Help - Search - Members - Calendar
Full Version: Win32Ba\.\Hupigon False positive?
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive False Postive Issues
nking69
Jul 4 2009, 12:26 PM
Since moving up from 8 to AE this file has cropped up on every scan, even after following recommended action. AVG reports nothing. I think it may be a false positive but I am loathe to do anything secure on my system until it is confirmed.

Moderator note: Adding text from log posted for easier review
Logfile created: 04/07/2009 12:3:33
Lavasoft Ad-Aware version: 8.0.7
Extended engine version: 8.1
User performing scan: Neil **Obscured to protect your privacy

*********************** Definitions database information ***********************
Lavasoft definition file: 148.65
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 74917
Objects detected: 31


Type Detected
==========================
Processes.......: 1
Registry entries: 0
Hostfile entries: 0
Files...........: 4
Folders.........: 0
LSPs............: 0
Cookies.........: 26
Browser hijacks.: 0
MRU objects.....: 0



Removed items:
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0
Description: *247realmedia* Family Name: Cookies Clean status: Success Item ID: 408945 Family ID: 0
Description: *realmedia* Family Name: Cookies Clean status: Success Item ID: 409139 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Clean status: Success Item ID: 409172 Family ID: 0
Description: *adbrite* Family Name: Cookies Clean status: Success Item ID: 409218 Family ID: 0
Description: *adrevolver* Family Name: Cookies Clean status: Success Item ID: 408932 Family ID: 0
Description: *advertis* Family Name: Cookies Clean status: Success Item ID: 408918 Family ID: 0
Description: *advertising* Family Name: Cookies Clean status: Success Item ID: 409017 Family ID: 0
Description: *adviva* Family Name: Cookies Clean status: Success Item ID: 409016 Family ID: 0
Description: *apmebf* Family Name: Cookies Clean status: Success Item ID: 409163 Family ID: 0
Description: *atdmt* Family Name: Cookies Clean status: Success Item ID: 408910 Family ID: 0
Description: *bs.serving-sys* Family Name: Cookies Clean status: Success Item ID: 408902 Family ID: 0
Description: *serving-sys* Family Name: Cookies Clean status: Success Item ID: 409130 Family ID: 0
Description: *casalemedia* Family Name: Cookies Clean status: Success Item ID: 409152 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *fastclick* Family Name: Cookies Clean status: Success Item ID: 408869 Family ID: 0
Description: *media.adrevolver* Family Name: Cookies Clean status: Success Item ID: 409144 Family ID: 0
Description: *mediaplex* Family Name: Cookies Clean status: Success Item ID: 408991 Family ID: 0
Description: *questionmarket* Family Name: Cookies Clean status: Success Item ID: 408819 Family ID: 0
Description: *wunderloop* Family Name: Cookies Clean status: Success Item ID: 599639 Family ID: 0
Description: *searchportal.information* Family Name: Cookies Clean status: Success Item ID: 409134 Family ID: 0
Description: *specificclick* Family Name: Cookies Clean status: Success Item ID: 408807 Family ID: 0
Description: *trafficmp* Family Name: Cookies Clean status: Success Item ID: 408787 Family ID: 0
Description: *tribalfusion* Family Name: Cookies Clean status: Success Item ID: 408785 Family ID: 0
Description: zedo* Family Name: Cookies Clean status: Success Item ID: 408736 Family ID: 0

Quarantined items:
Description: C:\Program Files\Common Files\Microsoft Shared\MSInfo\Svchost.ra Family Name: Win32.Backdoor.Hupigon Clean status: Success Item ID: 152232 Family ID: 810
Description: C:\WINDOWS\system32\_Svchost.ra Family Name: Win32.Backdoor.Hupigon Clean status: Success Item ID: 152232 Family ID: 810
Description: C:\Program Files\Common Files\Microsoft Shared\MSINFO\Svchost.ra Family Name: Win32.Backdoor.Hupigon Clean status: Success Item ID: 152232 Family ID: 810
Description: print sppolers Family Name: Win32.Backdoor.Hupigon Clean status: Success Item ID: 810 Family ID: 810
Description: c:\autorun.inf Family Name: Win32.Backdoor.Hupigon Clean status: Success Item ID: 65306 Family ID: 810

