Help - Search - Members - Calendar
Full Version: Ad-Aware SE Personal not able to get rid of some threats
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
newtown_73
Jul 19 2006, 08:04 AM
Hi Guys
i've scan my computer using the Ad-Aware SE and results of the scan is bad and when i tried to get rid of the threats it was reported that some of the items could not be removed.
My scan log is shown below. Wld appreciate if someone could assist. Thanking in advance.

The log file:

Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, July 19, 2006 2:44:50 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R115 17.07.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»

References detected d######g the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.Look2Me(TAC index:7):4 total references
CmdServices(TAC index:4):26 total references
win32.Trojan.Dnschanger(TAC index:10):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules d######g scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : D######g removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


7/19/2006 2:44:50 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 148
ThreadCreationTime : 7/19/2006 6:39:02 AM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\F:\WINNT\system32\
ProcessID : 172
ThreadCreationTime : 7/19/2006 6:39:10 AM
BasePriority : High


Adware.Look2Me Object Recognized!
Type : Process
Data : h8l20i3oe8.dll
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : F:\WINNT\system32\


Warning! Adware.Look2Me Object found in memory(F:\WINNT\system32\h8l20i3oe8.dll)


#:3 [services.exe]
FilePath : F:\WINNT\system32\
ProcessID : 224
ThreadCreationTime : 7/19/2006 6:39:12 AM
BasePriority : Normal
FileVersion : 5.00.2195.7035
ProductVersion : 5.00.2195.7035
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : F:\WINNT\system32\
ProcessID : 236
ThreadCreationTime : 7/19/2006 6:39:12 AM
BasePriority : Normal
FileVersion : 5.00.2195.7011
ProductVersion : 5.00.2195.7011
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:5 [svchost.exe]
FilePath : F:\WINNT\system32\
ProcessID : 404
ThreadCreationTime : 7/19/2006 6:39:14 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:6 [spoolsv.exe]
FilePath : F:\WINNT\system32\
ProcessID : 432
ThreadCreationTime : 7/19/2006 6:39:14 AM
BasePriority : Normal
FileVersion : 5.00.2195.7059
ProductVersion : 5.00.2195.7059
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:7 [command.exe]
FilePath : F:\WINNT\eQ\
ProcessID : 460
ThreadCreationTime : 7/19/2006 6:39:14 AM
BasePriority : Normal


CmdServices Object Recognized!
Type : Process
Data : command.exe
TAC Rating : 4
Category : Adware
Comment :
Object : F:\WINNT\eQ\


Warning! "F:\WINNT\eQ\command.exe"Process could not be terminated!

#:8 [defwatch.exe]
FilePath : F:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 484
ThreadCreationTime : 7/19/2006 6:39:15 AM
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:9 [svchost.exe]
FilePath : F:\WINNT\System32\
ProcessID : 500
ThreadCreationTime : 7/19/2006 6:39:15 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:10 [incdsrv.exe]
FilePath : F:\Program Files\Ahead\InCD\
ProcessID : 532
ThreadCreationTime : 7/19/2006 6:39:15 AM
BasePriority : Normal
FileVersion : 4, 3, 18, 0
ProductVersion : 4, 3, 18, 0
ProductName : Nero AG incdsrv
CompanyName : Nero AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : incdsrv.exe

#:11 [netmon.exe]
FilePath : F:\Program Files\Network Monitor\
ProcessID : 572
ThreadCreationTime : 7/19/2006 6:39:16 AM
BasePriority : Normal


win32.Trojan.Dnschanger Object Recognized!
Type : Process
Data : netmon.exe
TAC Rating : 10
Category : Monitoring Tool
Comment :
Object : F:\Program Files\Network Monitor\


Warning! "F:\Program Files\Network Monitor\netmon.exe"Process could not be terminated!
Warning! "F:\Program Files\Network Monitor\netmon.exe"Process could not be terminated!

