Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, June 03, 2005 11:41:19 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : D:\ADWARE~1\AD-AWA~1\AD-AWA~1\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
CSI Fingerprints total : 886
CSI data size : 30371 Bytes
Target categories : 15
Target families : 679
03-06-2005 11:31:39 AM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R49 31.05.2005
Internal build : 57
File location : D:\ADWARE~1\AD-AWA~1\AD-AWA~1\defs.ref
File size : 481469 Bytes
Total size : 1455496 Bytes
Signature data size : 1423833 Bytes
Reference data size : 31151 Bytes
Signatures total : 40572
CSI Fingerprints total : 902
CSI data size : 31096 Bytes
Target categories : 15
Target families : 692
03-06-2005 11:31:53 AM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium III
Memory available:8 %
Total physical memory:129520 kb
Available physical memory:10268 kb
Total page file size:425872 kb
Available on page file:186876 kb
Total virtual memory:2097024 kb
Available virtual memory:2028568 kb
OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects
03-06-2005 11:41:19 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 324
ThreadCreationTime : 03-06-2005 5:56:50 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 372
ThreadCreationTime : 03-06-2005 5:56:52 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 396
ThreadCreationTime : 03-06-2005 5:56:53 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 440
ThreadCreationTime : 03-06-2005 5:56:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 452
ThreadCreationTime : 03-06-2005 5:56:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 620
ThreadCreationTime : 03-06-2005 5:57:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 644
ThreadCreationTime : 03-06-2005 5:57:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 744
ThreadCreationTime : 03-06-2005 5:57:01 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 788
ThreadCreationTime : 03-06-2005 5:57:02 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 952
ThreadCreationTime : 03-06-2005 5:57:05 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:11 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1076
ThreadCreationTime : 03-06-2005 5:57:06 PM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:12 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1312
ThreadCreationTime : 03-06-2005 5:57:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:13 [pgl.exe]
ModuleName : C:\WINDOWS\System32\pgl.exe
Command Line : "C:\WINDOWS\System32\pgl.exe"
ProcessID : 1360
ThreadCreationTime : 03-06-2005 5:57:17 PM
BasePriority : Normal
#:14 [hpztsb03.exe]
ModuleName : C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
Command Line : "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe"
ProcessID : 1368
ThreadCreationTime : 03-06-2005 5:57:17 PM
BasePriority : Normal
FileVersion : 2,40,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2001
#:15 [msgplus.exe]
ModuleName : D:\MsgPlus.exe
Command Line : "D:\MsgPlus.exe"
ProcessID : 1404
ThreadCreationTime : 03-06-2005 5:57:20 PM
BasePriority : Normal
#:16 [avgupsvc.exe]
ModuleName : D:\AVG7~1\avgupsvc.exe
Command Line : D:\AVG7~1\avgupsvc.exe
ProcessID : 1444
ThreadCreationTime : 03-06-2005 5:57:20 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:17 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1492
ThreadCreationTime : 03-06-2005 5:57:21 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe
#:18 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1564
ThreadCreationTime : 03-06-2005 5:57:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:19 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 1600
ThreadCreationTime : 03-06-2005 5:57:23 PM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe
#:20 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1612
ThreadCreationTime : 03-06-2005 5:57:24 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:21 [qttask.exe]
ModuleName : D:\quicktime\qttask.exe
Command Line : "D:\quicktime\qttask.exe" -atboottime
ProcessID : 1648
ThreadCreationTime : 03-06-2005 5:57:25 PM
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe
#:22 [zlclient.exe]
ModuleName : D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
Command Line : n/a
ProcessID : 1748
ThreadCreationTime : 03-06-2005 5:57:30 PM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : zlclient.exe
#:23 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 1816
ThreadCreationTime : 03-06-2005 5:57:34 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:24 [msnmsgr.exe]
ModuleName : C:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
ProcessID : 1880
ThreadCreationTime : 03-06-2005 5:57:40 PM
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe
#:25 [vsmon.exe]
ModuleName : C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
Command Line : n/a
ProcessID : 1084
ThreadCreationTime : 03-06-2005 5:59:32 PM
BasePriority : Normal
FileVersion : 5.5.094.000
ProductVersion : 5.5.094.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2005, Zone Labs, LLC
OriginalFilename : vsmon.exe
#:26 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 1308
ThreadCreationTime : 03-06-2005 5:59:45 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:27 [avgamsvr.exe]
ModuleName : D:\AVG7~1\avgamsvr.exe
Command Line : D:\AVG7~1\avgamsvr.exe
ProcessID : 208
ThreadCreationTime : 03-06-2005 5:59:47 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:28 [avgemc.exe]
ModuleName : D:\AVG7~1\avgemc.exe
Command Line : "D:\AVG7~1\avgemc.exe"
ProcessID : 568
ThreadCreationTime : 03-06-2005 5:59:50 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgemc.exe
#:29 [avgcc.exe]
ModuleName : D:\AVG 7\avgcc.exe
Command Line : "D:\AVG 7\avgcc.exe" /HIDE
ProcessID : 676
ThreadCreationTime : 03-06-2005 5:59:50 PM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:30 [winamp.exe]
ModuleName : D:\spybot s & d\Winamp\winamp.exe
Command Line : "D:\spybot s & d\Winamp\winamp.exe"
ProcessID : 2520
ThreadCreationTime : 03-06-2005 6:05:55 PM
BasePriority : Normal
FileVersion : 5.01
ProductVersion : 5.01
ProductName : Winamp
CompanyName : Nullsoft
FileDescription : Winamp
InternalName : WINAMP
LegalCopyright : Copyright © 1997-2003, Nullsoft, Inc.
