her is the adware log
Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, January 22, 2006 3:33:20 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R88 20.01.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
AdBlaster(TAC index:7):2 total references
BrilliantDigital(TAC index:6):4 total references
Cydoor(TAC index:7):2 total references
DownloadWare(TAC index:8):1 total references
eUniverse(TAC index:10):3 total references
TopSearch(TAC index:5):1 total references
Tracking Cookie(TAC index:3):4 total references
WhenU(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
1-22-2006 3:33:20 PM - Scan started. (Full System Scan)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [KERNEL32.DLL]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4291779715
Threads : 6
Priority : High
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Kernel core component
InternalName : KERNEL32
LegalCopyright : Copyright (C) Microsoft Corp. 1991-2000
OriginalFilename : KERNEL32.DLL
#:2 [MSGSRV32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294940479
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows 32-bit VxD Message Server
InternalName : MSGSRV32
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998
OriginalFilename : MSGSRV32.EXE
#:3 [mmtask.tsk]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294850347
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft Windows
CompanyName : Microsoft Corporation
FileDescription : Multimedia background task support module
InternalName : mmtask.tsk
LegalCopyright : Copyright © Microsoft Corp. 1991-2000
OriginalFilename : mmtask.tsk
#:4 [MPREXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294847855
Threads : 1
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WIN32 Network Interface Service Process
InternalName : MPREXE
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : MPREXE.EXE
#:5 [MSTASK.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294838523
Threads : 2
Priority : Normal
FileVersion : 4.71.2721.1
ProductVersion : 4.71.2721.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright (C) Microsoft Corp. 2000
OriginalFilename : mstask.exe
#:6 [ASHSERV.EXE]
FilePath : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\
ProcessID : 4294838667
Threads : 28
Priority : Normal
FileVersion : 4, 6, 739, 0
ProductVersion : 4, 6, 0, 0
ProductName : avast! Antivirus
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2005 ALWIL Software
OriginalFilename : aswServ.exe
#:7 [DEVLDR16.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294893987
Threads : 3
Priority : Normal
FileVersion : 1, 0, 0, 15
ProductVersion : 1, 0, 0, 15
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr16
InternalName : DevLdr
LegalCopyright : Copyright © 1998 - 2000 Creative Technology Ltd.
OriginalFilename : DevLdr16.exe
#:8 [EXPLORER.EXE]
FilePath : C:\WINDOWS\
ProcessID : 4294897355
Threads : 15
Priority : Normal
FileVersion : 5.50.4134.100
ProductVersion : 5.50.4134.100
ProductName : Microsoft(R) Windows (R) 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : EXPLORER.EXE
#:9 [RPCSS.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294787571
Threads : 6
Priority : Normal
FileVersion : 4.71.3328
ProductVersion : 4.71.3328
ProductName : Microsoft(R) Windows NT(TM) Operating System
CompanyName : Microsoft Corporation
FileDescription : Distributed COM Services
InternalName : rpcss.exe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998
OriginalFilename : rpcss.exe
#:10 [SYSTRAY.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294644863
Threads : 2
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : System Tray Applet
InternalName : SYSTRAY
LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000
OriginalFilename : SYSTRAY.EXE
#:11 [ONETOUCHMON.EXE]
FilePath : C:\PROGRAM FILES\VISIONEER ONETOUCH\
ProcessID : 4294659271
Threads : 1
Priority : Normal
FileVersion : 3, 1, 2, 20
ProductVersion : 3, 1, 2, 20
ProductName : OneTouch Module
CompanyName : Visioneer Inc
FileDescription : OneTouch Module
InternalName : OneTouch Module
LegalCopyright : Copyright 1997 - 2001
LegalTrademarks : Visioneer owns all rights to this Module
OriginalFilename : OneTouch Module
Comments : Part of the OneTouch package
#:12 [ASHWEBSV.EXE]
FilePath : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\
ProcessID : 4294684967
Threads : 17
Priority : Normal
#:13 [ASHMAISV.EXE]
FilePath : C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\
ProcessID : 4294686431
Threads : 8
Priority : Normal
#:14 [SPYSWEEPER.EXE]
FilePath : C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\
ProcessID : 4294702155
Threads : 3
Priority : Normal
FileVersion : 4,5,7,642
ProductVersion : 4, 5
ProductName : Spy Sweeper
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper Client Executable
LegalCopyright : Copyright (C) 2002 - 2005, All Rights Reserved.
