Ad-Aware SE Build 1.05 Logfile Created on:Thursday, May 12, 2005 8:52:01 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R44 10.05.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch(TAC index:10):16 total references VX2(TAC index:10):2 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Definition File: ========================= Definitions File Loaded: Reference Number : SE1R44 10.05.2005 Internal build : 52 File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref File size : 470885 Bytes Total size : 1423894 Bytes Signature data size : 1392940 Bytes Reference data size : 30442 Bytes Signatures total : 39753 Fingerprints total : 872 Fingerprints size : 29756 Bytes Target categories : 15 Target families : 668 Memory + processor status: ========================== Number of processors : 2 Processor architecture : Intel Pentium IV Memory available:48 % Total physical memory:523476 kb Available physical memory:248636 kb Total page file size:1280172 kb Available on page file:1033048 kb Total virtual memory:2097024 kb Available virtual memory:2046576 kb OS:Microsoft Windows XP Professional Service Pack 1 (Build 2600) Ad-Aware SE Settings =========================== Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Obtain command line of scanned processes Set : Scan registry for all users instead of current user only Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Play sound at scan completion if scan locates critical objects 5-12-2005 8:52:01 PM - Scan started. (Full System Scan) Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] ModuleName : \SystemRoot\System32\smss.exe Command Line : n/a ProcessID : 776 ThreadCreationTime : 5-13-2005 2:50:45 AM BasePriority : Normal #:2 [csrss.exe] ModuleName : \??\C:\WINDOWS\system32\csrss.exe Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh ProcessID : 840 ThreadCreationTime : 5-13-2005 2:50:48 AM BasePriority : Normal #:3 [winlogon.exe] ModuleName : \??\C:\WINDOWS\system32\winlogon.exe Command Line : winlogon.exe ProcessID : 864 ThreadCreationTime : 5-13-2005 2:50:50 AM BasePriority : High #:4 [services.exe] ModuleName : C:\WINDOWS\system32\services.exe Command Line : C:\WINDOWS\system32\services.exe ProcessID : 912 ThreadCreationTime : 5-13-2005 2:50:51 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] ModuleName : C:\WINDOWS\system32\lsass.exe Command Line : C:\WINDOWS\system32\lsass.exe ProcessID : 924 ThreadCreationTime : 5-13-2005 2:50:51 AM BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] ModuleName : C:\WINDOWS\System32\Ati2evxx.exe Command Line : C:\WINDOWS\System32\Ati2evxx.exe ProcessID : 1112 ThreadCreationTime : 5-13-2005 2:50:51 AM BasePriority : Normal #:7 [svchost.exe] ModuleName : C:\WINDOWS\system32\svchost.exe Command Line : C:\WINDOWS\system32\svchost -k rpcss ProcessID : 1136 ThreadCreationTime : 5-13-2005 2:50:51 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs ProcessID : 1164 ThreadCreationTime : 5-13-2005 2:50:51 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService ProcessID : 1304 ThreadCreationTime : 5-13-2005 2:50:52 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] ModuleName : C:\WINDOWS\System32\svchost.exe Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService ProcessID : 1328 ThreadCreationTime : 5-13-2005 2:50:52 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [ccsetmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" ProcessID : 1524 ThreadCreationTime : 5-13-2005 2:50:52 AM BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Settings Manager Service InternalName : ccSetMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccSetMgr.exe #:12 [sndsrvc.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ProcessID : 1604 ThreadCreationTime : 5-13-2005 2:50:52 AM BasePriority : Normal FileVersion : 5.5.1.6 ProductVersion : 5.5 ProductName : Symantec Security Drivers CompanyName : Symantec Corporation FileDescription : Network Driver Service InternalName : SndSrvc LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation OriginalFilename : SndSrvc.exe #:13 [ccevtmgr.