Should I block it?

No, this file is 100% safe to run.

Relationships

Parent process

services.exe (Services and Controller app by Microsoft)

Related files

PE file structure

Show functions

Import table

advapi32.dll

RegEnumKeyA, RegCloseKey, RegCreateKeyA, RegOpenKeyExA, RegQueryValueExA, SetNamedSecurityInfoA, GetSecurityDescriptorSacl, ConvertStringSecurityDescriptorToSecurityDescriptorA, FreeSid, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, RegisterEventSourceA, EnumServicesStatusW, StartServiceA, LookupPrivilegeValueA, AdjustTokenPrivileges, StartServiceCtrlDispatcherA, RegisterServiceCtrlHandlerW, QueryServiceStatusEx, DeleteService, ChangeServiceConfigW, CreateServiceW, ChangeServiceConfig2A, ChangeServiceConfigA, QueryServiceConfigW, OpenServiceA, ControlService, RegQueryInfoKeyA, OpenThreadToken, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, IsValidSid, GetLengthSid, CopySid, RegCreateKeyExA, RegDeleteValueA, RegDeleteKeyA, SetServiceStatus, RegisterEventSourceW, ReportEventA, DeregisterEventSource, OpenSCManagerA, OpenServiceW, CloseServiceHandle, GetSecurityDescriptorLength, ConvertStringSecurityDescriptorToSecurityDescriptorW, OpenProcessToken, GetTokenInformation, ConvertStringSidToSidA, LookupAccountSidW, RegOpenKeyA, RegEnumKeyExA, CryptAcquireContextA, CryptCreateHash, CryptHashData, CryptGetHashParam, CryptDestroyHash, CryptReleaseContext, AllocateAndInitializeSid, SetEntriesInAclA, RegSetValueExA

crypt32.dll

CertOpenSystemStoreA, CertCloseStore, CertOpenStore, CertEnumCertificatesInStore, CertEnumCRLsInStore, CertNameToStrA, CertFreeCertificateContext, CertFreeCertificateChain, CertGetCertificateChain, CertCreateCertificateContext

gdi32.dll

CreateCompatibleDC, GetDeviceCaps, CreateCompatibleBitmap, SelectObject, GetObjectA, BitBlt, GetBitmapBits, DeleteObject, DeleteDC, CreateDCA

kernel32.dll

DllMain

ole32.dll

CoTaskMemRealloc, CoUninitialize, CoInitialize, CoCreateGuid, CoRegisterClassObject, StringFromGUID2, CoCreateFreeThreadedMarshaler, CoTaskMemAlloc, CoInitializeSecurity, CoInitializeEx, CoCreateInstance, ProgIDFromCLSID, CoRevokeClassObject, CoTaskMemFree

psapi.dll

GetProcessImageFileNameW, GetModuleFileNameExW

secur32.dll

GetUserNameExW

user32.dll

MessageBoxA, GetDesktopWindow, GetUserObjectInformationW, LoadStringA, CharNextA, CharNextW, PostThreadMessageA, DispatchMessageA, MsgWaitForMultipleObjectsEx, DestroyWindow, CreateWindowExA, UnregisterClassA, DefWindowProcA, RegisterClassA, KillTimer, PostMessageA, GetMessageA, TranslateMessage, SetTimer, GetProcessWindowStation, CreateDesktopA, SetProcessWindowStation, SetThreadDesktop, PeekMessageA

version.dll

VerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW

ws2_32.dll

WSASocketA, WSAEventSelect, WSAIoctl, WSCGetProviderPath, WSCEnumProtocols

lavasoftproxy.exe

LavasoftProxy.exe by Lavasoft Limited (Signed)

Remove lavasoftproxy.exe

Version:	2.2.6.6
MD5:	67e0f2afa2b1009d16b751a7da854f88
SHA1:	dbc68d21578edb2d6dbcf9b00ee1624919fe59b8

Overview

lavasoftproxy.exe runs as a service under the name LavasoftProxy with extensive SYSTEM privileges (full administrator access). This is typically installed with the program Ad-Aware AdBlocker (Alpha) published by Lavasoft. The file is digitally signed by Lavasoft Limited which was issued by the VeriSign certificate authority (CA). This particular version is usually found on Windows 7 Professional (6.1.7601.65536).

Details

File name:	lavasoftproxy.exe
Publisher:	Lavasoft Limited
Product name:	LavasoftProxy.exe
Typical file path:	C:\Program Files\lavasoft\ad-aware adblocker (alpha)\lavasoftproxy.exe
File version:	2.2.6.6
Size:	3.53 MB (3,699,768 bytes)
Build date:	8/20/2013 6:41 AM
Certificate
Issued to:	Lavasoft Limited
Authority (CA):	VeriSign
Effective date:	Wednesday, August 7, 2013
Expiration date:	Friday, July 24, 2015
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
.NET CLR:	No

More details

Programs

The following program will install this file

Ad-Aware AdBlocker Alpha

Lavasoft

7% remove

“Enjoy surfing the web without those annoying ads, pop-ups and video ads... This means that you can increase your online privacy and reduce the chance of being a victim of malware or scams.”

Behaviors

Service

Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)

'LavasoftProxy'

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00023880%	0.028634%
Kernel CPU:	0.00014824%	0.013761%
User CPU:	0.00009055%	0.014873%
Kernel CPU time:	1,376,272 ms/min	100,923,805ms/min
CPU cycles:	11,658,309/sec	17,470,203/sec
Memory
Private memory:	13.28 MB	21.59 MB
Private (maximum):	30.18 MB
Private (minimum):	4.78 MB
Non-paged memory:	13.28 MB	21.59 MB
Virtual memory:	135.03 MB	140.96 MB
Virtual memory (peak):	142.37 MB	169.69 MB
Working set:	6.07 MB	18.61 MB
Working set (peak):	30.25 MB	37.95 MB
Page faults:	238,516,644/min	2,039/min
I/O
I/O read transfer:	3.91 KB/sec	1.02 MB/min
I/O read operations:	185/sec	343/min
I/O write transfer:	27 Bytes/sec	274.99 KB/min
I/O write operations:	1/sec	227/min
I/O other transfer:	2.61 KB/sec	448.09 KB/min
I/O other operations:	33/sec	1,671/min
Resource allocations
Threads:	150	12
Handles:	714	600

Process properties

Integrety level:	System
Platform:	32-bit
Command line:	"C:\Program Files\lavasoft\ad-aware adblocker (alpha)\lavasoftproxy.exe"
Owner:	SYSTEM
Windows Service
Service name:	LavasoftProxy
Description:	“Lavasoft service for supporting the Lavasoft Internet Companion family of apps such as AdBlocker”
Type:	Win32OwnProcess
Parent process:	services.exe (Services and Controller app by Microsoft)

Threads