Hello, I am running Running Vista Home Premium 64-bit Service Pack 1 on an Intel Core 2 Duo T5800 CPU, additional security software is the free version on the Comodo Internet security Suite and on occasion Windows Defender decides to turn itself on although I try to keep it shut off (it's just a personal thing about the lame MS security software). This is my problem after scanning and completing recommended repairs, I restart the computer as suggested, but when I am up and running again the AE icon is missing in the task tray and most of my programs will not start, i.e. browsers, Outlook, Windows Media Player etc. The only way I can fix it is to go back to the restore point set before I scanned with AE. Any ideas?
Thanks, Wayne
Full Version: Programs won't start after AE scan, repair & restart?
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > AAW Anniversary Edition - Resolved/Inactive
Hi Wayne,
This could be due to a few reasons, possibly you have a malware infection which is hampering the cleaning or ad-aware has removed a legitimate file. Could you please upload your last scan log for us to look at?
Thanks,
Casey
This could be due to a few reasons, possibly you have a malware infection which is hampering the cleaning or ad-aware has removed a legitimate file. Could you please upload your last scan log for us to look at?
Thanks,
Casey
QUOTE(casey_boy @ Apr 9 2009, 09:04 AM) 
Hi Wayne,
This could be due to a few reasons, possibly you have a malware infection which is hampering the cleaning or ad-aware has removed a legitimate file. Could you please upload your last scan log for us to look at?
Thanks,
Casey
This could be due to a few reasons, possibly you have a malware infection which is hampering the cleaning or ad-aware has removed a legitimate file. Could you please upload your last scan log for us to look at?
Thanks,
Casey
Click to view attachment
Well, here it is, hope this helps.
Thank you, Wayne
Hi Wayned could you try again for me, the formatting on that is too hard to read.
In Notepad please make sure text wrapping is disabled in the format menu.
Casey
In Notepad please make sure text wrapping is disabled in the format menu.
Casey
QUOTE(casey_boy @ Apr 9 2009, 08:55 PM)
Hi Wayned could you try again for me, the formatting on that is too hard to read.
In Notepad please make sure text wrapping is disabled in the format menu.
Casey
In Notepad please make sure text wrapping is disabled in the format menu.
Casey
Hello Casey,
Not sure what is happening, I checked Notepad and the Word wrap is shut off. I will rescan and send a new log file. I may be on to something though, I had scaned last night and normally Comodo pops up multiple warnings about things that Ad-Aware is trying to change in the registry etc. In the past I allowed them, but this tim I blocked all of the and after shut down my PC functioned normally, so something was being changed that should not be. I also rescanned with Ad-Aware and the hidden hijacker that had been include with software that came on the machine is now gone. I just need to figure out what is being changed that should not be change and then allow what does need to be changed.
Thank you, Wayne
Casey,
Here are two scan log files the 1st is done when the removal of the malware was accomplished, the 2nd is from the scan accomplished after the removal and no restart as yet. I have also now removed all of the Oberon games that came installed on this laptop by Acer, this was where the malware was hidden it was a backdoor Trojan. Hope these are readable, the Notepad has word wrap disabled.
Thanks, Wayne
Here are two scan log files the 1st is done when the removal of the malware was accomplished, the 2nd is from the scan accomplished after the removal and no restart as yet. I have also now removed all of the Oberon games that came installed on this laptop by Acer, this was where the malware was hidden it was a backdoor Trojan. Hope these are readable, the Notepad has word wrap disabled.
Thanks, Wayne
Hi,
They were unreadable in Firefox, but just about readable in Internet Explorer - not sure why that is. Nevertheless, I think I would like you to download and install Trend Micro's Hijack This and post a HJT log into the HJT forum, for analysis, since there are failed to remove items in your logs. Please read and follow the instructions in my signature.
We will then know for certain if you are infected and you will recieve help removing any threats manually.
Casey
They were unreadable in Firefox, but just about readable in Internet Explorer - not sure why that is. Nevertheless, I think I would like you to download and install Trend Micro's Hijack This and post a HJT log into the HJT forum, for analysis, since there are failed to remove items in your logs. Please read and follow the instructions in my signature.
We will then know for certain if you are infected and you will recieve help removing any threats manually.
Casey
QUOTE(casey_boy @ Apr 12 2009, 03:47 AM)
Hi,
They were unreadable in Firefox, but just about readable in Internet Explorer - not sure why that is. Nevertheless, I think I would like you to download and install Trend Micro's Hijack This and post a HJT log into the HJT forum, for analysis, since there are failed to remove items in your logs. Please read and follow the instructions in my signature.
We will then know for certain if you are infected and you will recieve help removing any threats manually.
Casey
They were unreadable in Firefox, but just about readable in Internet Explorer - not sure why that is. Nevertheless, I think I would like you to download and install Trend Micro's Hijack This and post a HJT log into the HJT forum, for analysis, since there are failed to remove items in your logs. Please read and follow the instructions in my signature.
We will then know for certain if you are infected and you will recieve help removing any threats manually.
Casey
Hi Casey,
I placed the HJT log on thier forum, also I see what you mean about the log uploads. Do you thing it would help if I copy and pasted it here for you?
Thanks, Wayne
Hello Casey,
I copy and pasted the Ad-Aware log file here and it is much more readable. I am confused as to why the log says it removed 28, but of those 28, 11 could not be cleaned? Not sure what that means. The High Jack This log is in the HJT forum, several views but no replies from anyone with suggestions to repair/remove the garbage that may need to be dealt with.
Also, why does the Ad-Aware scan log show more startup programs then what is listed on the startup tab of msconfig.exe?