#:12 [rtvscan.exe]
FilePath : F:\Program Files\Symantec_Client_Security\Symantec AntiVirus\
ProcessID : 596
ThreadCreationTime : 7/19/2006 6:39:17 AM
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2002

#:13 [mstask.exe]
FilePath : F:\WINNT\system32\
ProcessID : 660
ThreadCreationTime : 7/19/2006 6:39:18 AM
BasePriority : Normal
FileVersion : 4.71.2195.6972
ProductVersion : 4.71.2195.6972
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:14 [smsc.exe]
FilePath : F:\WINNT\system32\
ProcessID : 756
ThreadCreationTime : 7/19/2006 6:39:19 AM
BasePriority : Normal


#:15 [winmgmt.exe]
FilePath : F:\WINNT\System32\WBEM\
ProcessID : 780
ThreadCreationTime : 7/19/2006 6:39:20 AM
BasePriority : Normal
FileVersion : 1.50.1085.0100
ProductVersion : 1.50.1085.0100
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:16 [svchost.exe]
FilePath : F:\WINNT\system32\
ProcessID : 804
ThreadCreationTime : 7/19/2006 6:39:20 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:17 [svchost.exe]
FilePath : F:\WINNT\System32\
ProcessID : 824
ThreadCreationTime : 7/19/2006 6:39:21 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:18 [rundll32.exe]
FilePath : F:\WINNT\system32\
ProcessID : 1236
ThreadCreationTime : 7/19/2006 6:39:41 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : RUNDLL.EXE

CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : F:\WINNT\eQ\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:19 [vptray.exe]
FilePath : F:\PROGRA~1\SYMANT~1\SYMANT~1\
ProcessID : 1248
ThreadCreationTime : 7/19/2006 6:39:42 AM
BasePriority : Normal
FileVersion : 8.00.00.9374
ProductVersion : 8.00.00.9374
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2002

CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : F:\WINNT\eQ\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:20 [pdvdserv.exe]
FilePath : F:\Program Files\CyberLink DVD Solution\PowerDVD\
ProcessID : 1256
ThreadCreationTime : 7/19/2006 6:39:42 AM
BasePriority : Normal
FileVersion : 6.00.1027
ProductVersion : 6.00.1027
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2004
OriginalFilename : PDVDSERV.EXE

CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : F:\WINNT\eQ\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:21 [fwupdate.exe]
FilePath : F:\Program Files\lg_fwupdate\
ProcessID : 1312
ThreadCreationTime : 7/19/2006 6:39:48 AM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : LG Firmware Autoupdate
CompanyName : CST
InternalName : fwupdate
OriginalFilename : fwupdate.exe

CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : F:\WINNT\eQ\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:22 [stisvc.exe]
FilePath : F:\WINNT\system32\
ProcessID : 700
ThreadCreationTime : 7/19/2006 6:39:58 AM
BasePriority : Normal
FileVersion : 5.00.2195.6656
ProductVersion : 5.00.2195.6656
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Still Image Devices Monitor
InternalName : STIMON
LegalCopyright : Copyright © Microsoft Corp. 1996-1997
OriginalFilename : STIMON.EXE

#:23 [msnmsgr.exe]
FilePath : F:\Program Files\MSN Messenger\
ProcessID : 1528
ThreadCreationTime : 7/19/2006 6:40:07 AM
BasePriority : Normal
FileVersion : 7.0.0816
ProductVersion : 7.0.0816
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : F:\WINNT\eQ\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:24 [iexplore.exe]
FilePath : f:\progra~1\intern~1\
ProcessID : 1568
ThreadCreationTime : 7/19/2006 6:40:07 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : F:\WINNT\eQ\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:25 [psfree.exe]
FilePath : F:\PROGRA~1\PANICW~1\POP-UP~1\
ProcessID : 1584
ThreadCreationTime : 7/19/2006 6:40:08 AM
BasePriority : Normal
FileVersion : 3, 1, 0, 1014
ProductVersion : 1, 0, 0, 1
ProductName : Pop-Up Stopper Free Edition
CompanyName : Panicware, Inc.
FileDescription : Pop-Up Stopper Free Edition
InternalName : Pop-Up Stopper Free Edition
LegalCopyright : Copyright © 2002-2005
OriginalFilename : PSFree.exe

CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : F:\WINNT\eQ\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:26 [vbservice.exe]
FilePath : F:\Program Files\V-Gear BEE\
ProcessID : 1644
ThreadCreationTime : 7/19/2006 6:40:14 AM
BasePriority : Normal
FileVersion : 1.0.0.0
ProductVersion : 1.0.0.0
ProductName : V-Gear Bee
CompanyName : Asiamajor Inc.
FileDescription : V-Gear Bee Service
InternalName : VBService
LegalCopyright : Copyright © 2003 Asiamajor Inc.
LegalTrademarks : V-Gear
OriginalFilename : VBService.exe

CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : F:\WINNT\eQ\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:27 [scaner32.exe]
FilePath : F:\WINNT\twain_32\Intrsca\636p\
ProcessID : 1664
ThreadCreationTime : 7/19/2006 6:40:16 AM
BasePriority : Normal


CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : F:\WINNT\eQ\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:28 [ad-aware.exe]
FilePath : F:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1504
ThreadCreationTime : 7/19/2006 6:40:37 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : F:\WINNT\eQ\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


#:29 [rundll32.exe]
FilePath : F:\WINNT\system32\
ProcessID : 1508
ThreadCreationTime : 7/19/2006 6:41:27 AM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : RUNDLL.EXE

CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : F:\WINNT\eQ\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


Adware.Look2Me Object Recognized!
Type : Process
Data : guard.tmp
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : F:\WINNT\system32\


Warning! Adware.Look2Me Object found in memory(F:\WINNT\system32\guard.tmp)

Warning! "F:\WINNT\system32\rundll32.exe"Process could not be terminated!

#:30 [iexplore.exe]
FilePath : F:\Program Files\Internet Explorer\
ProcessID : 916
ThreadCreationTime : 7/19/2006 6:41:28 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : F:\WINNT\eQ\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0

Warning! "F:\Program Files\Internet Explorer\iexplore.exe"Process could not be terminated!

#:31 [explorer.exe]
FilePath : F:\WINNT\
ProcessID : 1512
ThreadCreationTime : 7/19/2006 6:42:55 AM
BasePriority : Normal
FileVersion : 5.00.3700.6690
ProductVersion : 5.00.3700.6690
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

CmdServices Object Recognized!
Type : Process
Data : asappsrv.dll
TAC Rating : 4
Category : Adware
Comment :
Object : F:\WINNT\eQ\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


Adware.Look2Me Object Recognized!
Type : Process
Data : guard.tmp
TAC Rating : 7
Category : Adware
Comment : iieshare.dll.dmp
Object : F:\WINNT\system32\


Warning! Adware.Look2Me Object found in memory(F:\WINNT\system32\guard.tmp)


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 18


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\WINNT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18

Disk Scan Result for F:\WINNT\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18

Disk Scan Result for F:\DO######E~1\ADMINI~1\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 18

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 18




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Adware.Look2Me Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon\notify

CmdServices Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice

CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice
Value : Start

CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice
Value : ErrorControl

CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice
Value : ImagePath

CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice
Value : DisplayName

CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\services\cmdservice
Value : ObjectName

CmdServices Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\cmdservice

CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\cmdservice
Value : Start

CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\cmdservice
Value : ErrorControl

CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\cmdservice
Value : ImagePath

CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\cmdservice
Value : DisplayName

CmdServices Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Adware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\services\cmdservice
Value : ObjectName

win32.Trojan.Dnschanger Object Recognized!
Type : Folder
TAC Rating : 10
Category : Monitoring Tool
Comment : win32.Trojan.Dnschanger
Object : F:\Program Files\Network Monitor

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 14
Objects found so far: 32

2:45:54 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:04.182
Objects scanned:52922
Objects identified:16
Objects ignored:0
New critical objects:16
LS CalamityJane
Jul 23 2006, 09:42 PM
Unfortunately you have some very difficult to remove pests.

Could you please scan and post a log from this free tool?

Instructions on creating a HijackThis Log
http://www.lavasoftsupport.com/index.php?showtopic=216
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.