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" ProcessID : 1712 ThreadCreationTime : 5-13-2005 2:50:53 AM BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Event Manager Service InternalName : ccEvtMgr LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccEvtMgr.exe #:14 [ati2evxx.exe] ModuleName : C:\WINDOWS\system32\Ati2evxx.exe Command Line : Ati2evxx.exe -Client ProcessID : 1912 ThreadCreationTime : 5-13-2005 2:50:53 AM BasePriority : Normal #:15 [explorer.exe] ModuleName : C:\WINDOWS\Explorer.EXE Command Line : C:\WINDOWS\Explorer.EXE ProcessID : 1956 ThreadCreationTime : 5-13-2005 2:50:53 AM BasePriority : Normal FileVersion : 6.00.2800.1106 (xpsp1.020828-1920) ProductVersion : 6.00.2800.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE #:16 [spoolsv.exe] ModuleName : C:\WINDOWS\system32\spoolsv.exe Command Line : C:\WINDOWS\system32\spoolsv.exe ProcessID : 172 ThreadCreationTime : 5-13-2005 2:50:54 AM BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:17 [ccproxy.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccProxy.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" ProcessID : 504 ThreadCreationTime : 5-13-2005 2:50:57 AM BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client Network Proxy Service InternalName : ccProxy LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccProxy.exe #:18 [mdm.exe] ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE" ProcessID : 560 ThreadCreationTime : 5-13-2005 2:50:57 AM BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe #:19 [sqlservr.exe] ModuleName : C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe Command Line : "C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe" -sMICROSOFTBCM ProcessID : 584 ThreadCreationTime : 5-13-2005 2:50:57 AM BasePriority : Normal FileVersion : 2000.080.0818.00 ProductVersion : 8.00.818 ProductName : Microsoft SQL Server CompanyName : Microsoft Corporation FileDescription : SQL Server Windows NT InternalName : SQLSERVR LegalCopyright : © 1988-2003 Microsoft Corp. All rights reserved. LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(TM) is a trademark of Microsoft Corporation OriginalFilename : SQLSERVR.EXE Comments : NT INTEL X86 #:20 [navapsvc.exe] ModuleName : C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe Command Line : "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" ProcessID : 652 ThreadCreationTime : 5-13-2005 2:50:58 AM BasePriority : Normal FileVersion : 10.00.2 ProductVersion : 10.00.2 ProductName : Norton AntiVirus CompanyName : Symantec Corporation FileDescription : Norton AntiVirus Auto-Protect Service InternalName : NAVAPSVC LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved. OriginalFilename : NAVAPSVC.EXE #:21 [wdfmgr.exe] ModuleName : C:\WINDOWS\System32\wdfmgr.exe Command Line : C:\WINDOWS\System32\wdfmgr.exe ProcessID : 728 ThreadCreationTime : 5-13-2005 2:50:58 AM BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:22 [wanmpsvc.exe] ModuleName : C:\WINDOWS\wanmpsvc.exe Command Line : "C:\WINDOWS\wanmpsvc.exe" ProcessID : 820 ThreadCreationTime : 5-13-2005 2:50:58 AM BasePriority : Normal FileVersion : 7, 0, 0, 2 ProductVersion : 7, 0, 0, 2 ProductName : America Online CompanyName : America Online, Inc. FileDescription : Wan Miniport (ATW) Service InternalName : WanMPSvc LegalCopyright : Copyright © 2001 America Online, Inc. OriginalFilename : WanMPSvc.exe #:23 [wltrysvc.exe] ModuleName : C:\WINDOWS\System32\WLTRYSVC.EXE Command Line : C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe ProcessID : 1052 ThreadCreationTime : 5-13-2005 2:50:58 AM BasePriority : Normal #:24 [bcmwltry.exe] ModuleName : C:\WINDOWS\System32\bcmwltry.exe Command Line : C:\WINDOWS\System32\bcmwltry.exe ProcessID : 1240 ThreadCreationTime : 5-13-2005 2:50:58 AM BasePriority : Normal FileVersion : 3.40.67.0 ProductVersion : 3.40.67.0 ProductName : Dell Wireless WLAN Card Wireless Network Tray Applet CompanyName : Dell Computer Corporation FileDescription : Dell Wireless WLAN Card Wireless Network Tray Applet InternalName : bcmwltry.exe LegalCopyright : 1998-2003, Dell Computer Corporation All Rights Reserved. OriginalFilename : bcmwltry.exe #:25 [atloi32.exe] ModuleName : C:\WINDOWS\atloi32.exe Command Line : "C:\WINDOWS\atloi32.exe" /r ProcessID : 2228 ThreadCreationTime : 5-13-2005 2:51:03 AM BasePriority : Normal VX2 Object Recognized! Type : Process Data : atloi32.exe Category : Malware Comment : (CSI MATCH) Object : C:\WINDOWS\ Warning! VX2 Object found in memory(C:\WINDOWS\atloi32.exe) "C:\WINDOWS\atloi32.exe"Process terminated successfully "C:\WINDOWS\atloi32.exe"Process terminated successfully #:26 [bcmsmmsg.exe] ModuleName : C:\WINDOWS\BCMSMMSG.exe Command Line : "C:\WINDOWS\BCMSMMSG.exe" ProcessID : 2272 ThreadCreationTime : 5-13-2005 2:51:05 AM BasePriority : Normal FileVersion : 3.5.25 08/27/2003 20:04:35 ProductVersion : 3.5.25 08/27/2003 20:04:35 ProductName : BCM Modem Messaging Applet CompanyName : Broadcom Corporation FileDescription : Modem Messaging Applet InternalName : smdmstat.exe LegalCopyright : Copyright © Broadcom Corporation 1998-2000 OriginalFilename : smdmstat.exe #:27 [apoint.exe] ModuleName : C:\Program Files\Apoint\Apoint.exe Command Line : "C:\Program Files\Apoint\Apoint.exe" ProcessID : 2280 ThreadCreationTime : 5-13-2005 2:51:05 AM BasePriority : Normal FileVersion : 5.5.101.123 ProductVersion : 5.5.101.123 ProductName : Alps Pointing-device Driver CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver InternalName : Alps Pointing-device Driver LegalCopyright : Copyright (C) 1999-2003 Alps Electric Co., Ltd. OriginalFilename : Apoint.exe #:28 [jusched.exe] ModuleName : C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe Command Line : "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" ProcessID : 2292 ThreadCreationTime : 5-13-2005 2:51:05 AM BasePriority : Normal #:29 [atiptaxx.exe] ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ProcessID : 2312 ThreadCreationTime : 5-13-2005 2:51:05 AM BasePriority : Normal FileVersion : 6.14.10.5065 ProductVersion : 6.14.10.5065 ProductName : ATI Desktop Component CompanyName : ATI Technologies, Inc. FileDescription : ATI Desktop Control Panel InternalName : Atiptaxx.exe LegalCopyright : Copyright (C) 1998-2002 ATI Technologies Inc. OriginalFilename : Atiptaxx.exe #:30 [tfswctrl.exe] ModuleName : C:\WINDOWS\system32\dla\tfswctrl.exe Command Line : "C:\WINDOWS\system32\dla\tfswctrl.exe" ProcessID : 2324 ThreadCreationTime : 5-13-2005 2:51:05 AM BasePriority : Normal FileVersion : 1.04.07b CompanyName : Sonic Solutions FileDescription : Drive Letter Access Component LegalCopyright : Copyright © 2004 Sonic Solutions #:31 [sgtray.exe] ModuleName : C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe Command Line : "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r ProcessID : 2336 ThreadCreationTime : 5-13-2005 2:51:05 AM BasePriority : Normal FileVersion : 1.01.32a CompanyName : Sonic Solutions FileDescription : Sonic Update Manager LegalCopyright : Copyright © 2002 Sonic Solutions #:32 [pcmservice.exe] ModuleName : C:\Program Files\Dell\Media Experience\PCMService.exe Command Line : "C:\Program Files\Dell\Media Experience\PCMService.exe" ProcessID : 2348 ThreadCreationTime : 5-13-2005 2:51:05 AM BasePriority : Normal FileVersion : 1.0.1611 ProductVersion : 1.0.1611 ProductName : PCM2Launcher Application CompanyName : CyberLink Corp. FileDescription : PowerCinema Resident Program for Dell InternalName : PowerCinema Resident Program for Dell LegalCopyright : Copyright c 2003 CyberLink Corp. OriginalFilename : PCM2Launcher.EXE #:33 [dvdlauncher.exe] ModuleName : C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe Command Line : "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" ProcessID : 2356 ThreadCreationTime : 5-13-2005 2:51:06 AM BasePriority : Normal FileVersion : 3.00.0000 ProductVersion : 3.00.0000 ProductName : Cyberlink PowerCinema 3.0 CompanyName : CyberLink Corp. FileDescription : CyberLink PowerCinema Resident Program InternalName : CyberLink PowerCinema Resident Program LegalCopyright : Copyright (c) 2003 CyberLink Corp. OriginalFilename : DVDLauncher.EXE #:34 [quickset.exe] ModuleName : C:\Program Files\Dell\QuickSet\quickset.exe Command Line : "C:\Program