Thank you, Wayne
MSG [4116] 2009/04/10 22:38:15: Configure new scan with profile: full
MSG [4116] 2009/04/10 22:38:15: -> scanning critical objects
MSG [4116] 2009/04/10 22:38:15: -> scanning running processes
MSG [4116] 2009/04/10 22:38:15: -> scanning registry
MSG [4116] 2009/04/10 22:38:15: -> scanning lsp
MSG [4116] 2009/04/10 22:38:15: -> scanning ads
MSG [4116] 2009/04/10 22:38:15: -> scanning hosts file
MSG [4116] 2009/04/10 22:38:15: -> scanning mru objects
MSG [4116] 2009/04/10 22:38:15: -> scanning browser hijacks
MSG [4116] 2009/04/10 22:38:15: -> scanning cookies
MSG [4116] 2009/04/10 22:38:15: -> neutralizing rootkits
MSG [4116] 2009/04/10 22:38:15: -> use spyware heuristics
MSG [4116] 2009/04/10 22:38:15: -> scan archives
MSG [4116] 2009/04/10 22:38:15: -> file size limit = 20480 kB (0 = unlimited)
MSG [4116] 2009/04/10 22:38:15: -> scan file/path = C:\
MSG [4116] 2009/04/10 22:38:15: -> scan file/path = D:\
MSG [4616] 2009/04/10 23:28:31: Scan was completed in 3016 seconds
MSG [4616] 2009/04/10 23:28:31: Objects processed: 208045, infections detected: 30
MSG [1284] 2009/04/11 07:21:01: Remediating 30 infections
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *data.coremetrics*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *atdmt*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *coremetrics*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *data.coremetrics*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *live365*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *2o7*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *advertising*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *media.adrevolver*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *adserv*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *adserve*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: HKU:S-1-5-21-998263982-3075895284-3841329625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced:Hidden
MSG [1284] 2009/04/11 07:22:07: Infections quarantined: 2, removed: 28, repaired: 0
MSG [1284] 2009/04/11 07:22:07: Infections ignored by remediation: 0 (0 whitelisted, 0 skipped).
MSG [4116] 2009/04/11 07:22:07: Dumping scan report:
>>> Logfile created: 4/10/2009 22:38:15
>>> Lavasoft Ad-Aware version: 8.0.3
>>> Extended engine version: 8.1
>>> User performing scan: Wayne
>>>
>>> *********************** Definitions database information ***********************
>>> Lavasoft definition file: 148.8
>>> Extended engine definition file: 8.1
>>>
>>> ******************************** Scan results: *********************************
>>> Scan profile name: Full Scan (ID: full)
>>> Objects scanned: 208045
>>> Objects detected: 30
>>>
>>>
>>> Type Detected
>>> ==========================
>>> Processes.......: 0
>>> Registry entries: 1
>>> Hostfile entries: 0
>>> Files...........: 1
>>> Folders.........: 0
>>> LSPs............: 0
>>> Cookies.........: 28
>>> Browser hijacks.: 0
>>> MRU objects.....: 0
>>>
>>>
>>>
>>> Removed items:
>>> Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
>>> Description: *coremetrics* Family Name: Cookies Clean status: Success Item ID: 409008 Family ID: 0
>>> Description: *data.coremetrics* Family Name: Cookies Clean status: Failed Item ID: 409220 Family ID: 0
>>> Description: *live365* Family Name: Cookies Clean status: Success Item ID: 408844 Family ID: 0
>>> Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
>>> Description: *atdmt* Family Name: Cookies Clean status: Failed Item ID: 408910 Family ID: 0
>>> Description: *coremetrics* Family Name: Cookies Clean status: Failed Item ID: 409008 Family ID: 0
>>> Description: *data.coremetrics* Family Name: Cookies Clean status: Failed Item ID: 409220 Family ID: 0
>>> Description: *live365* Family Name: Cookies Clean status: Failed Item ID: 408844 Family ID: 0
>>> Description: *2o7* Family Name: Cookies Clean status: Failed Item ID: 408943 Family ID: 0
>>> Description: *.lycos* Family Name: Cookies Clean status: Success Item ID: 408930 Family ID: 0
>>> Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
>>> Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0
>>> Description: *advertising* Family Name: Cookies Clean status: Failed Item ID: 409017 Family ID: 0
>>> Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
>>> Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0
>>> Description: *apmebf* Family Name: Cookies Clean status: Success Item ID: 409163 Family ID: 0
>>> Description: *fastclick* Family Name: Cookies Clean status: Success Item ID: 408869 Family ID: 0
>>> Description: *questionmarket* Family Name: Cookies Clean status: Success Item ID: 408819 Family ID: 0
>>> Description: *mediaplex* Family Name: Cookies Clean status: Success Item ID: 408991 Family ID: 0
>>> Description: *bluestreak* Family Name: Cookies Clean status: Success Item ID: 408904 Family ID: 0
>>> Description: *adrevolver* Family Name: Cookies Clean status: Success Item ID: 408932 Family ID: 0
>>> Description: *media.adrevolver* Family Name: Cookies Clean status: Failed Item ID: 409144 Family ID: 0
>>> Description: *specificclick* Family Name: Cookies Clean status: Success Item ID: 408807 Family ID: 0
>>> Description: *adserver* Family Name: Cookies Clean status: Success Item ID: 408737 Family ID: 0
>>> Description: *adserv* Family Name: Cookies Clean status: Failed Item ID: 408921 Family ID: 0
>>> Description: *adtech* Family Name: Cookies Clean status: Success Item ID: 409018 Family ID: 0
>>> Description: *adserve* Family Name: Cookies Clean status: Failed Item ID: 409020 Family ID: 0
>>>
>>> Quarantined items:
>>> Description: C:\Program Files (x86)\Acer GameZone\Backspin Billiards\Backspin.exe Family Name: Win32.TrojanDownloader.Agent Clean status: Success Item ID: 553374 Family ID: 1001
>>> Description: HKU:S-1-5-21-998263982-3075895284-3841329625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced:Hidden Family Name: Win32.TrojanDownloader.Agent Clean status: Failed Item ID: 414374 Family ID: 1001
>>>
>>> Scan and cleaning complete: Finished correctly after 3016 seconds
>>>