OriginalFilename : SpySweeper.exe
#:15 [WMIEXE.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294607723
Threads : 3
Priority : Normal
FileVersion : 4.90.2452.1
ProductVersion : 4.90.2452.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI service exe housing
InternalName : wmiexe
LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename : wmiexe.exe
#:16 [SPOOL32.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294525163
Threads : 4
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler Sub System Process
InternalName : spool32
LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998
OriginalFilename : spool32.exe
#:17 [WRSSSDK.EXE]
FilePath : C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\
ProcessID : 4294469035
Threads : 13
Priority : Normal
FileVersion : 2,0,7,442
ProductVersion : 2, 0
ProductName : Spy Sweeper SDK
CompanyName : Webroot Software, Inc.
FileDescription : Spy Sweeper SDK
LegalCopyright : Copyright (C) 2002 - 2005, All Rights Reserved.
LegalTrademarks : Spy Sweeper is a trademark of Webroot Software, Inc.
OriginalFilename : SpySweeper.exe
#:18 [RNAAPP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294322471
Threads : 3
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Dial-Up Networking Application
InternalName : RNAAPP
LegalCopyright : Copyright (C) Microsoft Corp. 1992-1996
OriginalFilename : RNAAPP.EXE
#:19 [TAPISRV.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294313391
Threads : 5
Priority : Normal
FileVersion : 4.90.3000
ProductVersion : 4.90.3000
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft® Windows(TM) Telephony Server
InternalName : Telephony Service
LegalCopyright : Copyright (C) Microsoft Corp. 1994-1998
OriginalFilename : TAPISRV.EXE
#:20 [DDHELP.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294291811
Threads : 2
Priority : Realtime
FileVersion : 4.08.01.0881
ProductVersion : 4.08.01.0881
ProductName : Microsoft® DirectX for Windows® 95 and 98
CompanyName : Microsoft Corporation
FileDescription : Microsoft DirectX Helper
InternalName : DDHelp.exe
LegalCopyright : Copyright © Microsoft Corp. 1994-2001
OriginalFilename : DDHelp.exe
#:21 [STIMON.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294297155
Threads : 5
Priority : Normal
FileVersion : 4.90.3000.1
ProductVersion : 4.90.3000.1
ProductName : Microsoft(R) Windows(R) Millennium Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : STIMON.EXE
#:22 [HPZSTC11.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294259179
Threads : 4
Priority : Normal
FileVersion : 2.327.1.0
ProductVersion : 2.327.1.0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2004
#:23 [HPZENG11.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294130311
Threads : 4
Priority : Normal
FileVersion : 2.327.1.0
ProductVersion : 2.327.1.0
ProductName : HP DeskJet
CompanyName : HP
FileDescription : HPDJ Print Engine
InternalName : HPDJ
LegalCopyright : Copyright (c) Hewlett-Packard Company 1999-2004
#:24 [HPZIPM12.EXE]
FilePath : C:\WINDOWS\SYSTEM\
ProcessID : 4294118419
Threads : 1
Priority : Normal
FileVersion : 8, 0, 0, 0
ProductVersion : 8, 0, 0, 0
ProductName : HP PML
CompanyName : HP
FileDescription : PML Driver
InternalName : PmlDrv
LegalCopyright : Copyright © 1998, 1999 Hewlett-Packard Company
OriginalFilename : PmlDrv.exe
#:25 [AD-AWARE.EXE]
FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\
ProcessID : 4294261095
Threads : 3
Priority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:default@overture.com/
Expires : 1-19-2016 9:35:44 AM
LastSync : Hits:10
UseCount : 0
Hits : 10
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:default@questionmarket.com/
Expires : 3-10-2007 9:41:52 AM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2
Deep scanning and examining files (c:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@questionmarket[1].txt
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : default@overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : c:\WINDOWS\Cookies\default@overture[1].txt
DownloadWare Object Recognized!
Type : File
Data : A0166688.1
TAC Rating : 8
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1.0.0.116
ProductVersion : 1.0.0.116
ProductName : DownloadWare
FileDescription : DownloadWare
LegalCopyright : DownloadWare © 2001
eUniverse Object Recognized!
Type : File
Data : A0166915.0
TAC Rating : 10
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : BHO Module
FileDescription : BHO Module
InternalName : BHO
LegalCopyright : Copyright 2003
OriginalFilename : BHO.DLL
WhenU Object Recognized!
Type : File
Data : A0166917.1
TAC Rating : 3
Category : Misc
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 2, 1, 1, 1
ProductVersion : 2, 1, 1, 1
ProductName : Save! Uninstall
CompanyName : WhenU.com, Inc.
FileDescription : Save! Uninstall
InternalName : SaveUninst
LegalCopyright : Copyright 2001
OriginalFilename : SaveUninst.exe
Cydoor Object Recognized!
Type : File
Data : A0166918.0
TAC Rating : 7
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 3, 2, 1, 0
ProductVersion : 3, 2, 1, 0
ProductName : Cydoor Technologies ad-system
CompanyName : Cydoor Technologies, Inc.