Files\Dell\QuickSet\quickset.exe" ProcessID : 2368 ThreadCreationTime : 5-13-2005 2:51:06 AM BasePriority : Normal FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : QuickSet Application FileDescription : QuickSet MFC Application InternalName : direct LegalCopyright : Copyright (C) 2001 OriginalFilename : direct.EXE #:35 [realplay.exe] ModuleName : C:\Program Files\Real\RealPlayer\RealPlay.exe Command Line : "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER ProcessID : 2376 ThreadCreationTime : 5-13-2005 2:51:06 AM BasePriority : Normal FileVersion : 6.0.9.584 ProductVersion : 6.0.9.584 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealPlayer InternalName : REALPLAY LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : REALPLAY.EXE #:36 [ccapp.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\ccApp.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" ProcessID : 2392 ThreadCreationTime : 5-13-2005 2:51:06 AM BasePriority : Normal FileVersion : 2.1.6.3 ProductVersion : 2.1.6.3 ProductName : Common Client CompanyName : Symantec Corporation FileDescription : Common Client User Session InternalName : ccApp LegalCopyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved. OriginalFilename : ccApp.exe #:37 [mmtask.exe] ModuleName : C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe Command Line : "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe" ProcessID : 2416 ThreadCreationTime : 5-13-2005 2:51:07 AM BasePriority : Normal FileVersion : 1.0.0.1 ProductVersion : 1.0.0.1 ProductName : TODO: CompanyName : TODO: FileDescription : TODO: InternalName : mmtask.exe LegalCopyright : TODO: (c) . All rights reserved. OriginalFilename : mmtask.exe #:38 [mm_tray.exe] ModuleName : C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe Command Line : "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" ProcessID : 2424 ThreadCreationTime : 5-13-2005 2:51:07 AM BasePriority : Normal FileVersion : 8.20.2051 ProductVersion : 8.20.2051 ProductName : Musicmatch JUKEBOX CompanyName : Musicmatch, Inc. FileDescription : mm_tray InternalName : mm_tray LegalCopyright : Copyright © Musicmatch 1998-2004 LegalTrademarks : OriginalFilename : mm_tray.exe #:39 [support.exe] ModuleName : C:\Program Files\Common Files\Dell\EUSW\Support.exe Command Line : "C:\Program Files\Common Files\Dell\EUSW\Support.exe" ProcessID : 2444 ThreadCreationTime : 5-13-2005 2:51:07 AM BasePriority : Normal FileVersion : 2, 1, 1, 0 ProductVersion : 1, 0, 0, 1 ProductName : Dell Support CompanyName : Dell FileDescription : Support InternalName : Support LegalCopyright : Copyright © 2002 OriginalFilename : Support.exe #:40 [apntex.exe] ModuleName : C:\Program Files\Apoint\Apntex.exe Command Line : "Apntex.exe" ProcessID : 2476 ThreadCreationTime : 5-13-2005 2:51:07 AM BasePriority : Normal FileVersion : 5.0.1.15 ProductVersion : 5.0.1.15 ProductName : Alps Pointing-device Driver for Windows NT/2000/XP CompanyName : Alps Electric Co., Ltd. FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP InternalName : Alps Pointing-device Driver for Windows NT/2000/XP LegalCopyright : Copyright (C) 1998-2003 Alps Electric Co., Ltd. OriginalFilename : ApntEx.exe #:41 [usrprmpt.exe] ModuleName : C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe Command Line : "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ProcessID : 2504 ThreadCreationTime : 5-13-2005 2:51:08 AM BasePriority : Normal FileVersion : 2005.1.2.20 ProductVersion : 2005.1 ProductName : Norton Security Center CompanyName : Symantec Corporation FileDescription : Norton Security Center Helper InternalName : UsrPrmpt.dll LegalCopyright : Copyright (c) 1997-2004 Symantec Corporation OriginalFilename : UsrPrmpt.dll #:42 [e_fati9fa.exe] ModuleName : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE Command Line : "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE" /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320" ProcessID : 2532 ThreadCreationTime : 5-13-2005 2:51:08 AM BasePriority : Normal FileVersion : 3.00 ProductVersion : 3.00 ProductName : EPSON Status Monitor 3 CompanyName : SEIKO