Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 18, 2005 11:53:45 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R46 17.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):1 total references
VX2(TAC index:10):26 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R45 13.05.2005
Internal build : 53
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 473168 Bytes
Total size : 1430575 Bytes
Signature data size : 1399518 Bytes
Reference data size : 30545 Bytes
Signatures total : 39932
Fingerprints total : 881
Fingerprints size : 30173 Bytes
Target categories : 15
Target families : 672
5-18-2005 11:52:42 AM Performing WebUpdate...
Installing Update...
Definitions File Loaded:
Reference Number : SE1R46 17.05.2005
Internal build : 54
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 474775 Bytes
Total size : 1435210 Bytes
Signature data size : 1404100 Bytes
Reference data size : 30598 Bytes
Signatures total : 40060
Fingerprints total : 883
Fingerprints size : 30250 Bytes
Target categories : 15
Target families : 674
5-18-2005 11:52:50 AM Success
Update successfully downloaded and installed.
Memory + processor status:
==========================
Number of processors : 2
Processor architecture : Intel Pentium IV
Memory available:43 %
Total physical memory:523240 kb
Available physical memory:224180 kb
Total page file size:1279504 kb
Available on page file:1022316 kb
Total virtual memory:2097024 kb
Available virtual memory:2047380 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)
Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
5-18-2005 11:53:45 AM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 484
ThreadCreationTime : 5-17-2005 2:39:51 PM
BasePriority : Normal
#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 536
ThreadCreationTime : 5-17-2005 2:39:53 PM
BasePriority : Normal
#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 564
ThreadCreationTime : 5-17-2005 2:39:54 PM
BasePriority : High
#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 608
ThreadCreationTime : 5-17-2005 2:39:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 620
ThreadCreationTime : 5-17-2005 2:39:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : C:\WINDOWS\system32\Ati2evxx.exe
ProcessID : 780
ThreadCreationTime : 5-17-2005 2:39:55 PM
BasePriority : Normal
#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 796
ThreadCreationTime : 5-17-2005 2:39:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 856
ThreadCreationTime : 5-17-2005 2:39:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 924
ThreadCreationTime : 5-17-2005 2:39:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1008
ThreadCreationTime : 5-17-2005 2:39:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1068
ThreadCreationTime : 5-17-2005 2:39:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1240
ThreadCreationTime : 5-17-2005 2:39:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:13 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1528
ThreadCreationTime : 5-17-2005 2:39:57 PM
BasePriority : Normal
#:14 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.EXE
Command Line : C:\WINDOWS\Explorer.EXE
ProcessID : 1592
ThreadCreationTime : 5-17-2005 2:39:58 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:15 [mcagent.exe]
ModuleName : C:\PROGRA~1\mcafee.com\agent\mcagent.exe
Command Line : "C:\PROGRA~1\mcafee.com\agent\mcagent.exe"
ProcessID : 1692
ThreadCreationTime : 5-17-2005 2:40:01 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 2
ProductVersion : 5, 0, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : McAfee, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 2004 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe
#:16 [mcvsshld.exe]
ModuleName : C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
Command Line : "C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
ProcessID : 1708
ThreadCreationTime : 5-17-2005 2:40:01 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 7
ProductVersion : 9, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource
#:17 [hplamp.exe]
ModuleName : C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
Command Line : "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
ProcessID : 1720
ThreadCreationTime : 5-17-2005 2:40:01 PM
BasePriority : Normal
#:18 [atiptaxx.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 1744
ThreadCreationTime : 5-17-2005 2:40:01 PM
BasePriority : Normal
FileVersion : 6.14.10.5113
ProductVersion : 6.14.10.5113
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe
#:19 [esched.exe]
ModuleName : C:\Program Files\a la mode\Sched\eSched.exe
Command Line : "C:\Program Files\a la mode\Sched\eSched.exe"
ProcessID : 1780
ThreadCreationTime : 5-17-2005 2:40:01 PM
BasePriority : Normal
FileVersion : 2.00
ProductVersion : 2.00
ProductName : eDomina Scheduler
CompanyName : a la mode, inc.
