Ad-Aware SE Build 1.05 Logfile Created on:Wednesday, May 04, 2005 11:53:45 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R42 28.04.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» BargainBuddy(TAC index:8):1 total references CoolWebSearch(TAC index:10):18 total references Possible Browser Hijack attempt(TAC index:3):3 total references Search Relevancy(TAC index:5):2 total references Tracking Cookie(TAC index:3):1 total references WindUpdates(TAC index:8):2 total references VX2(TAC index:10):19 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R42 28.04.2005 Internal build : 49 File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 466557 Bytes Total size : 1403889 Bytes Signature data size : 1373297 Bytes Reference data size : 30080 Bytes Signatures total : 39226 Fingerprints total : 836 Fingerprints size : 28245 Bytes Target categories : 15 Target families : 654 Memory + processor status: ========================== Number of processors : 1 Processor architecture : Intel Pentium IV Memory available:39 % Total physical memory:458224 kb Available physical memory:174984 kb Total page file size:1081268 kb Available on page file:837304 kb Total virtual memory:2097024 kb Available virtual memory:2042236 kb OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600) Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Write-protect system files after repair (Hosts file, etc.) Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 5-4-2005 11:53:45 PM - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 688 ThreadCreationTime : 5-5-2005 3:50:02 AM BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 756 ThreadCreationTime : 5-5-2005 3:50:06 AM BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 780 ThreadCreationTime : 5-5-2005 3:50:08 AM BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 828 ThreadCreationTime : 5-5-2005 3:50:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 840 ThreadCreationTime : 5-5-2005 3:50:08 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch ProcessID : 992 ThreadCreationTime : 5-5-2005 3:50:10 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 1044 ThreadCreationTime : 5-5-2005 3:50:10 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 1084 ThreadCreationTime : 5-5-2005 3:50:10 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 1160 ThreadCreationTime : 5-5-2005 3:50:10 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1280 ThreadCreationTime : 5-5-2005 3:50:11 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [ccsetmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" ProcessID : 1604 ThreadCreationTime : 5-5-2005 3:50:12 AM BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:12 [ccevtmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" ProcessID : 1636 ThreadCreationTime : 5-5-2005 3:50:13 AM BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:13 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 1796 ThreadCreationTime : 5-5-2005 3:50:14 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:14 [ccproxy.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccProxy.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" ProcessID : 1892 ThreadCreationTime : 5-5-2005 3:50:14 AM BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:15 [navapsvc.exe] ModuleName : C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe Command Line : "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" ProcessID : 1940 ThreadCreationTime : 5-5-2005 3:50:15 AM BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:16 [savscan.exe] ModuleName : C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe Command Line : "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe" ProcessID : 2036 ThreadCreationTime : 5-5-2005 3:50:15 AM BasePriority : Normal ProductVersion : 9.2 ProductName : Symantec AntiVirus AutoProtect CompanyName : Symantec Corporation FileDescription : Symantec AntiVirus Scanner InternalName : SAVSCAN LegalCopyright : Copyright (c) 2004 Symantec Corporation OriginalFilename : SAVSCAN.EXE #:17 [sndsrvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ProcessID : 252 ThreadCreationTime : 5-5-2005 3:50:15 AM BasePriority : Normal FileVersion : 5.3.2.67 ProductVersion : 5.3 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003 Symantec Corporation OriginalFilename : SndSrvc.exe #:18 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc ProcessID : 312 ThreadCreationTime : 5-5-2005 3:50:16 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:19 [symlcsvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ProcessID : 528 ThreadCreationTime : 5-5-2005 3:50:16 AM BasePriority : Normal FileVersion : 1, 8, 48, 77 ProductVersion : 1, 8, 48, 77 ProductName : Symantec Core Component CompanyName : Symantec Corporation FileDescription : Symantec Core Component InternalName : symlcsvc LegalCopyright : Copyright (C) 2003 OriginalFilename : symlcsvc.exe #:20 [wanmpsvc.exe] ModuleName : C:\WINDOWS\wanmpsvc.exe Command Line : "C:\WINDOWS\wanmpsvc.exe" ProcessID : 596 ThreadCreationTime : 5-5-2005 3:50:17 AM BasePriority : Normal FileVersion : 7, 0, 0, 2 ProductVersion : 7, 0, 0, 2 ProductName : America Online CompanyName : America Online, Inc. FileDescription : Wan Miniport (ATW) Service InternalName : WanMPSvc LegalCopyright : Copyright © 2001 America Online, Inc. OriginalFilename : WanMPSvc.exe #:21 [symwsc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" ProcessID : 1244 ThreadCreationTime : 5-5-2005 3:50:17 AM BasePriority : Normal FileVersion : 2005.1.2.20 ProductVersion : 2005.1 ProductName : Norton Security Center CompanyName : Symantec Corporation FileDescription : Norton Security Center Service InternalName : SymWSC.exe LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation OriginalFilename : SymWSC.exe #:22 [d3rm.exe] ModuleName : C:\WINDOWS\system32\d3rm.exe Command Line : "C:\WINDOWS\system32\d3rm.exe" /r ProcessID : 1572 ThreadCreationTime : 5-5-2005 3:50:25 AM BasePriority : Normal VX2 Object Recognized! Type : Process Data : d3rm.exe Category : Malware Comment : (CSI MATCH) Object : C:\WINDOWS\system32\ Warning! VX2 Object found in memory(C:\WINDOWS\system32\d3rm.exe) "C:\WINDOWS\system32\d3rm.exe"Process terminated successfully "C:\WINDOWS\system32\d3rm.exe"Process terminated successfully #:23 [alg.exe] ModuleName : C:\WINDOWS\System32\alg.exe Command Line : C:\WINDOWS\System32\alg.exe ProcessID : 2080 ThreadCreationTime : 5-5-2005 3:50:25 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Application Layer Gateway Service InternalName : ALG.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : ALG.exe #:24 [netxh.exe] ModuleName : C:\WINDOWS\system32\netxh.exe Command Line : "C:\WINDOWS\system32\netxh.exe" ProcessID : 2324 ThreadCreationTime : 5-5-2005 3:50:27 AM BasePriority : Normal #:25 [realsched.exe] ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot ProcessID : 2512 ThreadCreationTime : 5-5-2005 3:50:28 AM BasePriority : Normal FileVersion : 0.1.0.1566 ProductVersion : 0.1.0.1566 ProductName : RealOne Player (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:26 [sistray.exe] ModuleName : C:\WINDOWS\System32\sistray.EXE Command Line : "C:\WINDOWS\System32\sistray.EXE" ProcessID : 2624 ThreadCreationTime : 5-5-2005 3:50:29 AM BasePriority : Normal FileVersion : 0.0.0.2081 ProductVersion : 0.0.0.2081 ProductName : SiS (R) Compatible Super VGA SiSTray application for Windows NT4.0/2000/XP CompanyName : Silicon Integrated Systems Corporation FileDescription : SiS Compatible Super VGA Tray Application InternalName : SISTRAY 2.07k.00 LegalCopyright : Copyright (C) Silicon Integrated Systems Corp. 1998-2002 OriginalFilename : SISTRAY.EXE Comments : SiS Compatible Super VGA Tray Application #:27 [khooker.exe] ModuleName : C:\WINDOWS\System32\khooker.exe Command Line : "C:\WINDOWS\System32\khooker.exe" ProcessID : 2728 ThreadCreationTime : 5-5-2005 3:50:30 AM BasePriority : Normal FileVersion : 0.0.0.2098 ProductVersion : 0.0.0.2098 ProductName : SIS (R) Compatible Super VGA keyboard daemon for Windows 2000/XP CompanyName : Silicon Integrated Systems Corporation FileDescription : SiS Compatible Super VGA Keyboard Daemon InternalName : KHOOKER 2.09j.03 LegalCopyright : Copyright (C) Silicon Integrated Systems Corp. 1998-2002 OriginalFilename : KHOOKER.EXE Comments : SiS Compatible Super VGA Keyboard Daemon #:28 [rnathchk.exe] ModuleName : C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe Command Line : "C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe" ProcessID : 2756 ThreadCreationTime : 5-5-2005 3:50:30 AM BasePriority : Normal FileVersion : 7.0.0.1134 ProductVersion : 7.0.0.1134 ProductName : RealOne Player (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks ATH Check App InternalName : rnathchk LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : rnathchk.EXE #:29 [lvcoms.exe] ModuleName : C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE Command Line : "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" ProcessID : 3080 ThreadCreationTime : 5-5-2005 3:50:32 AM BasePriority : Normal FileVersion : 7.3.0.1113 ProductVersion : 7.3.0.1113 ProductName : Logitech ImageStudio CompanyName : Logitech Inc. FileDescription : LVCom Server InternalName : LVComS.exe LegalCopyright : (c) 1996-2002 Logitech. All rights reserved. OriginalFilename : LVComS.exe #:30 [ituneshelper.exe] ModuleName : C:\Program Files\iTunes\iTunesHelper.exe Command Line : "C:\Program Files\iTunes\iTunesHelper.exe" ProcessID : 3180 ThreadCreationTime : 5-5-2005 3:50:33 AM BasePriority : Normal FileVersion : 4.5.0.31 ProductVersion : 4.5.0.31 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:31 [ccapp.