EPSON CORPORATION FileDescription : EPSON Status Monitor 3 InternalName : E_S5I2F1 LegalCopyright : Copyright (C) SEIKO EPSON CORP. 2004 OriginalFilename : E_S5I2F1.EXE #:43 [notifyalert.exe] ModuleName : c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe Command Line : "c:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe" timer ProcessID : 2540 ThreadCreationTime : 5-13-2005 2:51:08 AM BasePriority : Normal #:44 [ituneshelper.exe] ModuleName : C:\Program Files\iTunes\iTunesHelper.exe Command Line : "C:\Program Files\iTunes\iTunesHelper.exe" ProcessID : 2588 ThreadCreationTime : 5-13-2005 2:51:08 AM BasePriority : Normal FileVersion : 4.7.1.30 ProductVersion : 4.7.1.30 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iTunesHelper Module InternalName : iTunesHelper LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iTunesHelper.exe #:45 [qttask.exe] ModuleName : C:\Program Files\QuickTime\qttask.exe Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime ProcessID : 2616 ThreadCreationTime : 5-13-2005 2:51:09 AM BasePriority : Normal FileVersion : 6.5.1 ProductVersion : QuickTime 6.5.1 ProductName : QuickTime CompanyName : Apple Computer, Inc. InternalName : QuickTime Task LegalCopyright : © Apple Computer, Inc. 2001-2004 OriginalFilename : QTTask.exe #:46 [sdksf32.exe] ModuleName : C:\WINDOWS\system32\sdksf32.exe Command Line : "C:\WINDOWS\system32\sdksf32.exe" ProcessID : 2636 ThreadCreationTime : 5-13-2005 2:51:09 AM BasePriority : Normal #:47 [ctfmon.exe] ModuleName : C:\WINDOWS\System32\ctfmon.exe Command Line : "C:\WINDOWS\System32\ctfmon.exe" ProcessID : 2644 ThreadCreationTime : 5-13-2005 2:51:09 AM BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:48 [teatimer.exe] ModuleName : C:\Program Files\Spybot\TeaTimer.exe Command Line : "C:\Program Files\Spybot\TeaTimer.exe" ProcessID : 2672 ThreadCreationTime : 5-13-2005 2:51:09 AM BasePriority : Idle FileVersion : 1, 3, 0, 12 ProductVersion : 1, 3, 0, 12 ProductName : Spybot - Search & Destroy CompanyName : Safer Networking Limited FileDescription : System settings protector InternalName : TeaTimer LegalCopyright : © 2000-2004 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten. LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen. OriginalFilename : TeaTimer.exe Comments : Schützt Systemeinstellungen vor ungewollten Änderungen. #:49 [ipodservice.exe] ModuleName : C:\Program Files\iPod\bin\iPodService.exe Command Line : "C:\Program Files\iPod\bin\iPodService.exe" ProcessID : 2696 ThreadCreationTime : 5-13-2005 2:51:10 AM BasePriority : Normal FileVersion : 4.7.1.30 ProductVersion : 4.7.1.30 ProductName : iTunes CompanyName : Apple Computer, Inc. FileDescription : iPodService Module InternalName : iPodService LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved. OriginalFilename : iPodService.exe #:50 [aoltray.exe] ModuleName : C:\Program Files\America Online 9.0\aoltray.exe Command Line : "C:\Program Files\America Online 9.0\aoltray.exe" -check ProcessID : 2780 ThreadCreationTime : 5-13-2005 2:51:11 AM BasePriority : Normal FileVersion : 9.00.000 ProductVersion : 9.00.000 ProductName : America Online CompanyName : America Online, Inc. FileDescription : AOL Tray Icon InternalName : AolTray LegalCopyright : Copyright (C) America Online, Inc. 1999 - 2003 #:51 [em_exec.exe] ModuleName : C:\Program Files\Logitech\MouseWare\system\em_exec.exe Command Line : "C:\Program Files\Logitech\MouseWare\system\em_exec.exe" ProcessID : 2816 ThreadCreationTime : 5-13-2005 2:51:11 AM BasePriority : Normal FileVersion : 9.79.019 ProductVersion : 9.79.019 ProductName : MouseWare CompanyName : Logitech Inc. FileDescription : Logitech Events Handler Application InternalName : Em_Exec LegalCopyright : (C) 1987-2003 Logitech. All rights reserved. LegalTrademarks : Logitech® and MouseWare® are registered trademarks of Logitech Inc. OriginalFilename : Em_Exec.exe Comments : Created by the MouseWare team #:52 [wzqkpick.exe] ModuleName : C:\Program Files\WinZip\WZQKPICK.EXE Command Line : "C:\Program Files\WinZip\WZQKPICK.EXE" ProcessID : 2876 ThreadCreationTime : 5-13-2005 2:51:12 AM