LegalTrademarks : Nullsoft and Winamp are trademarks of Nullsoft, Inc.
OriginalFilename : Winamp.exe
Comments : Visit http://www.winamp.com/ for updates.
#:31 [acrord32.exe]
ModuleName : D:\Adobe\Reader\AcroRd32.exe
Command Line : "D:\Adobe\Reader\AcroRd32.exe" /o
ProcessID : 3340
ThreadCreationTime : 03-06-2005 6:14:27 PM
BasePriority : Normal
FileVersion : 6.0.2.2004051800
ProductVersion : 6.0.2.2004051800
ProductName : Adobe Reader
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Reader 6.0
LegalCopyright : Copyright 1984-2004 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroRd32.exe
#:32 [wisptis.exe]
ModuleName : C:\WINDOWS\System32\wisptis.exe
Command Line : "C:\WINDOWS\System32\wisptis.exe" -Embedding
ProcessID : 3496
ThreadCreationTime : 03-06-2005 6:15:48 PM
BasePriority : High
FileVersion : 1.0.2201.0 (xpsp1.020828-1920)
ProductVersion : 1.0.2201.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft Tablet PC Platform Component
InternalName : WISPTIS.EXE
LegalCopyright : Copyright © 1998-2002 Microsoft Corporation.
OriginalFilename : WISPTIS.EXE
#:33 [uwdf.exe]
ModuleName : C:\WINDOWS\System32\uWDF.exe
Command Line : "C:\WINDOWS\System32\uWDF.exe" -iDeviceEndpoint:d2d1941a-b00a-4f24-9df2-d28f61c09ae1 -iFrameworkEndpoint:db9edcfa-dcf5-41a3-afa4-a1a4000c2616 -regPath:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WDF\Services\{63432f85-815a-4a44-be78-cbdf484
ProcessID : 3980
ThreadCreationTime : 03-06-2005 6:23:27 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User-Mode Driver Framework
InternalName : uwdf.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : uwdf.exe
#:34 [firefox.exe]
ModuleName : F:\Firefox\firefox.exe
Command Line : "F:\Firefox\firefox.exe"
ProcessID : 376
ThreadCreationTime : 03-06-2005 6:27:29 PM
BasePriority : Normal
#:35 [ad-aware.exe]
ModuleName : D:\ADWARE~1\AD-AWA~1\AD-AWA~1\AD-AWARE.EXE
Command Line : "D:\ADWARE~1\AD-AWA~1\AD-AWA~1\AD-AWARE.EXE" /598853 +483832
ProcessID : 1240
ThreadCreationTime : 03-06-2005 6:31:01 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:36 [rtqxfki.exe]
ModuleName : c:\windows\system32\rtqxfki.exe
Command Line : c:\windows\system32\rtqxfki.exe -startwatcher
ProcessID : 2100
ThreadCreationTime : 03-06-2005 6:35:10 PM
BasePriority : Normal
Warning! "c:\windows\system32\rtqxfki.exe"Process could not be terminated!
"c:\windows\system32\rtqxfki.exe"Process terminated successfully
#:37 [packager.exe]
ModuleName : c:\windows\system32\packager.exe
Command Line : packager.exe
ProcessID : 2172
ThreadCreationTime : 03-06-2005 6:35:16 PM
BasePriority : Realtime
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Packager application file
InternalName : PACKAGER
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : PACKAGER.EXE
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{00000049-8f91-4d9c-9573-f016e7626484}
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ceresdll.ceresdllobj.1
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : ceresdll.ceresdllobj
SurfSideKickBHO Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\surf sidekick
SurfSideKickBHO Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\surf sidekick
Value : UninstallString
WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admanager controller
WindUpdates Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admanager controller
Value : DownloadPath
WindUpdates Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admanager controller
Value : Language
WindUpdates Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admanager controller
Value : SoftwareTable
WindUpdates Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admanager controller
Value : LastUpdate
WindUpdates Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admanager controller
Value : reqcount
WindUpdates Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\admanager controller
Value : track
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer\browser helper objects\{00000049-8f91-4d9c-9573-f016e7626484}
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 15
Objects found so far: 15
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 10
Category : Malware
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 10
Category : Malware
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : DisplayName
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 10
Category : Malware
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : URLInfoAbout
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 10
Category : Malware
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Publisher
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 10
Category : Malware
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : HelpLink
Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 10
Category : Malware
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Contact
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 21
CometSystems Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {fe6bc4ef-5676-484b-88ae-883323913256}
CometSystems Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {fe6bc4ef-5676-484b-88ae-883323913256}
CometSystems Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-19\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {fe6bc4ef-5676-484b-88ae-883323913256}
CometSystems Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-20\software\microsoft\internet explorer\toolbar\Webbrowser
Value : {fe6bc4ef-5676-484b-88ae-883323913256}
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david pan@real[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Pan\Cookies\david pan@real[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david pan@centrport[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Pan\Cookies\david pan@centrport[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david pan@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Pan\Cookies\david pan@mediaplex[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david pan@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Pan\Cookies\david pan@serving-sys[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david pan@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Pan\Cookies\david pan@fastclick[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david pan@tickle[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Pan\Cookies\david pan@tickle[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david pan@0[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Pan\Cookies\david pan@0[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Pan\Cookies\david [email protected][1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david pan@casalemedia[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Pan\Cookies\david pan@casalemedia[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david pan@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Pan\Cookies\david pan@trafficmp[2].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : david pan@linksynergy[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\David Pan\Cookies\david pan@linksynergy[1].txt
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 36
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Coulomb Dialer Object Recognized!