Scan and cleaning complete: Finished correctly after 445 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value:
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: scanrootkits, enabled:1, value: true
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Mon Jun 29 21:49:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Mon Jun 29 21:49:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: false
ID: networkprotection, enabled:0, value: false
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: false
ID: useheuristics, enabled:0, value: false
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant


****************************** System information ******************************
Computer name: HC01
Processor name: AMD Athlon™ 64 Processor 3700+
Processor identifier: x86 Family 15 Model 4 Stepping 10
Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1034, number of processors 1
Physical memory available: 941154304 bytes
Physical memory total: 2078720000 bytes
Virtual memory available: 1933914112 bytes
Virtual memory total: 2147352576 bytes
Memory load: 54%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 660 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 752 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 776 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 820 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 840 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 996 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1068 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1164 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1196 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1348 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1544 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1764 name: C:\WINDOWS\Explorer.EXE owner: Neil King domain: HC01
PID: 1872 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 512 name: C:\WINDOWS\htpatch.exe owner: Neil King domain: HC01
PID: 416 name: C:\WINDOWS\system32\Rundll32.exe owner: Neil King domain: HC01
PID: 676 name: E:\Creative\SBAudigy\Surround Mixer\CTSysVol.exe owner: Neil King domain: HC01
PID: 724 name: E:\CyberLink\PowerDVD\PDVDServ.exe owner: Neil King domain: HC01
PID: 844 name: C:\Program Files\QuickTime\QTTask.exe owner: Neil King domain: HC01
PID: 888 name: E:\AVG\AVG8\avgtray.exe owner: Neil King domain: HC01
PID: 1128 name: C:\WINDOWS\system32\rundll32.exe owner: Neil King domain: HC01
PID: 1156 name: C:\WINDOWS\system32\RUNDLL32.EXE owner: Neil King domain: HC01
PID: 1356 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1364 name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe owner: Neil King domain: HC01
PID: 1392 name: E:\Zone Labs\ZoneAlarm\zlclient.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 1452 name: C:\Program Files\Office Keyboard Driver\PS2USBKbdDrv.exe owner: Neil King domain: HC01
PID: 1480 name: C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1508 name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1516 name: E:\SPAMfighter\SFAgent.exe owner: Neil King domain: HC01
PID: 1532 name: C:\Program Files\AskBarDis\bar\bin\AskService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1296 name: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe owner: Neil King domain: HC01
PID: 1564 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Neil King domain: HC01
PID: 1628 name: E:\Creative\MediaSource\Detector\CTDetect.exe owner: Neil King domain: HC01
PID: 1656 name: C:\WINDOWS\system32\ctfmon.exe owner: Neil King domain: HC01
PID: 1692 name: C:\Program Files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1752 name: C:\Program Files\Windows Desktop Search\WindowsSearch.exe owner: Neil King domain: HC01
PID: 280 name: C:\Program Files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe owner: SYSTEM domain: NT AUTHORITY
PID: 380 name: E:\AVG\AVG8\avgwdsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 344 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1336 name: E:\AVG\AVG8\avgrsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1372 name: E:\AVG\AVG8\avgnsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2140 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 2284 name: C:\WINDOWS\system32\cisvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2296 name: C:\WINDOWS\system32\CTsvcCDA.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 2316 name: C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 2456 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2528 name: C:\Program Files\Kodak\AiO\center\KodakSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2588 name: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2680 name: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2760 name: C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2828 name: C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2908 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3056 name: C:\WINDOWS\system32\calc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3064 name: C:\program files\internet explorer\IEXPLORE.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 3140 name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3184 name: E:\SPAMfighter\sfus.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3260 name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 3304 name: C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3328 name: C:\program files\internet explorer\IEXPLORE.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 3356 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3476 name: C:\WINDOWS\system32\ZoneLabs\vsmon.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 3856 name: C:\WINDOWS\system32\DRIVERS\WtSrv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3968 name: C:\WINDOWS\system32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4068 name: C:\Program Files\Kodak\AiO\Center\EKDiscovery.exe owner: SYSTEM domain: NT AUTHORITY
PID: 492 name: C:\WINDOWS\system32\Tablet.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2928 name: C:\WINDOWS\system32\WTablet\TabUserW.exe owner: Neil King domain: HC01
PID: 2972 name: C:\WINDOWS\system32\Tablet.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3696 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4204 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 4776 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Neil King domain: HC01
PID: 3052 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Neil King domain: HC01
PID: 5324 name: C:\WINDOWS\system32\cidaemon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5656 name: C:\WINDOWS\system32\cidaemon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 528 name: C:\Program Files\Internet Explorer\iexplore.exe owner: Neil King domain: HC01
PID: 5708 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4332 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4320 name: E:\MICROS~1\Office12\OUTLOOK.EXE owner: Neil King domain: HC01
PID: 1604 name: E:\AVG\AVG8\avgcsrvx.exe owner: Neil King domain: HC01
PID: 1064 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Neil King domain: HC01
PID: 5140 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Neil King domain: HC01

