Logfile created: 11/13/2011 19:52:21 Ad-Aware version: 9.6.0 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: trojan *********************** Definitions database information *********************** Lavasoft definition file: 1.0 Genotype definition file version: Unknown ******************************** Scan results: ********************************* Scan profile name: Full Scan (ID: full) Objects scanned: 151489 Objects detected: 0 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 0 Folders.........: 0 LSPs............: 0 Cookies.........: 0 Browser hijacks.: 0 MRU objects.....: 0 Scan and cleaning complete: Finished correctly after 3758 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Full Scan ID: folderstoscan, enabled:1, value: C:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: N/A Scheduled scan settings: Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Sun Nov 13 19:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Sun Nov 13 01:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Sun Nov 13 07:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Sun Nov 13 13:30:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Sun Nov 13 19:30:00 2011 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: true ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: true ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: maintainbackup, enabled:1, value: true ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: true ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true ****************************** System information ****************************** Computer name: TROJAN-PC Processor name: AMD Athlon(tm) 64 Processor 3400+ Processor identifier: AMD64 Family 15 Model 12 Stepping 0 Processor speed: ~2403MHZ Raw info: processorarchitecture 9, processortype 8664, processorlevel 15, processor revision 3072, number of processors 1, processor features: [MMX,SSE,SSE2,3DNow] Physical memory available: 437559296 bytes Physical memory total: 1072488448 bytes Virtual memory available: 1974980608 bytes Virtual memory total: 2147352576 bytes Memory load: 59% Microsoft Service Pack 1 (build 7601) Windows startup mode: Running processes: PID: 376 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 472 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 528 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY PID: 592 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 600 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 608 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY PID: 788 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 872 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 988 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 424 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 480 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1072 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1216 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1360 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1444 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1780 name: C:\Program Files\SUPERAntiSpyware\SASCore64.exe owner: SYSTEM domain: NT AUTHORITY PID: 1812 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1956 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY PID: 696 name: C:\Windows\System32\lxbscoms.exe owner: SYSTEM domain: NT AUTHORITY PID: 2984 name: C:\Windows\System32\sppsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 2300 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 740 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 824 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 1372 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 3824 name: C:\Windows\System32\taskhost.exe owner: trojan domain: trojan-PC PID: 2288 name: C:\Windows\System32\dwm.exe owner: trojan domain: trojan-PC PID: 3420 name: C:\Windows\explorer.exe owner: trojan domain: trojan-PC PID: 2684 name: C:\Program Files\Microsoft IntelliPoint\ipoint.exe owner: trojan domain: trojan-PC PID: 1384 name: C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe owner: trojan domain: trojan-PC PID: 1112 name: C:\Program Files (x86)\Maxtor\Maxtor Quick Start\msssort.exe owner: trojan domain: trojan-PC PID: 3188 name: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe owner: trojan domain: trojan-PC PID: 2008 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY PID: 4584 name: C:\Program Files (x86)\AIM Toolbar\aimtbServer.exe owner: trojan domain: trojan-PC PID: 2916 name: C:\Windows\System32\taskhost.exe owner: trojan domain: trojan-PC PID: 4532 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 4880 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe owner: SYSTEM domain: NT AUTHORITY PID: 5108 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: trojan domain: trojan-PC PID: 4596 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 4624 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: trojan domain: trojan-PC PID: 1440 name: C:\Program Files (x86)\Internet Explorer\iexplore.exe owner: trojan domain: trojan-PC Startup items: Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: Malwarebytes' Anti-Malware imagepath: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent Name: mxomssmenu imagepath: "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe" Name: mssSort imagepath: C:\Program Files (x86)\Maxtor\Maxtor Quick Start\msssort.exe Name: AppleSyncNotifier imagepath: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe Name: BCSSync imagepath: "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices Name: AVP imagepath: "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" Name: APSDaemon imagepath: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" Name: iTunesHelper imagepath: "C:\Program Files (x86)\iTunes\iTunesHelper.exe" Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" Bootexecute items: Name: imagepath: autocheck autochk /p \??\C: Name: imagepath: "autocheck autochk *" Name: imagepath: sasnative64 Name: imagepath: & Name: imagepath: "" Name: imagepath: "" Name: imagepath: ?????????? Name: imagepath: "?" Name: imagepath: ?? Running services: Name: !SASCORE displayname: SAS Core Service Name: AeLookupSvc displayname: Application Experience Name: Appinfo displayname: Application Information Name: Apple Mobile Device displayname: Apple Mobile Device Name: AudioEndpointBuilder displayname: Windows Audio Endpoint Builder Name: AudioSrv displayname: Windows Audio Name: BFE displayname: Base Filtering Engine Name: BITS displayname: Background Intelligent Transfer Service Name: Bonjour Service displayname: Bonjour Service Name: Browser displayname: Computer Browser Name: CryptSvc displayname: Cryptographic Services Name: CscService displayname: Offline Files Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: Dnscache displayname: DNS Client Name: DPS displayname: Diagnostic Policy Service Name: eventlog displayname: Windows Event Log Name: EventSystem displayname: COM+ Event System Name: FDResPub displayname: Function Discovery Resource Publication Name: FontCache displayname: Windows Font Cache Service Name: gpsvc displayname: Group Policy Client Name: IKEEXT displayname: IKE and AuthIP IPsec Keying Modules Name: LanmanServer displayname: Server Name: LanmanWorkstation displayname: Workstation Name: lmhosts displayname: TCP/IP NetBIOS Helper Name: lxbs_device displayname: lxbs_device Name: MpsSvc displayname: Windows Firewall Name: Netman displayname: Network Connections Name: netprofm displayname: Network List Service Name: NlaSvc displayname: Network Location Awareness Name: nsi displayname: Network Store Interface Service Name: PcaSvc displayname: Program Compatibility Assistant Service Name: PlugPlay displayname: Plug and Play Name: Power displayname: Power Name: ProfSvc displayname: User Profile Service Name: RpcEptMapper displayname: RPC Endpoint Mapper Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: SENS displayname: System Event Notification Service Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: sppsvc displayname: Software Protection Name: sppuinotify displayname: SPP Notification Service Name: SSDPSRV displayname: SSDP Discovery Name: SysMain displayname: Superfetch Name: Themes displayname: Themes Name: UxSms displayname: Desktop Window Manager Session Manager Name: wcncsvc displayname: Windows Connect Now - Config Registrar Name: WdiServiceHost displayname: Diagnostic Service Host Name: WdiSystemHost displayname: Diagnostic System Host Name: WinDefend displayname: Windows Defender Name: WinHttpAutoProxySvc displayname: WinHTTP Web Proxy Auto-Discovery Service Name: Winmgmt displayname: Windows Management Instrumentation Name: wscsvc displayname: Security Center Name: wuauserv displayname: Windows Update Name: wudfsvc displayname: Windows Driver Foundation - User-mode Driver Framework Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service