>>> *********************************** Settings ***********************************
>>>
>>> Scan profile:
>>> ID: full, enabled:1, value: Full Scan
>>> ID: scancriticalareas, enabled:1, value: true
>>> ID: scanrunningapps, enabled:1, value: true
>>> ID: scanregistry, enabled:1, value: true
>>> ID: scanlsp, enabled:1, value: true
>>> ID: scanads, enabled:1, value: true
>>> ID: scanhostsfile, enabled:1, value: true
>>> ID: scanmru, enabled:1, value: true
>>> ID: scanbrowserhijacks, enabled:1, value: true
>>> ID: scantrackingcookies, enabled:1, value: true
>>> ID: closebrowsers, enabled:1, value: false
>>> ID: folderstoscan, enabled:1, value: C:\,D:\
>>> ID: scanrootkits, enabled:1, value: true
>>> ID: usespywareheuristics, enabled:1, value: true
>>> ID: extendedengine, enabled:0, value: true
>>> ID: useheuristics, enabled:0, value: true
>>> ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>> ID: filescanningoptions, enabled:1
>>> ID: archives, enabled:1, value: true
>>> ID: onlyexecutables, enabled:1, value: false
>>> ID: skiplargerthan, enabled:1, value: 20480
>>>
>>> Scan global:
>>> ID: global, enabled:1
>>> ID: addtocontextmenu, enabled:1, value: true
>>> ID: playsoundoninfection, enabled:1, value: false
>>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
>>>
>>> Scheduled scan settings:
>>> <Empty>
>>>
>>> Update settings:
>>> ID: updates, enabled:1
>>> ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
>>> ID: displaystatus, enabled:1, value: false
>>> ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: autodetectproxy, enabled:1, value: false
>>> ID: useautoconfigscript, enabled:1, value: false
>>> ID: autoconfigurl, enabled:0, value:
>>> ID: useproxy, enabled:1, value: false
>>> ID: proxyserver, enabled:0, value:
>>> ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: schedules, enabled:1, value: true
>>> ID: updatedaily, enabled:1, value: Daily
>>> ID: time, enabled:1, value: Sat Feb 28 06:05:00 2009
>>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: false
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>> ID: updateweekly, enabled:1, value: Weekly
>>> ID: time, enabled:1, value: Sat Feb 28 06:05:00 2009
>>> ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: true
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: true
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>>
>>> Appearance settings:
>>> ID: appearance, enabled:1
>>> ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
>>> ID: showtrayicon, enabled:1, value: true
>>> ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
>>>
>>> Realtime protection settings:
>>> ID: realtime, enabled:1
>>> ID: processprotection, enabled:1, value: true
>>> ID: registryprotection, enabled:0, value: false
>>> ID: networkprotection, enabled:0, value: false
>>> ID: loadatstartup, enabled:1, value: true
>>> ID: usespywareheuristics, enabled:0, value: false
>>> ID: extendedengine, enabled:0, value: false
>>> ID: useheuristics, enabled:0, value: false
>>> ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>> ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
>>>
>>>
>>> ****************************** System information ******************************
>>> Computer name: WAYNE-PC
>>> Processor name: IntelĀ® Core™2 Duo CPU T5800 @ 2.00GHz
>>> Processor identifier: Intel64 Family 6 Model 15 Stepping 13
>>> Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3853, number of processors 2
>>> Physical memory available: 2523926528 bytes
>>> Physical memory total: 4219396096 bytes
>>> Virtual memory available: 2016026624 bytes
>>> Virtual memory total: 2147352576 bytes
>>> Memory load: 40%
>>> Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 1 (build 6001)
>>> Windows startup mode:
>>>
>>> Running processes:
>>> PID: 528 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 608 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 644 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 664 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 700 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 712 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 720 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 808 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 896 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 960 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 296 name: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 448 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 444 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 612 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 888 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 988 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1196 name: C:\Windows\System32\SLsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 1248 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 1636 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1776 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1860 name: C:\Windows\System32\taskeng.exe owner: Wayne domain: Wayne-PC
>>> PID: 1872 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 1880 name: C:\Windows\System32\dwm.exe owner: Wayne domain: Wayne-PC
>>> PID: 1924 name: C:\Windows\explorer.exe owner: Wayne domain: Wayne-PC