Type : File
Data : Groove.x32
TAC Rating : 5
Category : Dialer
Comment :
Object : C:\WINDOWS\SYSTEM32\MACROMED\Shockwave 8\xtras\download\TheGrooveAlliance\3DGrooveXtrav18\
FileVersion : 1, 8, 0, 0
ProductVersion : 1, 8, 0, 0
ProductName : GROOVE
FileDescription : GROOVE
InternalName : GROOVE
LegalCopyright : Copyright 2001
OriginalFilename : GROOVE.x32
VX2 Object Recognized!
Type : File
Data : Buddy.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 1.0.2.5
ProductVersion : 1.0.2.5
ProductName : Buddy Window
CompanyName : Direct Revenue
FileDescription : Buddy
InternalName : Buddy.exe
LegalCopyright : © Direct Revenue. All rights reserved.
OriginalFilename : Buddy.exe
Comments : Browser window for Direct Revenue
Object "ceres.dll" found in this archive.
VX2 Object Recognized!
Type : File
Data : ceres.cab
TAC Rating : 10
Category : Malware
Comment : Object "ceres.dll" found in this archive.
Object : C:\Documents and Settings\David Pan\Local Settings\Temp\DrTemp\
Object "spike.exe" found in this archive.
MediaMotor Object Recognized!
Type : File
Data : ceres.cab
TAC Rating : 8
Category : Malware
Comment : Object "spike.exe" found in this archive.
Object : C:\Documents and Settings\David Pan\Local Settings\Temp\DrTemp\
VX2 Object Recognized!
Type : File
Data : ceres.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\Documents and Settings\David Pan\Local Settings\Temp\DrTemp\
FileVersion : 0, 12, 4, 100
ProductVersion : 0, 12, 4, 100
ProductName : Ceres
CompanyName : Ceres
FileDescription : www.abetterinternet.com
InternalName : Ceres
LegalCopyright : Copyright © 2005
OriginalFilename : Ceres.dll
Comments : www.abetterinternet.com
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41
Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41
Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 41
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 41
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSI4d3OfSInst
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSC4n3trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CST4o3pListSPos
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSs4t3icky1S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSs4t3icky2S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSs4t3icky3S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSs4t3icky4S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSC1o4d3eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CST4i3m6eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSD4s3tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CS4N3a6tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSP4D3om
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CST4h3rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CST4h3rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSM4o3deSSync
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSI4n3ProgSCab
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSI4n3ProgSEx
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSI4n3ProgSLstest
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSE4v3nt
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSL4a3stMotsSDay
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSL4a3stSSChckin
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSB4D3om
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CST4h3rshSBath
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CST4h3rshSysSInf
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSL4n3Title
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSC4u3rrentSMode
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSC4n3tFyl
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSI4g3noreS
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\ceres
Value : CSS4t3atusOfSInst
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor\xml
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\vendor
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
VX2 Object Recognized!
Type : Folder
TAC Rating : 10
Category : Malware
Comment : VX2
Object : C:\DOCUME~1\DAVIDP~1\LOCALS~1\Temp\DrTemp
VX2 Object Recognized!
Type : File
Data : ceres.inf
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\inf\
WindUpdates Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager
WindUpdates Object Recognized!
Type : Folder
TAC Rating : 8
Category : Malware
Comment : WindUpdates
Object : C:\Program Files\Admanager Controller
WindUpdates Object Recognized!
Type : File
Data : AdManComm.dll
TAC Rating : 8
Category : Malware
Comment :
Object : C:\Program Files\admanager controller\
Other Object Recognized!
Type : File
Data : BUDDY.EXE-1A39421A.pf
TAC Rating : 7
Category : Malware
Comment :
Object : C:\WINDOWS\prefetch\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 39
Objects found so far: 80
11:57:18 AM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:15:58.479
Objects scanned:105977
Objects identified:81
Objects ignored:0
New critical objects:81