BasePriority : Normal FileVersion : 1.0 (32-bit) ProductVersion : 9.0 (6224) ProductName : WinZip CompanyName : WinZip Computing, Inc. FileDescription : WinZip Executable InternalName : WZQKPICK.EXE LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2004 - All Rights Reserved LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc OriginalFilename : WZQKPICK.EXE Comments : StringFileInfo: U.S. English #:53 [wmiapsrv.exe] ModuleName : C:\WINDOWS\System32\wbem\wmiapsrv.exe Command Line : C:\WINDOWS\System32\wbem\wmiapsrv.exe ProcessID : 3084 ThreadCreationTime : 5-13-2005 2:51:16 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI Performance Adapter Service InternalName : WmiApSrv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WmiApSrv.exe #:54 [wmiprvse.exe] ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding ProcessID : 3116 ThreadCreationTime : 5-13-2005 2:51:16 AM BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe #:55 [wmiprvse.exe] ModuleName : C:\WINDOWS\System32\wbem\wmiprvse.exe Command Line : C:\WINDOWS\System32\wbem\wmiprvse.exe -Embedding ProcessID : 3372 ThreadCreationTime : 5-13-2005 2:51:18 AM BasePriority : Normal FileVersion : 5.1.2600.1106 (xpsp1.020828-1920) ProductVersion : 5.1.2600.1106 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : WMI InternalName : Wmiprvse.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : Wmiprvse.exe #:56 [msmsgs.exe] ModuleName : C:\Program Files\Messenger\msmsgs.exe Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding ProcessID : 3440 ThreadCreationTime : 5-13-2005 2:51:19 AM BasePriority : Normal FileVersion : 4.7.0041 ProductVersion : Version 4.7 ProductName : Messenger CompanyName : Microsoft Corporation FileDescription : Messenger InternalName : msmsgs LegalCopyright : Copyright (c) Microsoft Corporation 1997-2001 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msmsgs.exe #:57 [ad-aware.exe] ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" ProcessID : 3716 ThreadCreationTime : 5-13-2005 2:51:38 AM BasePriority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved #:58 [wuauclt.exe] ModuleName : C:\WINDOWS\System32\wuauclt.exe Command Line : "C:\WINDOWS\System32\wuauclt.exe" /RunStoreAsComServer Local\[48c]SUSDSa95322f37c049541ba79a84ae1038d9d ProcessID : 3732 ThreadCreationTime : 5-13-2005 2:51:43 AM BasePriority : Normal FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04) ProductVersion : 5.4.3790.2182 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Automatic Updates InternalName : wuauclt.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : wuauclt.exe Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 1 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Deep scanning and examining files (C:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : File Data : ihzvz.dat Category : Malware Comment : Object : C:\WINDOWS\ Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» VX2 Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\toolbar\webbrowser Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383} CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\sw Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\se Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa Value : DisplayName CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\hsa Value : UninstallString CoolWebSearch Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\urlsearchhooks CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\urlsearchhooks Value : {FEF0E647-5524-FA9E-07CF-AF79EE6770A0} CoolWebSearch Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Search Bar CoolWebSearch Object Recognized! Type : RegData Data : no Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : no Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : about:blank Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Start Page Data : about:blank Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 16 Objects found so far: 18 9:02:26 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:10:24.922 Objects scanned:193868 Objects identified:18 Objects ignored:0 New critical objects:18