>>> PID: 1588 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1912 name: C:\Program Files (x86)\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1888 name: C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2000 name: C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1720 name: C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2116 name: C:\Program Files\Acer\Empowering Technology\Service\ETService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2184 name: C:\Windows\SysWOW64\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2224 name: C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2288 name: C:\ACER\Mobility Center\MobilityService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2340 name: C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2420 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 2440 name: C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2464 name: C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2560 name: C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2576 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 2588 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 2620 name: C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2636 name: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2676 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 2736 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2768 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2800 name: C:\Windows\System32\drivers\XAudio64.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2836 name: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 156 name: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe owner: Wayne domain: Wayne-PC
>>> PID: 2508 name: C:\Windows\System32\hkcmd.exe owner: Wayne domain: Wayne-PC
>>> PID: 2728 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1288 name: C:\Windows\System32\igfxpers.exe owner: Wayne domain: Wayne-PC
>>> PID: 1204 name: C:\Program Files\COMODO\SafeSurf\cssurf.exe owner: Wayne domain: Wayne-PC
>>> PID: 2784 name: C:\Windows\RAVCpl64.exe owner: Wayne domain: Wayne-PC
>>> PID: 2880 name: C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe owner: Wayne domain: Wayne-PC
>>> PID: 3020 name: C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe owner: Wayne domain: Wayne-PC
>>> PID: 3004 name: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe owner: Wayne domain: Wayne-PC
>>> PID: 3080 name: C:\Windows\ehome\ehtray.exe owner: Wayne domain: Wayne-PC
>>> PID: 3124 name: C:\Windows\System32\igfxsrvc.exe owner: Wayne domain: Wayne-PC
>>> PID: 3176 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: Wayne domain: Wayne-PC
>>> PID: 3480 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 3552 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 3724 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 3752 name: C:\Program Files\Windows Media Player\wmpnscfg.exe owner: Wayne domain: Wayne-PC
>>> PID: 4048 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 2820 name: C:\Windows\System32\mobsync.exe owner: Wayne domain: Wayne-PC
>>> PID: 3988 name: C:\Windows\ehome\ehmsas.exe owner: Wayne domain: Wayne-PC
>>> PID: 3832 name: C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe owner: Wayne domain: Wayne-PC
>>> PID: 3972 name: C:\Windows\System32\wbem\unsecapp.exe owner: Wayne domain: Wayne-PC
>>> PID: 2992 name: C:\Users\Wayne\AppData\Local\Temp\RtkBtMnt.exe owner: Wayne domain: Wayne-PC
>>> PID: 1828 name: C:\Program Files (x86)\Mozilla Firefox\firefox.exe owner: Wayne domain: Wayne-PC
>>> PID: 3456 name: C:\Windows\servicing\TrustedInstaller.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 4228 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Wayne domain: Wayne-PC
>>>
>>> Startup items:
>>> Name: eRecoveryService
>>> Name: Acer Product Registration
>>> imagepath: "C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe" /startup
>>> Name: GrooveMonitor
>>> imagepath: "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
>>> Name: NWEReboot
>>> Name: Ad-Watch
>>> imagepath: "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
>>> Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
>>> imagepath: Component Categories cache daemon
>>> Name: WebCheck
>>> imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
>>> Name:
>>> imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
>>> Name:
>>> imagepath: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
>>>
>>> Bootexecute items:
>>> Name:
>>> imagepath: autocheck autochk *
>>> Name:
>>> imagepath: lsdelete
>>>
>>> Running services:
>>> Name: AeLookupSvc
>>> displayname: Application Experience
>>> Name: Apple Mobile Device
>>> displayname: Apple Mobile Device
>>> Name: AudioEndpointBuilder
>>> displayname: Windows Audio Endpoint Builder
>>> Name: AudioSrv
>>> displayname: Windows Audio
>>> Name: BFE
>>> displayname: Base Filtering Engine
>>> Name: BITS
>>> displayname: Background Intelligent Transfer Service
>>> Name: Bonjour Service
>>> displayname: Bonjour Service
>>> Name: Browser
>>> displayname: Computer Browser
>>> Name: BUNAgentSvc
>>> displayname: NTI Backup Now 5 Agent Service
>>> Name: CLHNService
>>> displayname: CLHNService
>>> Name: cmdAgent
>>> displayname: COMODO Internet Security Helper Service
>>> Name: CryptSvc
>>> displayname: Cryptographic Services
>>> Name: DcomLaunch
>>> displayname: DCOM Server Process Launcher
>>> Name: Dhcp
>>> displayname: DHCP Client
>>> Name: Dnscache
>>> displayname: DNS Client
>>> Name: DPS
>>> displayname: Diagnostic Policy Service
>>> Name: EapHost
>>> displayname: Extensible Authentication Protocol
>>> Name: eDataSecurity Service
>>> displayname: eDataSecurity Service
>>> Name: EMDMgmt
>>> displayname: ReadyBoost
>>> Name: ETService
>>> displayname: Empowering Technology Service
>>> Name: Eventlog
>>> displayname: Windows Event Log
>>> Name: EventSystem
>>> displayname: COM+ Event System
>>> Name: fdPHost
>>> displayname: Function Discovery Provider Host
>>> Name: FDResPub
>>> displayname: Function Discovery Resource Publication
>>> Name: gpsvc
>>> displayname: Group Policy Client
>>> Name: hidserv
>>> displayname: Human Interface Device Access
>>> Name: hpqcxs08
>>> displayname: hpqcxs08
>>> Name: hpqddsvc
>>> displayname: HP CUE DeviceDiscovery Service
>>> Name: HPSLPSVC
>>> displayname: HP Network Devices Support
>>> Name: IAANTMON
>>> displayname: IntelĀ® Matrix Storage Event Monitor
>>> Name: IKEEXT
>>> displayname: IKE and AuthIP IPsec Keying Modules
>>> Name: iphlpsvc
>>> displayname: IP Helper
>>> Name: KeyIso
>>> displayname: CNG Key Isolation
>>> Name: KtmRm
>>> displayname: KtmRm for Distributed Transaction Coordinator
>>> Name: LanmanServer
>>> displayname: Server
>>> Name: LanmanWorkstation
>>> displayname: Workstation
>>> Name: Lavasoft Ad-Aware Service
>>> displayname: Lavasoft Ad-Aware Service
>>> Name: LightScribeService