FileDescription : a la mode Schedule Tool
InternalName : eSched
OriginalFilename : eSched.exe
#:20 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 1824
ThreadCreationTime : 5-17-2005 2:40:02 PM
BasePriority : Normal
#:21 [avgcc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
Command Line : "C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" /STARTUP
ProcessID : 1896
ThreadCreationTime : 5-17-2005 2:40:02 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE
#:22 [acrotray.exe]
ModuleName : C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
Command Line : "C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe"
ProcessID : 2020
ThreadCreationTime : 5-17-2005 2:40:03 PM
BasePriority : Normal
#:23 [mcvsftsn.exe]
ModuleName : c:\progra~1\mcafee.com\vso\mcvsftsn.exe
Command Line : c:\progra~1\mcafee.com\vso\mcvsftsn.exe -Embedding
ProcessID : 168
ThreadCreationTime : 5-17-2005 2:40:04 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Instant Messenger Scan Module
InternalName : mcvsftsn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsftsn.EXE
Comments : McAfee VirusScan Instant Messenger Scan Module
#:24 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" -Embedding
ProcessID : 376
ThreadCreationTime : 5-17-2005 2:40:05 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:25 [avgamsvr.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
ProcessID : 500
ThreadCreationTime : 5-17-2005 2:40:06 PM
BasePriority : Normal
FileVersion : 7,1,0,307
ProductVersion : 7.1.0.307
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE
#:26 [avgupsvc.exe]
ModuleName : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Command Line : C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
ProcessID : 520
ThreadCreationTime : 5-17-2005 2:40:12 PM
BasePriority : Normal
FileVersion : 7,1,0,285
ProductVersion : 7.1.0.285
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2004, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE
#:27 [cisvc.exe]
ModuleName : C:\WINDOWS\system32\cisvc.exe
Command Line : C:\WINDOWS\system32\cisvc.exe
ProcessID : 744
ThreadCreationTime : 5-17-2005 2:40:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cisvc.exe
#:28 [ewidoctrl.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoctrl.exe
Command Line : "C:\Program Files\ewido\security suite\ewidoctrl.exe"
ProcessID : 968
ThreadCreationTime : 5-17-2005 2:40:14 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:29 [ewidoguard.exe]
ModuleName : C:\Program Files\ewido\security suite\ewidoguard.exe
Command Line : n/a
ProcessID : 1056
ThreadCreationTime : 5-17-2005 2:40:15 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe
#:30 [mcvsrte.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding
ProcessID : 1264
ThreadCreationTime : 5-17-2005 2:40:18 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 10
ProductVersion : 9, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine
#:31 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 1540
ThreadCreationTime : 5-17-2005 2:40:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:32 [wdfmgr.exe]
ModuleName : C:\WINDOWS\system32\wdfmgr.exe
Command Line : C:\WINDOWS\system32\wdfmgr.exe
ProcessID : 1812
ThreadCreationTime : 5-17-2005 2:40:21 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:33 [wanmpsvc.exe]
ModuleName : C:\WINDOWS\wanmpsvc.exe
Command Line : "C:\WINDOWS\wanmpsvc.exe"
ProcessID : 1468
ThreadCreationTime : 5-17-2005 2:40:21 PM
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe
#:34 [mcshield.exe]
ModuleName : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
Command Line : c:\PROGRA~1\mcafee.com\vso\mcshield.exe
ProcessID : 2660
ThreadCreationTime : 5-17-2005 2:41:09 PM
BasePriority : High
#:35 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 3084
ThreadCreationTime : 5-17-2005 2:41:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:36 [cidaemon.exe]
ModuleName : C:\WINDOWS\system32\cidaemon.exe
Command Line : "cidaemon.exe" DownLevelDaemon "c:\program files\dell\support\ui\search\catalog.wci" 196672l 744l
ProcessID : 3620
ThreadCreationTime : 5-17-2005 2:49:12 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe
#:37 [cidaemon.exe]
ModuleName : C:\WINDOWS\system32\cidaemon.exe
Command Line : "cidaemon.exe" DownLevelDaemon "c:\system volume information\catalog.wci" 196672l 744l
ProcessID : 3656
ThreadCreationTime : 5-17-2005 2:49:31 PM
BasePriority : Idle
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : cidaemon.exe
#:38 [ntvdm.exe]
ModuleName : C:\WINDOWS\system32\ntvdm.exe
Command Line : "C:\WINDOWS\system32\ntvdm.exe" -f -i6 -w -a C:\WINDOWS\system32\krnl386.exe
ProcessID : 328
ThreadCreationTime : 5-18-2005 3:20:21 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : NTVDM.EXE
InternalName : NTVDM.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NTVDM.EXE
#:39 [iexplore.exe]
ModuleName : C:\Program Files\Internet Explorer\iexplore.exe
Command Line : "C:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 2204
ThreadCreationTime : 5-18-2005 6:48:41 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:40 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2764
ThreadCreationTime : 5-18-2005 6:52:28 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUC3n5trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUL3a5stMotsSDay
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUL3a5stSSChckin
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUP3D5om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUB3D5om
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUs3t5icky1S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUs3t5icky2S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUs3t5icky3S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUs3t5icky4S
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUE3v5nt
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUT3h5rshSBath
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUT3h5rshSysSInf
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUT3h5rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUT3h5rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUL3n5Title
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AU3N5a7tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUD3s5tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUC3u5rrentSMode
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUC3n5tFyl
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUM3o5deSSync
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUI3g5noreS
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUC1o3d5eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3321047756-2433024118-2921857696-1006\software\aurora
Value : AUT3i5m7eOfSFinalAd
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 24
Objects found so far: 24
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jason@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:
[email protected]/
Expires : 12-31-2037 5:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 25
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 25
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 25
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}
VX2 Object Recognized!
Type : File
Data : ceres.inf
Category : Malware
Comment :
Object : C:\WINDOWS\inf\
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 27
12:15:01 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:21:15.750
Objects scanned:212844
Objects identified:27
Objects ignored:0
New critical objects:27