FileDescription : Cydoor Technologies ad-system
InternalName : CD_Clint.dll
LegalCopyright : Copyright (C) Cydoor Technologies, Inc. 1999-2001
LegalTrademarks : Cydoor Technologies(tm)
OriginalFilename : CD_Clint.dll
Comments : This is a module of Cydoor's ad system. Additional information is available
at
http://www.cydoor.com
Cydoor Object Recognized!
Type : File
Data : A0166919.0
TAC Rating : 7
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : cd_htm module
CompanyName : Cydoor Technologies, Inc.
FileDescription : cd_htm module
InternalName : cd_htm.dll
LegalCopyright : Copyright (C) Cydoor Technologies, Inc. 1999-2001
LegalTrademarks : Cydoor Technologies(tm)
OriginalFilename : cd_htm.DLL
Comments : This is a module of Cydoor's ad system. Additional information is available
at
http://www.cydoor.com
BrilliantDigital Object Recognized!
Type : File
Data : A0166920.0
TAC Rating : 6
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 1, 9
ProductVersion : 1, 0, 0, 0
ProductName : BDEData Module
CompanyName : Brilliant Digital Entertainment
FileDescription : BDEData (Release)
InternalName : BDEDATA
LegalCopyright : Copyright 1999
OriginalFilename : BDEDATA2.DLL
BrilliantDigital Object Recognized!
Type : File
Data : A0166921.0
TAC Rating : 6
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 3, 0, 39, 0
ProductVersion : 3, 0, 39, 0
ProductName : Brilliant Digital Entertainment Inc. BDEDownloader
CompanyName : Brilliant Digital Entertainment Inc.
FileDescription : BDEDownloader
InternalName : BDEDownloader
LegalCopyright : Copyright © 2001 Brilliant Digital Entertainment Inc.
OriginalFilename : BDEDownloader.dll
BrilliantDigital Object Recognized!
Type : File
Data : A0166922.0
TAC Rating : 6
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 1
ProductName : Brilliant Digital Entertainment Inc. BDEFdiTest
CompanyName : Brilliant Digital Entertainment Inc.
FileDescription : BDEFdiTest
InternalName : BDEFdiTest
LegalCopyright : Copyright © 2000
OriginalFilename : BDEFdiTest.exe
BrilliantDigital Object Recognized!
Type : File
Data : A0166923.0
TAC Rating : 6
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 2, 4, 1
ProductVersion : 1, 0, 0, 0
ProductName : BDEInstallerComponent Module
CompanyName : Brilliant Digital Entertainment
FileDescription : BDESmartInstaller (Release)
InternalName : BDEINSTALLERCOMPONENT
LegalCopyright : Copyright 2002
OriginalFilename : BDEINSTALLERCOMPONENT.DLL
AdBlaster Object Recognized!
Type : File
Data : A0166924.0
TAC Rating : 7
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 3.00
ProductVersion : 3.00
ProductName : ESDADS1
CompanyName : ESD Technologies, Inc.
InternalName : iexplorr11
LegalCopyright : Copyright 2002 ESD Technologies, Inc.
OriginalFilename : iexplorr11.dll
eUniverse Object Recognized!
Type : File
Data : A0166925.0
TAC Rating : 10
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : kkv Application
FileDescription : kkv MFC Application
InternalName : kkv
LegalCopyright : Copyright (C) 2003
OriginalFilename : kkv.EXE
eUniverse Object Recognized!
Type : File
Data : A0166926.0
TAC Rating : 10
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 2, 0, 0
ProductVersion : 1, 2, 0, 0
ProductName : sui Application
FileDescription : sui MFC Application
InternalName : sui
LegalCopyright : Copyright (C) 2003
OriginalFilename : sui.EXE
TopSearch Object Recognized!
Type : File
Data : A0166927.0
TAC Rating : 5
Category : Data Miner
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1, 0, 0, 9
ProductVersion : 1, 0, 0, 0
ProductName : Altnet Inc. TopSearch
CompanyName : Altnet Inc.
FileDescription : TopSearch
InternalName : TopSearch
LegalCopyright : Copyright Altnet Inc. © 2002
OriginalFilename : TopSearch.dll
AdBlaster Object Recognized!
Type : File
Data : A0168079.CPY
TAC Rating : 7
Category : Malware
Comment :
Object : c:\_RESTORE\TEMP\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
InternalName : RegisterKazaaUpgradeSuite3
OriginalFilename : RegisterKazaaUpgradeSuite3.exe
Disk Scan Result for c:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 18
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18
3:42:01 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:08:41.570
Objects scanned:100122
Objects identified:18
Objects ignored:0
New critical objects:18