>>> displayname: LightScribeService Direct Disc Labeling Service
>>> Name: lmhosts
>>> displayname: TCP/IP NetBIOS Helper
>>> Name: MMCSS
>>> displayname: Multimedia Class Scheduler
>>> Name: MobilityService
>>> displayname: MobilityService
>>> Name: MpsSvc
>>> displayname: Windows Firewall
>>> Name: Nero BackItUp Scheduler 4.0
>>> displayname: Nero BackItUp Scheduler 4.0
>>> Name: Net Driver HPZ12
>>> displayname: Net Driver HPZ12
>>> Name: Netman
>>> displayname: Network Connections
>>> Name: netprofm
>>> displayname: Network List Service
>>> Name: NlaSvc
>>> displayname: Network Location Awareness
>>> Name: nsi
>>> displayname: Network Store Interface Service
>>> Name: NTIBackupSvc
>>> displayname: NTI Backup Now 5 Backup Service
>>> Name: NTISchedulerSvc
>>> displayname: NTI Backup Now 5 Scheduler Service
>>> Name: PcaSvc
>>> displayname: Program Compatibility Assistant Service
>>> Name: PLFlash DeviceIoControl Service
>>> displayname: PLFlash DeviceIoControl Service
>>> Name: PlugPlay
>>> displayname: Plug and Play
>>> Name: Pml Driver HPZ12
>>> displayname: Pml Driver HPZ12
>>> Name: PolicyAgent
>>> displayname: IPsec Policy Agent
>>> Name: ProfSvc
>>> displayname: User Profile Service
>>> Name: RasMan
>>> displayname: Remote Access Connection Manager
>>> Name: RpcSs
>>> displayname: Remote Procedure Call (RPC)
>>> Name: RS_Service
>>> displayname: Raw Socket Service
>>> Name: SamSs
>>> displayname: Security Accounts Manager
>>> Name: Schedule
>>> displayname: Task Scheduler
>>> Name: SeaPort
>>> displayname: SeaPort
>>> Name: seclogon
>>> displayname: Secondary Logon
>>> Name: SENS
>>> displayname: System Event Notification Service
>>> Name: ShellHWDetection
>>> displayname: Shell Hardware Detection
>>> Name: slsvc
>>> displayname: Software Licensing
>>> Name: Spooler
>>> displayname: Print Spooler
>>> Name: SSDPSRV
>>> displayname: SSDP Discovery
>>> Name: SstpSvc
>>> displayname: Secure Socket Tunneling Protocol Service
>>> Name: stisvc
>>> displayname: Windows Image Acquisition (WIA)
>>> Name: SysMain
>>> displayname: Superfetch
>>> Name: TabletInputService
>>> displayname: Tablet PC Input Service
>>> Name: TapiSrv
>>> displayname: Telephony
>>> Name: TermService
>>> displayname: Terminal Services
>>> Name: Themes
>>> displayname: Themes
>>> Name: TrkWks
>>> displayname: Distributed Link Tracking Client
>>> Name: TrustedInstaller
>>> displayname: Windows Modules Installer
>>> Name: upnphost
>>> displayname: UPnP Device Host
>>> Name: UxSms
>>> displayname: Desktop Window Manager Session Manager
>>> Name: W32Time
>>> displayname: Windows Time
>>> Name: WdiSystemHost
>>> displayname: Diagnostic System Host
>>> Name: WebClient
>>> displayname: WebClient
>>> Name: WerSvc
>>> displayname: Windows Error Reporting Service
>>> Name: WinDefend
>>> displayname: Windows Defender
>>> Name: WinHttpAutoProxySvc
>>> displayname: WinHTTP Web Proxy Auto-Discovery Service
>>> Name: Winmgmt
>>> displayname: Windows Management Instrumentation
>>> Name: Wlansvc
>>> displayname: WLAN AutoConfig
>>> Name: WMPNetworkSvc
>>> displayname: Windows Media Player Network Sharing Service
>>> Name: WPDBusEnum
>>> displayname: Portable Device Enumerator Service
>>> Name: wscsvc
>>> displayname: Security Center
>>> Name: WSearch
>>> displayname: Windows Search
>>> Name: wuauserv
>>> displayname: Windows Update
>>> Name: wudfsvc
>>> displayname: Windows Driver Foundation - User-mode Driver Framework
>>> Name: XAudioService
>>> displayname: XAudioService
I copy and pasted the Ad-Aware log file here and it is much more readable. I am confused as to why the log says it removed 28, but of those 28, 11 could not be cleaned? Not sure what that means. The High Jack This log is in the HJT forum, several views but no replies from anyone with suggestions to repair/remove the garbage that may need to be dealt with.
Also, why does the Ad-Aware scan log show more startup programs then what is listed on the startup tab of msconfig.exe?
Thank you, Wayne
MSG [4116] 2009/04/10 22:38:15: Configure new scan with profile: full
MSG [4116] 2009/04/10 22:38:15: -> scanning critical objects
MSG [4116] 2009/04/10 22:38:15: -> scanning running processes
MSG [4116] 2009/04/10 22:38:15: -> scanning registry
MSG [4116] 2009/04/10 22:38:15: -> scanning lsp
MSG [4116] 2009/04/10 22:38:15: -> scanning ads
MSG [4116] 2009/04/10 22:38:15: -> scanning hosts file
MSG [4116] 2009/04/10 22:38:15: -> scanning mru objects
MSG [4116] 2009/04/10 22:38:15: -> scanning browser hijacks
MSG [4116] 2009/04/10 22:38:15: -> scanning cookies
MSG [4116] 2009/04/10 22:38:15: -> neutralizing rootkits
MSG [4116] 2009/04/10 22:38:15: -> use spyware heuristics
MSG [4116] 2009/04/10 22:38:15: -> scan archives
MSG [4116] 2009/04/10 22:38:15: -> file size limit = 20480 kB (0 = unlimited)
MSG [4116] 2009/04/10 22:38:15: -> scan file/path = C:\
MSG [4116] 2009/04/10 22:38:15: -> scan file/path = D:\
MSG [4616] 2009/04/10 23:28:31: Scan was completed in 3016 seconds
MSG [4616] 2009/04/10 23:28:31: Objects processed: 208045, infections detected: 30
MSG [1284] 2009/04/11 07:21:01: Remediating 30 infections
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *data.coremetrics*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *atdmt*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *coremetrics*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *data.coremetrics*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *live365*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *2o7*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *advertising*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *media.adrevolver*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *adserv*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: *adserve*
MSG [1284] 2009/04/11 07:22:07: Clean failed for: HKU:S-1-5-21-998263982-3075895284-3841329625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced:Hidden
MSG [1284] 2009/04/11 07:22:07: Infections quarantined: 2, removed: 28, repaired: 0
MSG [1284] 2009/04/11 07:22:07: Infections ignored by remediation: 0 (0 whitelisted, 0 skipped).
