Logfile created: 2/18/2012 18:41:13 Ad-Aware version: 9.6.0 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: fulcort *********************** Definitions database information *********************** Lavasoft definition file: 150.723 Genotype definition file version: 2012/02/13 12:34:34 Extended engine definition file: 11550.0 ******************************** Scan results: ********************************* Scan profile name: Context menu scan (ID: contextmenuscan) Objects scanned: 702 Objects detected: 7 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 7 Folders.........: 0 LSPs............: 0 Cookies.........: 0 Browser hijacks.: 0 MRU objects.....: 0 Quarantined items: Description: c:\windows\assembly\gac_32\desktop.ini Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Reboot required Item ID: 1 Family ID: 0 MD5: FC8DA91F71B2BB29E258E3D81521B78 Description: c:\windows\assembly\gac_64\desktop.ini Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Reboot required Item ID: 1 Family ID: 0 MD5: 532F7A6F5A5A4A71CACC18DE74B834D8 Description: c:\windows\assembly\tmp\u\000000cb.@ Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: fe025e8778d66459f3519b8f0199e92c Description: c:\windows\assembly\tmp\u\000000cf.@ Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 641d61902ae96341113c5c023984b719 Description: c:\windows\assembly\tmp\u\800000c0.@ Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c062ec90da29d6c8782f09909c6c9e1f Description: c:\windows\assembly\tmp\u\800000cb.@ Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 30131a7e34cff124c4148f511d486b9a Description: c:\windows\assembly\tmp\u\800000cf.@ Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: c933adfc290398c091d0a77a66c69355 Scan and cleaning complete: Finished correctly after 103 seconds *********************************** Settings *********************************** Scan profile: ID: contextmenuscan, enabled:1, value: Context menu scan ID: folderstoscan, enabled:1, value: ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: false ID: scanrunningapps, enabled:1, value: false ID: scanregistry, enabled:1, value: false ID: scanlsp, enabled:1, value: false ID: scanads, enabled:1, value: false ID: scanhostsfile, enabled:1, value: false ID: scanmru, enabled:1, value: false ID: scanbrowserhijacks, enabled:1, value: false ID: scantrackingcookies, enabled:1, value: false ID: closebrowsers, enabled:0, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: false ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: N/A Scheduled scan settings: Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Fri Feb 17 21:37:00 2012 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Fri Feb 17 03:37:00 2012 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Fri Feb 17 09:37:00 2012 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Fri Feb 17 15:37:00 2012 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Fri Feb 17 21:37:00 2012 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: true ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: true ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: maintainbackup, enabled:1, value: true ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: true ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true ****************************** System information ****************************** Computer name: FULCORT-PC Processor name: AMD Turion Dual-Core RM-70 Processor identifier: AMD64 Family 17 Model 3 Stepping 1 Processor speed: ~2000MHZ Raw info: processorarchitecture 9, processortype 8664, processorlevel 17, processor revision 769, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3,3DNow] Physical memory available: 2112110592 bytes Physical memory total: 2951139328 bytes Virtual memory available: 1874206720 bytes Virtual memory total: 2147352576 bytes Memory load: 28% Microsoft Service Pack 1 (build 7601) Windows startup mode: Running processes: PID: 260 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 380 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 436 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY PID: 448 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 512 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 524 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 532 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY PID: 644 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 704 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 744 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 792 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 848 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 880 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 980 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 340 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 320 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 108 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1180 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 1248 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1300 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1332 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1404 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1828 name: C:\Windows\System32\dwm.exe owner: fulcort domain: fulcort-PC PID: 1880 name: C:\Windows\explorer.exe owner: fulcort domain: fulcort-PC PID: 1908 name: C:\Windows\System32\taskhost.exe owner: fulcort domain: fulcort-PC PID: 2024 name: C:\Windows\System32\WUDFHost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 872 name: C:\Windows\System32\rundll32.exe owner: fulcort domain: fulcort-PC PID: 1620 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 2124 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY PID: 2216 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: fulcort domain: fulcort-PC PID: 2288 name: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe owner: fulcort domain: fulcort-PC PID: 2516 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: fulcort domain: fulcort-PC PID: 2608 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY PID: 2700 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 2832 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1016 name: C:\Windows\System32\notepad.exe owner: fulcort domain: fulcort-PC PID: 948 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: fulcort domain: fulcort-PC Startup items: Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: AudioEndpointBuilder displayname: Windows Audio Endpoint Builder Name: AudioSrv displayname: Windows Audio Name: BITS displayname: Background Intelligent Transfer Service Name: CryptSvc displayname: Cryptographic Services Name: cwafadminmonitor displayname: Mgabg Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: Dnscache displayname: DNS Client Name: DPS displayname: Diagnostic Policy Service Name: EapHost displayname: Extensible Authentication Protocol Name: eventlog displayname: Windows Event Log Name: EventSystem displayname: COM+ Event System Name: fdPHost displayname: Function Discovery Provider Host Name: FDResPub displayname: Function Discovery Resource Publication Name: FontCache displayname: Windows Font Cache Service Name: gpsvc displayname: Group Policy Client Name: HomeGroupProvider displayname: HomeGroup Provider Name: HsfXAudioService displayname: HsfXAudioService Name: KeyIso displayname: CNG Key Isolation Name: LanmanServer displayname: Server Name: LanmanWorkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: lmhosts displayname: TCP/IP NetBIOS Helper Name: Netman displayname: Network Connections Name: netprofm displayname: Network List Service Name: NlaSvc displayname: Network Location Awareness Name: nsi displayname: Network Store Interface Service Name: nvsvc displayname: NVIDIA Display Driver Service Name: PcaSvc displayname: Program Compatibility Assistant Service Name: PlugPlay displayname: Plug and Play Name: Power displayname: Power Name: ProfSvc displayname: User Profile Service Name: RasMan displayname: Remote Access Connection Manager Name: RpcEptMapper displayname: RPC Endpoint Mapper Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: SENS displayname: System Event Notification Service Name: SessionEnv displayname: Remote Desktop Configuration Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: SSDPSRV displayname: SSDP Discovery Name: SstpSvc displayname: Secure Socket Tunneling Protocol Service Name: stisvc displayname: Windows Image Acquisition (WIA) Name: SysMain displayname: Superfetch Name: TapiSrv displayname: Telephony Name: TermService displayname: Remote Desktop Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: UmRdpService displayname: Remote Desktop Services UserMode Port Redirector Name: UxSms displayname: Desktop Window Manager Session Manager Name: WdiServiceHost displayname: Diagnostic Service Host Name: WdiSystemHost displayname: Diagnostic System Host Name: Winmgmt displayname: Windows Management Instrumentation Name: Wlansvc displayname: WLAN AutoConfig Name: WMPNetworkSvc displayname: Windows Media Player Network Sharing Service Name: WPDBusEnum displayname: Portable Device Enumerator Service Name: WSearch displayname: Windows Search Name: wuauserv displayname: Windows Update Name: wudfsvc displayname: Windows Driver Foundation - User-mode Driver Framework