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ProcessID : 3192 ThreadCreationTime : 5-5-2005 3:50:34 AM BasePriority : Normal FileVersion : 2.1.3.4 ProductVersion : 2.1.3.4 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:32 [carpserv.exe] ModuleName : C:\WINDOWS\system32\carpserv.exe Command Line : "C:\WINDOWS\system32\carpserv.exe" ProcessID : 3212 ThreadCreationTime : 5-5-2005 3:50:34 AM BasePriority : Normal FileVersion : 5.03.32.02 ProductVersion : 5.03.32.02 ProductName : Conexant carpserv CompanyName : Conexant Systems FileDescription : carpserv InternalName : carpserv LegalCopyright : Copyright© Conexant Systems, Inc. 2002 OriginalFilename : carpserv.exe #:33 [logitechdesktopmessenger.exe] ModuleName : C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe Command Line : "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" ProcessID : 3252 ThreadCreationTime : 5-5-2005 3:50:34 AM BasePriority : Normal FileVersion : 2.1.2.0 ProductVersion : 2.1.2.0 ProductName : Logitech Desktop Messenger CompanyName : Logitech FileDescription : Logitech Desktop Messenger InternalName : Logitech BackWeb Runner LegalCopyright : Copyright (C) Logitech 2000-2004. All rights reserved OriginalFilename : backweb-8876480.exe Comments : www.logitech.com/ldm #:34 [wkcalrem.exe] ModuleName : C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe Command Line : "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe" ProcessID : 3356 ThreadCreationTime : 5-5-2005 3:50:35 AM BasePriority : Normal FileVersion : 6.00.1828.1 ProductVersion : 6.00.1828.1 ProductName : Microsoft® Works 6.0 CompanyName : Microsoft® Corporation FileDescription : Microsoft® Works Calendar Reminder Service InternalName : WkCalRem LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved. OriginalFilename : WKCALREM.EXE #:35 [usrwlang.exe] ModuleName : C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe Command Line : "C:\Program Files\U.S. Robotics 802.11g WLAN\USRWLANG.exe" ProcessID : 3380 ThreadCreationTime : 5-5-2005 3:50:35 AM BasePriority : Normal FileVersion : 4, 0, 0, 0 ProductVersion : 4, 0, 0, 0 ProductName : WLANMON Application CompanyName : U.S. Robotics FileDescription : USR 802.11g WLAN Adapter Utility InternalName : WLANMON OriginalFilename : USRWLANG.EXE #:36 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k HTTPFilter ProcessID : 3396 ThreadCreationTime : 5-5-2005 3:50:36 AM BasePriority : Normal FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 5.1.2600.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:37 [ipodservice.exe] ModuleName : C:\Program Files\iPod\bin\iPodService.exe Command Line : "C:\Program Files\iPod\bin\iPodService.exe" ProcessID : 3456 ThreadCreationTime : 5-5-2005 3:50:36 AM BasePriority : Normal FileVersion : 4.5.0.31 ProductVersion : 4.5.0.31 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:38 [wuauclt.exe] ModuleName : C:\WINDOWS\system32\wuauclt.exe Command Line : "C:\WINDOWS\system32\wuauclt.exe" /RunStoreAsComServer Local\[43c]SUSDSfceed62b726ffc4da178f1a2b3a7f9e9 ProcessID : 2476 ThreadCreationTime : 5-5-2005 3:51:04 AM BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe #:39 [explorer.exe] ModuleName : C:\WINDOWS\explorer.exe Command Line : C:\WINDOWS\explorer.exe ProcessID : 3128 ThreadCreationTime : 5-5-2005 3:51:23 AM BasePriority : Normal FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) ProductVersion : 6.00.2900.2180 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:40 [msmsgs.exe] ModuleName : C:\Program Files\Messenger\msmsgs.exe Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding ProcessID : 2448 ThreadCreationTime : 5-5-2005 3:52:46 AM BasePriority : Normal FileVersion : 4.7.3001 ProductVersion : Version 4.7.3001 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Windows Messenger InternalName : msmsgs LegalCopyright : Copyright (c) Microsoft Corporation 2004 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:41 [ad-aware.exe] ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 160 ThreadCreationTime : 5-5-2005 3:53:34 AM BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 1 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5} Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 2 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : michael@atdmt[2].txt Category : Data Miner Comment : Hits:2 Value : Cookie:michael@atdmt.com/ Expires : 5-3-2010 8:00:00 PM LastSync : Hits:2 UseCount : 0 Hits : 2 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 3 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Search Relevancy Object Recognized! Type : File Data : SearchRelevancy.xml Category : Misc Comment : Object : C:\RECYCLER\S-1-5-21-2154702590-2237029002-1904607352-1006\Dc4\ Search Relevancy Object Recognized! Type : File Data : uninstall.exe Category : Misc Comment : Object : C:\RECYCLER\S-1-5-21-2154702590-2237029002-1904607352-1006\Dc4\ VX2 Object Recognized! Type : File Data : A0005911.