target categories : 15
Target families : 672
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:83 %
Total physical memory:2096624 kb
Available physical memory:1723036 kb
Total page file size:4034808 kb
Available on page file:3804856 kb
Total virtual memory:2097024 kb
Available virtual memory:2035324 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Move deleted files to Recycle Bin
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects
5-13-2005 8:07:50 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Adam J. Berman\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-861567501-1788223648-839522115-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-861567501-1788223648-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-861567501-1788223648-839522115-1003\software\smartftp\connection data
Description : list of recently accessed servers using smartftp
MRU List Object Recognized!
Location: : S-1-5-21-861567501-1788223648-839522115-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 476
ThreadCreationTime : 5-14-2005 12:07:32 AM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 532
ThreadCreationTime : 5-14-2005 12:07:36 AM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 556
ThreadCreationTime : 5-14-2005 12:07:38 AM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 600
ThreadCreationTime : 5-14-2005 12:07:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 612
ThreadCreationTime : 5-14-2005 12:07:38 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 772
ThreadCreationTime : 5-14-2005 12:07:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 828
ThreadCreationTime : 5-14-2005 12:07:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 892
ThreadCreationTime : 5-14-2005 12:07:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 940
ThreadCreationTime : 5-14-2005 12:07:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 996
ThreadCreationTime : 5-14-2005 12:07:39 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [wbload.exe]
ModuleName : C:\Program Files\Themes\WindowBlinds\wbload.exe
Command Line : smartload
ProcessID : 1200
ThreadCreationTime : 5-14-2005 12:07:40 AM
BasePriority : Normal
FileVersion : 4.4
ProductVersion : 4.4
ProductName : WindowBlinds - http://www.windowblinds.net
CompanyName : Stardock Systems, Inc
FileDescription : WindowBlinds
InternalName : WindowBlinds
LegalCopyright : Copyright © 1997-2004 Neil Banfield, © 1998-2004 Stardock.Net, Inc
OriginalFilename : WindowBlinds
Comments : This is the WindowBlinds launcher app. Please do not delete this file. If you want to uninstall WindowBlinds, then use the uninstaller!
#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1280
ThreadCreationTime : 5-14-2005 12:07:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [userinit.exe]
ModuleName : C:\WINDOWS\system32\userinit.exe
Command Line : C:\WINDOWS\system32\userinit.exe
ProcessID : 1480
ThreadCreationTime : 5-14-2005 12:07:43 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Userinit Logon Application
InternalName : userinit
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : USERINIT.EXE
#:14 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1500
ThreadCreationTime : 5-14-2005 12:07:43 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:15 [razertra.exe]
ModuleName : C:\Program Files\Razer\razertra.exe
Command Line : "C:\Program Files\Razer\razertra.exe"
ProcessID : 1628
ThreadCreationTime : 5-14-2005 12:07:44 AM
BasePriority : Normal
FileVersion : 4.0.0.3
ProductVersion : 4.0.0.3
ProductName : Razer Customizer Tray Application
CompanyName : Razer Inc.
FileDescription : Razer Customizer Tray Application
InternalName : razertra
LegalCopyright : Copyright © 2004 Razer Inc.
OriginalFilename : razertra.exe
#:16 [hpwuschd2.exe]
ModuleName : C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
Command Line : "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
ProcessID : 1656
ThreadCreationTime : 5-14-2005 12:07:44 AM
BasePriority : Normal
FileVersion : 2, 0, 39, 0
ProductVersion : 2, 0, 39, 0
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard Company
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd2.exe
#:17 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 1664
ThreadCreationTime : 5-14-2005 12:07:44 AM
BasePriority : Normal
FileVersion : 2.1.1.0
ProductVersion : 2.1.5
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2004
OriginalFilename : HpCmpMgr.exe
#:18 [vrmonnt.exe]
ModuleName : C:\Program Files\Protection\ViRobotXP\vrmonnt.exe
Command Line : "C:\Program Files\Protection\ViRobotXP\vrmonnt.exe" Main
ProcessID : 1680
ThreadCreationTime : 5-14-2005 12:07:44 AM
BasePriority : Normal
FileVersion : 2004, 9, 6, 1
ProductVersion : 2004, 9, 6, 1
ProductName : vrmonnt application
CompanyName : HAURI
FileDescription : vrmonnt application
InternalName : vrsvcexe
LegalCopyright : Copyright © 1998, 2002
OriginalFilename : vrmonnt application
Comments : Sunny Kim
#:19 [vrres.exe]
ModuleName : C:\Program Files\Protection\ViRobotXP\Vrres.exe
Command Line : "C:\Program Files\Protection\ViRobotXP\Vrres.exe"
ProcessID : 1688
ThreadCreationTime : 5-14-2005 12:07:44 AM
BasePriority : Normal
FileVersion : 2002, 10, 5, 1
ProductVersion : 2002, 10, 5, 1
ProductName : VrRes Application.