MSG [4116] 2009/04/11 07:22:07: Dumping scan report:
>>> Logfile created: 4/10/2009 22:38:15
>>> Lavasoft Ad-Aware version: 8.0.3
>>> Extended engine version: 8.1
>>> User performing scan: Wayne
>>>
>>> *********************** Definitions database information ***********************
>>> Lavasoft definition file: 148.8
>>> Extended engine definition file: 8.1
>>>
>>> ******************************** Scan results: *********************************
>>> Scan profile name: Full Scan (ID: full)
>>> Objects scanned: 208045
>>> Objects detected: 30
>>>
>>>
>>> Type Detected
>>> ==========================
>>> Processes.......: 0
>>> Registry entries: 1
>>> Hostfile entries: 0
>>> Files...........: 1
>>> Folders.........: 0
>>> LSPs............: 0
>>> Cookies.........: 28
>>> Browser hijacks.: 0
>>> MRU objects.....: 0
>>>
>>>
>>>
>>> Removed items:
>>> Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
>>> Description: *coremetrics* Family Name: Cookies Clean status: Success Item ID: 409008 Family ID: 0
>>> Description: *data.coremetrics* Family Name: Cookies Clean status: Failed Item ID: 409220 Family ID: 0
>>> Description: *live365* Family Name: Cookies Clean status: Success Item ID: 408844 Family ID: 0
>>> Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
>>> Description: *atdmt* Family Name: Cookies Clean status: Failed Item ID: 408910 Family ID: 0
>>> Description: *coremetrics* Family Name: Cookies Clean status: Failed Item ID: 409008 Family ID: 0
>>> Description: *data.coremetrics* Family Name: Cookies Clean status: Failed Item ID: 409220 Family ID: 0
>>> Description: *live365* Family Name: Cookies Clean status: Failed Item ID: 408844 Family ID: 0
>>> Description: *2o7* Family Name: Cookies Clean status: Failed Item ID: 408943 Family ID: 0
>>> Description: *.lycos* Family Name: Cookies Clean status: Success Item ID: 408930 Family ID: 0
>>> Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
>>> Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0
>>> Description: *advertising* Family Name: Cookies Clean status: Failed Item ID: 409017 Family ID: 0
>>> Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
>>> Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0
>>> Description: *apmebf* Family Name: Cookies Clean status: Success Item ID: 409163 Family ID: 0
>>> Description: *fastclick* Family Name: Cookies Clean status: Success Item ID: 408869 Family ID: 0
>>> Description: *questionmarket* Family Name: Cookies Clean status: Success Item ID: 408819 Family ID: 0
>>> Description: *mediaplex* Family Name: Cookies Clean status: Success Item ID: 408991 Family ID: 0
>>> Description: *bluestreak* Family Name: Cookies Clean status: Success Item ID: 408904 Family ID: 0
>>> Description: *adrevolver* Family Name: Cookies Clean status: Success Item ID: 408932 Family ID: 0
>>> Description: *media.adrevolver* Family Name: Cookies Clean status: Failed Item ID: 409144 Family ID: 0
>>> Description: *specificclick* Family Name: Cookies Clean status: Success Item ID: 408807 Family ID: 0
>>> Description: *adserver* Family Name: Cookies Clean status: Success Item ID: 408737 Family ID: 0
>>> Description: *adserv* Family Name: Cookies Clean status: Failed Item ID: 408921 Family ID: 0
>>> Description: *adtech* Family Name: Cookies Clean status: Success Item ID: 409018 Family ID: 0
>>> Description: *adserve* Family Name: Cookies Clean status: Failed Item ID: 409020 Family ID: 0
>>>
>>> Quarantined items:
>>> Description: C:\Program Files (x86)\Acer GameZone\Backspin Billiards\Backspin.exe Family Name: Win32.TrojanDownloader.Agent Clean status: Success Item ID: 553374 Family ID: 1001
>>> Description: HKU:S-1-5-21-998263982-3075895284-3841329625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced:Hidden Family Name: Win32.TrojanDownloader.Agent Clean status: Failed Item ID: 414374 Family ID: 1001
>>>
>>> Scan and cleaning complete: Finished correctly after 3016 seconds
>>>
>>> *********************************** Settings ***********************************
>>>
>>> Scan profile:
>>> ID: full, enabled:1, value: Full Scan
>>> ID: scancriticalareas, enabled:1, value: true
>>> ID: scanrunningapps, enabled:1, value: true
>>> ID: scanregistry, enabled:1, value: true
>>> ID: scanlsp, enabled:1, value: true
>>> ID: scanads, enabled:1, value: true
>>> ID: scanhostsfile, enabled:1, value: true
>>> ID: scanmru, enabled:1, value: true
>>> ID: scanbrowserhijacks, enabled:1, value: true
>>> ID: scantrackingcookies, enabled:1, value: true
>>> ID: closebrowsers, enabled:1, value: false
>>> ID: folderstoscan, enabled:1, value: C:\,D:\
>>> ID: scanrootkits, enabled:1, value: true
>>> ID: usespywareheuristics, enabled:1, value: true
>>> ID: extendedengine, enabled:0, value: true
>>> ID: useheuristics, enabled:0, value: true
>>> ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>> ID: filescanningoptions, enabled:1
>>> ID: archives, enabled:1, value: true
>>> ID: onlyexecutables, enabled:1, value: false
>>> ID: skiplargerthan, enabled:1, value: 20480
>>>
>>> Scan global:
>>> ID: global, enabled:1
>>> ID: addtocontextmenu, enabled:1, value: true
>>> ID: playsoundoninfection, enabled:1, value: false
>>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
>>>
>>> Scheduled scan settings:
>>> <Empty>
>>>
>>> Update settings:
>>> ID: updates, enabled:1
>>> ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
>>> ID: displaystatus, enabled:1, value: false
>>> ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: autodetectproxy, enabled:1, value: false
>>> ID: useautoconfigscript, enabled:1, value: false
>>> ID: autoconfigurl, enabled:0, value:
>>> ID: useproxy, enabled:1, value: false
>>> ID: proxyserver, enabled:0, value:
>>> ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: schedules, enabled:1, value: true
>>> ID: updatedaily, enabled:1, value: Daily
>>> ID: time, enabled:1, value: Sat Feb 28 06:05:00 2009
>>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: false
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>> ID: updateweekly, enabled:1, value: Weekly
>>> ID: time, enabled:1, value: Sat Feb 28 06:05:00 2009
>>> ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: true
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: true
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>>
>>> Appearance settings:
>>> ID: appearance, enabled:1
>>> ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
>>> ID: showtrayicon, enabled:1, value: true
>>> ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
>>>
>>> Realtime protection settings:
>>> ID: realtime, enabled:1
>>> ID: processprotection, enabled:1, value: true
>>> ID: registryprotection, enabled:0, value: false
>>> ID: networkprotection, enabled:0, value: false
>>> ID: loadatstartup, enabled:1, value: true
>>> ID: usespywareheuristics, enabled:0, value: false
>>> ID: extendedengine, enabled:0, value: false
>>> ID: useheuristics, enabled:0, value: false