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ VX2 Object Recognized! Type : File Data : A0005927.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ VX2 Object Recognized! Type : File Data : A0005928.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ VX2 Object Recognized! Type : File Data : A0005939.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ VX2 Object Recognized! Type : File Data : A0005958.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ VX2 Object Recognized! Type : File Data : A0005971.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ VX2 Object Recognized! Type : File Data : A0005982.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ VX2 Object Recognized! Type : File Data : A0005989.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ VX2 Object Recognized! Type : File Data : A0005992.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ WindUpdates Object Recognized! Type : File Data : A0005994.vxd Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ BargainBuddy Object Recognized! Type : File Data : A0005996.exe Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ VX2 Object Recognized! Type : File Data : A0006023.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ VX2 Object Recognized! Type : File Data : A0006032.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ VX2 Object Recognized! Type : File Data : A0006039.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ VX2 Object Recognized! Type : File Data : A0006048.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ VX2 Object Recognized! Type : File Data : A0006050.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ VX2 Object Recognized! Type : File Data : A0006059.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ VX2 Object Recognized! Type : File Data : A0006066.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ VX2 Object Recognized! Type : File Data : A0006080.dll Category : Malware Comment : Object : C:\System Volume Information\_restore{90AC6B72-E1CF-4B78-AB99-3A41731FE67B}\RP11\ CoolWebSearch Object Recognized! Type : File Data : dxjwn.log Category : Malware Comment : Object : C:\WINDOWS\system32\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 25 Possible Browser Hijack attempt Object Recognized! Type : File Data : Only sex website.url Category : Misc Comment : Problematic URL discovered: http://www.onlysex.ws/ Object : C:\Documents and Settings\Michael\Favorites\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Search the web.url Category : Misc Comment : Problematic URL discovered: http://www.lookfor.cc/ Object : C:\Documents and Settings\Michael\Favorites\ Possible Browser Hijack attempt Object Recognized! Type : File Data : Seven days of free porn.url Category : Misc Comment : Problematic URL discovered: http://www.7days.ws/ Object : C:\Documents and Settings\Michael\Favorites\ Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\toolbar\webbrowser Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383} CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\urlsearchhooks CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\urlsearchhooks Value : {DA991481-89B4-0B26-9C54-3A2FD8525D10} CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw Value : UninstallString CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Search Bar CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft Value : set CoolWebSearch Object Recognized! Type : RegData Data : no Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : no Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : about:blank Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Start Page Data : about:blank WindUpdates Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\downloadmanager Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 18 Objects found so far: 46 12:10:58 AM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:17:12.94 Objects scanned:146439 Objects identified:46 Objects ignored:0 New critical objects:46