CompanyName : ©HAURI
InternalName : VrRes
LegalCopyright : Copyright © 1998 - 2000
OriginalFilename : VrRes.EXE
#:20 [firewall.exe]
ModuleName : C:\Program Files\Protection\The Shield Firewall\FireWall.exe
Command Line : "C:\PROGRAM FILES\PROTECTION\THE SHIELD FIREWALL\FIREWALL.EXE"
ProcessID : 1712
ThreadCreationTime : 5-14-2005 12:07:44 AM
BasePriority : Normal
FileVersion : 2, 1, 0, 0
ProductVersion : 3, 1, 0, 0
ProductName : Shield Firewall
CompanyName : NextAisle
FileDescription : Firewall
InternalName : Firewall
LegalCopyright : CopyRigth © 2003
OriginalFilename : Firewall
Comments : CopyRight
#:21 [regmech.exe]
ModuleName : C:\Program Files\Protection\Registry Mechanic\RegMech.exe
Command Line : "C:\Program Files\Protection\Registry Mechanic\RegMech.exe" /QS
ProcessID : 1728
ThreadCreationTime : 5-14-2005 12:07:44 AM
BasePriority : Normal
FileVersion : 4.00.0101
ProductVersion : 4.00.0101
ProductName : Registry Mechanic
CompanyName : PCTools
FileDescription : Registry Mechanic 4.0
InternalName : RegMech
LegalCopyright : Copyright © 2004. Distributed by PC Tools Pty Ltd
OriginalFilename : RegMech.exe
#:22 [ctsysvol.exe]
ModuleName : C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
Command Line : "C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
ProcessID : 1756
ThreadCreationTime : 5-14-2005 12:07:44 AM
BasePriority : Normal
FileVersion : 1.1.3.0
ProductVersion : 1.0.0.0
ProductName : Creative Volume Control
CompanyName : Creative Technology Ltd
FileDescription : CTSysVol.exe
LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.
OriginalFilename : CTSysVol.exe
#:23 [ctdvddet.exe]
ModuleName : C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
Command Line : "C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
ProcessID : 1764
ThreadCreationTime : 5-14-2005 12:07:45 AM
BasePriority : Normal
FileVersion : 1.0.2.0
ProductVersion : 1.0.2.0
ProductName : CTDVDDET
CompanyName : Creative Technology Ltd
FileDescription : CTDVDDET
InternalName : CTDVDDET
LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.
OriginalFilename : CTDVDDET.EXE
#:24 [cthelper.exe]
ModuleName : C:\WINDOWS\system32\CTHELPER.EXE
Command Line : "C:\WINDOWS\system32\CTHELPER.EXE"
ProcessID : 1772
ThreadCreationTime : 5-14-2005 12:07:45 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 11
ProductVersion : 1, 0, 0, 11
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper MFC Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE
#:25 [sbdrvdet.exe]
ModuleName : C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe
Command Line : "C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
ProcessID : 1808
ThreadCreationTime : 5-14-2005 12:07:45 AM
BasePriority : Normal
FileVersion : 1.0.3.0
ProductVersion : 1.0.0.0
ProductName : Creative Sound Blaster Drive Detector
CompanyName : Creative Technology Ltd
FileDescription : SBDrvDet.exe
LegalCopyright : Copyright © Creative Technology Ltd., 2002. All rights reserved.