>>> ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>> ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
>>>
>>>
>>> ****************************** System information ******************************
>>> Computer name: WAYNE-PC
>>> Processor name: IntelĀ® Core™2 Duo CPU T5800 @ 2.00GHz
>>> Processor identifier: Intel64 Family 6 Model 15 Stepping 13
>>> Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3853, number of processors 2
>>> Physical memory available: 2523926528 bytes
>>> Physical memory total: 4219396096 bytes
>>> Virtual memory available: 2016026624 bytes
>>> Virtual memory total: 2147352576 bytes
>>> Memory load: 40%
>>> Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 1 (build 6001)
>>> Windows startup mode:
>>>
>>> Running processes:
>>> PID: 528 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 608 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 644 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 664 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 700 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 712 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 720 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 808 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 896 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 960 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 296 name: C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 448 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 444 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 612 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 888 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 988 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1196 name: C:\Windows\System32\SLsvc.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 1248 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 1636 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1776 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1860 name: C:\Windows\System32\taskeng.exe owner: Wayne domain: Wayne-PC
>>> PID: 1872 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 1880 name: C:\Windows\System32\dwm.exe owner: Wayne domain: Wayne-PC
>>> PID: 1924 name: C:\Windows\explorer.exe owner: Wayne domain: Wayne-PC
>>> PID: 1588 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1912 name: C:\Program Files (x86)\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1888 name: C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2000 name: C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1720 name: C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2116 name: C:\Program Files\Acer\Empowering Technology\Service\ETService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2184 name: C:\Windows\SysWOW64\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2224 name: C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2288 name: C:\ACER\Mobility Center\MobilityService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2340 name: C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2420 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 2440 name: C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2464 name: C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2560 name: C:\Program Files (x86)\Nero\Nero BackItUp 4\IoctlSvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2576 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 2588 name: C:\Windows\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 2620 name: C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2636 name: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2676 name: C:\Windows\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 2736 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2768 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2800 name: C:\Windows\System32\drivers\XAudio64.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2836 name: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 156 name: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe owner: Wayne domain: Wayne-PC
>>> PID: 2508 name: C:\Windows\System32\hkcmd.exe owner: Wayne domain: Wayne-PC
>>> PID: 2728 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1288 name: C:\Windows\System32\igfxpers.exe owner: Wayne domain: Wayne-PC
>>> PID: 1204 name: C:\Program Files\COMODO\SafeSurf\cssurf.exe owner: Wayne domain: Wayne-PC
>>> PID: 2784 name: C:\Windows\RAVCpl64.exe owner: Wayne domain: Wayne-PC
>>> PID: 2880 name: C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe owner: Wayne domain: Wayne-PC
>>> PID: 3020 name: C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSLoader.exe owner: Wayne domain: Wayne-PC
>>> PID: 3004 name: C:\Program Files\COMODO\COMODO Internet Security\cfp.exe owner: Wayne domain: Wayne-PC
>>> PID: 3080 name: C:\Windows\ehome\ehtray.exe owner: Wayne domain: Wayne-PC
>>> PID: 3124 name: C:\Windows\System32\igfxsrvc.exe owner: Wayne domain: Wayne-PC
>>> PID: 3176 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: Wayne domain: Wayne-PC
>>> PID: 3480 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 3552 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 3724 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 3752 name: C:\Program Files\Windows Media Player\wmpnscfg.exe owner: Wayne domain: Wayne-PC
>>> PID: 4048 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 2820 name: C:\Windows\System32\mobsync.exe owner: Wayne domain: Wayne-PC
>>> PID: 3988 name: C:\Windows\ehome\ehmsas.exe owner: Wayne domain: Wayne-PC
>>> PID: 3832 name: C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe owner: Wayne domain: Wayne-PC
>>> PID: 3972 name: C:\Windows\System32\wbem\unsecapp.exe owner: Wayne domain: Wayne-PC
>>> PID: 2992 name: C:\Users\Wayne\AppData\Local\Temp\RtkBtMnt.exe owner: Wayne domain: Wayne-PC
>>> PID: 1828 name: C:\Program Files (x86)\Mozilla Firefox\firefox.exe owner: Wayne domain: Wayne-PC
>>> PID: 3456 name: C:\Windows\servicing\TrustedInstaller.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 4228 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Wayne domain: Wayne-PC
>>>
>>> Startup items:
>>> Name: eRecoveryService
>>> Name: Acer Product Registration
>>> imagepath: "C:\Program Files (x86)\Acer\Acer Registration\ACE1.exe" /startup
>>> Name: GrooveMonitor
>>> imagepath: "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
>>> Name: NWEReboot
>>> Name: Ad-Watch
>>> imagepath: "C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
>>> Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
>>> imagepath: Component Categories cache daemon
>>> Name: WebCheck
>>> imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
>>> Name:
>>> imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
>>> Name:
>>> imagepath: C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
>>>
>>> Bootexecute items:
>>> Name:
>>> imagepath: autocheck autochk *
>>> Name:
>>> imagepath: lsdelete
>>>
>>> Running services:
>>> Name: AeLookupSvc
>>> displayname: Application Experience