OriginalFilename : SBDrvDet.exe
#:26 [ad-aware.exe]
ModuleName : C:\Program Files\Protection\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe
Command Line : "C:\Program Files\Protection\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" +c
ProcessID : 1880
ThreadCreationTime : 5-14-2005 12:07:46 AM
BasePriority : Normal
FileVersion : 6.2.0.207
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:27 [aim.exe]
ModuleName : C:\PROGRA~1\AIM\aim.exe
Command Line : "C:\PROGRA~1\AIM\aim.exe" -cnetwait.odl
ProcessID : 1952
ThreadCreationTime : 5-14-2005 12:07:46 AM
BasePriority : Normal
FileVersion : 5.9.3702
ProductVersion : 5.9.3702
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE
#:28 [cursorxp.exe]
ModuleName : C:\Program Files\Themes\CursorXP\CursorXP.exe
Command Line : "C:\Program Files\Themes\CursorXP\CursorXP.exe"
ProcessID : 1960
ThreadCreationTime : 5-14-2005 12:07:46 AM
BasePriority : High
#:29 [cteaxspl.exe]
ModuleName : C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE
Command Line : "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play
ProcessID : 1988
ThreadCreationTime : 5-14-2005 12:07:47 AM
BasePriority : Normal
FileVersion : 1, 1, 0, 4
ProductVersion : 1, 1, 0, 4
ProductName : CTEaxSpl
CompanyName : Creative Technology Ltd.
FileDescription : Startup Splash
InternalName : CTEaxSpl
LegalCopyright : Copyright © Creative Technology Ltd. 2001
OriginalFilename : CTEaxSpl.EXE
Comments : Startup Splash
#:30 [hposm.exe]
ModuleName : C:\Program Files\HP\hpcoretech\soln\HPOSM.exe
Command Line : "C:\Program Files\HP\hpcoretech\soln\HPOSM.exe" -Embedding
ProcessID : 2028
ThreadCreationTime : 5-14-2005 12:07:47 AM
BasePriority : Normal
FileVersion : 2.1.5
ProductVersion :
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Solution Manager Module
InternalName : HP Solution Manager Module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2004
OriginalFilename : HPOSM.exe
#:31 [hptskmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe" -Embedding
ProcessID : 224
ThreadCreationTime : 5-14-2005 12:07:47 AM
BasePriority : Normal
FileVersion : 2.1.5
ProductVersion : 2.1.5
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Task Management Component
InternalName : HP Task Management Component
LegalCopyright : Copyright © Hewlett-Packard. 2002-2004
OriginalFilename : HPTskMgr.exe
#:32 [ctsvccda.exe]
ModuleName : C:\WINDOWS\system32\CTsvcCDA.exe
Command Line : C:\WINDOWS\system32\CTsvcCDA.exe
ProcessID : 524
ThreadCreationTime : 5-14-2005 12:07:50 AM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE
#:33 [ewidoctrl.exe]
ModuleName : C:\Program Files\Protection\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\Protection\ewido\security suite\ewidoctrl.exe"
ProcessID : 148
ThreadCreationTime : 5-14-2005 12:07:50 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:34 [ewidoguard.exe]
ModuleName : C:\Program Files\Protection\ewido\security suite\ewidoguard.exe
Command Line : n/a
ProcessID : 756
ThreadCreationTime : 5-14-2005 12:07:50 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AUI3d5OfSInst
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AUC3n5trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AUs3t5icky1S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AUs3t5icky2S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AUs3t5icky3S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AUs3t5icky4S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AUC1o3d5eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AUT3i5m7eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AUD3s5tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AU3N5a7tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AUP3D5om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AUT3h5rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AUT3h5rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AUM3o5deSSync
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AUI3n5ProgSCab
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AUI3n5ProgSEx
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-861567501-1788223648-839522115-1003\software\aurora
Value : AUI3n5ProgSLstest
Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 27
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 27
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 28
8:12:46 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:04:55.532
Objects scanned:118152
Objects identified:20
Objects ignored:0
New critical objects:20