>>> Name: Apple Mobile Device
>>> displayname: Apple Mobile Device
>>> Name: AudioEndpointBuilder
>>> displayname: Windows Audio Endpoint Builder
>>> Name: AudioSrv
>>> displayname: Windows Audio
>>> Name: BFE
>>> displayname: Base Filtering Engine
>>> Name: BITS
>>> displayname: Background Intelligent Transfer Service
>>> Name: Bonjour Service
>>> displayname: Bonjour Service
>>> Name: Browser
>>> displayname: Computer Browser
>>> Name: BUNAgentSvc
>>> displayname: NTI Backup Now 5 Agent Service
>>> Name: CLHNService
>>> displayname: CLHNService
>>> Name: cmdAgent
>>> displayname: COMODO Internet Security Helper Service
>>> Name: CryptSvc
>>> displayname: Cryptographic Services
>>> Name: DcomLaunch
>>> displayname: DCOM Server Process Launcher
>>> Name: Dhcp
>>> displayname: DHCP Client
>>> Name: Dnscache
>>> displayname: DNS Client
>>> Name: DPS
>>> displayname: Diagnostic Policy Service
>>> Name: EapHost
>>> displayname: Extensible Authentication Protocol
>>> Name: eDataSecurity Service
>>> displayname: eDataSecurity Service
>>> Name: EMDMgmt
>>> displayname: ReadyBoost
>>> Name: ETService
>>> displayname: Empowering Technology Service
>>> Name: Eventlog
>>> displayname: Windows Event Log
>>> Name: EventSystem
>>> displayname: COM+ Event System
>>> Name: fdPHost
>>> displayname: Function Discovery Provider Host
>>> Name: FDResPub
>>> displayname: Function Discovery Resource Publication
>>> Name: gpsvc
>>> displayname: Group Policy Client
>>> Name: hidserv
>>> displayname: Human Interface Device Access
>>> Name: hpqcxs08
>>> displayname: hpqcxs08
>>> Name: hpqddsvc
>>> displayname: HP CUE DeviceDiscovery Service
>>> Name: HPSLPSVC
>>> displayname: HP Network Devices Support
>>> Name: IAANTMON
>>> displayname: IntelĀ® Matrix Storage Event Monitor
>>> Name: IKEEXT
>>> displayname: IKE and AuthIP IPsec Keying Modules
>>> Name: iphlpsvc
>>> displayname: IP Helper
>>> Name: KeyIso
>>> displayname: CNG Key Isolation
>>> Name: KtmRm
>>> displayname: KtmRm for Distributed Transaction Coordinator
>>> Name: LanmanServer
>>> displayname: Server
>>> Name: LanmanWorkstation
>>> displayname: Workstation
>>> Name: Lavasoft Ad-Aware Service
>>> displayname: Lavasoft Ad-Aware Service
>>> Name: LightScribeService
>>> displayname: LightScribeService Direct Disc Labeling Service
>>> Name: lmhosts
>>> displayname: TCP/IP NetBIOS Helper
>>> Name: MMCSS
>>> displayname: Multimedia Class Scheduler
>>> Name: MobilityService
>>> displayname: MobilityService
>>> Name: MpsSvc
>>> displayname: Windows Firewall
>>> Name: Nero BackItUp Scheduler 4.0
>>> displayname: Nero BackItUp Scheduler 4.0
>>> Name: Net Driver HPZ12
>>> displayname: Net Driver HPZ12
>>> Name: Netman
>>> displayname: Network Connections
>>> Name: netprofm
>>> displayname: Network List Service
>>> Name: NlaSvc
>>> displayname: Network Location Awareness
>>> Name: nsi
>>> displayname: Network Store Interface Service
>>> Name: NTIBackupSvc
>>> displayname: NTI Backup Now 5 Backup Service
>>> Name: NTISchedulerSvc
>>> displayname: NTI Backup Now 5 Scheduler Service
>>> Name: PcaSvc
>>> displayname: Program Compatibility Assistant Service
>>> Name: PLFlash DeviceIoControl Service
>>> displayname: PLFlash DeviceIoControl Service
>>> Name: PlugPlay
>>> displayname: Plug and Play
>>> Name: Pml Driver HPZ12
>>> displayname: Pml Driver HPZ12
>>> Name: PolicyAgent
>>> displayname: IPsec Policy Agent
>>> Name: ProfSvc
>>> displayname: User Profile Service
>>> Name: RasMan
>>> displayname: Remote Access Connection Manager
>>> Name: RpcSs
>>> displayname: Remote Procedure Call (RPC)
>>> Name: RS_Service
>>> displayname: Raw Socket Service
>>> Name: SamSs
>>> displayname: Security Accounts Manager
>>> Name: Schedule
>>> displayname: Task Scheduler
>>> Name: SeaPort
>>> displayname: SeaPort
>>> Name: seclogon
>>> displayname: Secondary Logon
>>> Name: SENS
>>> displayname: System Event Notification Service
>>> Name: ShellHWDetection
>>> displayname: Shell Hardware Detection
>>> Name: slsvc
>>> displayname: Software Licensing
>>> Name: Spooler
>>> displayname: Print Spooler
>>> Name: SSDPSRV
>>> displayname: SSDP Discovery
>>> Name: SstpSvc
>>> displayname: Secure Socket Tunneling Protocol Service
>>> Name: stisvc
>>> displayname: Windows Image Acquisition (WIA)
>>> Name: SysMain
>>> displayname: Superfetch
>>> Name: TabletInputService
>>> displayname: Tablet PC Input Service
>>> Name: TapiSrv
>>> displayname: Telephony
>>> Name: TermService
>>> displayname: Terminal Services
>>> Name: Themes
>>> displayname: Themes
>>> Name: TrkWks
>>> displayname: Distributed Link Tracking Client
>>> Name: TrustedInstaller
>>> displayname: Windows Modules Installer
>>> Name: upnphost
>>> displayname: UPnP Device Host
>>> Name: UxSms
>>> displayname: Desktop Window Manager Session Manager
>>> Name: W32Time
>>> displayname: Windows Time
>>> Name: WdiSystemHost
>>> displayname: Diagnostic System Host
>>> Name: WebClient
>>> displayname: WebClient
>>> Name: WerSvc
>>> displayname: Windows Error Reporting Service
>>> Name: WinDefend
>>> displayname: Windows Defender
>>> Name: WinHttpAutoProxySvc
>>> displayname: WinHTTP Web Proxy Auto-Discovery Service
>>> Name: Winmgmt
>>> displayname: Windows Management Instrumentation
>>> Name: Wlansvc
>>> displayname: WLAN AutoConfig
>>> Name: WMPNetworkSvc
>>> displayname: Windows Media Player Network Sharing Service
>>> Name: WPDBusEnum
>>> displayname: Portable Device Enumerator Service
>>> Name: wscsvc
>>> displayname: Security Center
>>> Name: WSearch
>>> displayname: Windows Search
>>> Name: wuauserv
>>> displayname: Windows Update
>>> Name: wudfsvc
>>> displayname: Windows Driver Foundation - User-mode Driver Framework
>>> Name: XAudioService
>>> displayname: XAudioService
Hi,
I think this is a false positive:
so I would like you to start a new topic in the flase positives forum to get this verified and removed from the detection database if that's ok? Please read this and then post in that forum.
With this, I'm not sure:
So I will try and get some information on that.
The other items which haven't been removed are cookies. So please ensure that you have your browser closed when you run the scan and attempt to remove the cookies.
Casey
I think this is a false positive:
CODE
C:\Program Files (x86)\Acer GameZone\Backspin Billiards\Backspin.exe
so I would like you to start a new topic in the flase positives forum to get this verified and removed from the detection database if that's ok? Please read this and then post in that forum.
With this, I'm not sure:
CODE
Description: HKU:S-1-5-21-998263982-3075895284-3841329625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced:Hidden Family Name: Win32.TrojanDownloader.Agent
So I will try and get some information on that.
The other items which haven't been removed are cookies. So please ensure that you have your browser closed when you run the scan and attempt to remove the cookies.
Casey
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.