Startup items:
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: CTFMON.EXE
imagepath: C:\WINDOWS\system32\CTFMON.EXE
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: {553858A7-4922-4e7e-B1C1-97140C1C16EF}
imagepath: IE Component Categories cache daemon
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
imagepath: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
imagepath: C:\Program Files\Windows Desktop Search\WindowsSearch.exe

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: ACDaemon
displayname: ArcSoft Connect Daemon
Name: ALG
displayname: Application Layer Gateway Service
Name: ASKService
displayname: ASKService
Name: AudioSrv
displayname: Windows Audio
Name: Autodesk Data Management Job Dispatch
displayname: Autodesk Data Management Job Dispatch
Name: Autodesk EDM Server
displayname: Autodesk EDM Server
Name: avg8wd
displayname: AVG8 WatchDog
Name: BITS
displayname: Background Intelligent Transfer Service
Name: Bonjour Service
displayname: Bonjour Service
Name: Browser
displayname: Computer Browser
Name: BthServ
displayname: Bluetooth Support Service
Name: CiSvc
displayname: Indexing Service
Name: Creative Service for CDROM Access
displayname: Creative Service for CDROM Access
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: EPSON_PM_RPCV4_01
displayname: EPSON V3 Service4(01)
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: helpsvc
displayname: Help and Support
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: Kodak AiO Network Discovery Service
displayname: Kodak AiO Network Discovery Service
Name: KodakSvc
displayname: Kodak AiO Device Service
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: MDM
displayname: Machine Debug Manager
Name: MSSQL$AUTODESKVAULT
displayname: SQL Server (AUTODESKVAULT)
Name: MSSQL$INVENTORCONTENT
displayname: MSSQL$INVENTORCONTENT
Name: MSSQL$PINNACLESYS
displayname: MSSQL$PINNACLESYS
Name: Netman
displayname: Network Connections
Name: nhksrv
displayname: Netropa NHK Server
Name: Nla
displayname: Network Location Awareness (NLA)
Name: NVSvc
displayname: NVIDIA Display Driver Service
Name: NwSapAgent
displayname: SAP Agent
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: SeaPort
displayname: SeaPort
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: SPAMfighter Update Service
displayname: SPAMfighter Update Service
Name: Spooler
displayname: Print Spooler
Name: SQLBrowser
displayname: SQL Server Browser
Name: SQLWriter
displayname: SQL Server VSS Writer
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: TabletService
displayname: TabletService
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: vsmon
displayname: TrueVector Internet Monitor
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: WinTabService
displayname: WinTab Service
Name: wscsvc
displayname: Security Center
Name: WSearch
displayname: Windows Search
Name: wuauserv
displayname: Automatic Updates
Name: WudfSvc
displayname: Windows Driver Foundation - User-mode Driver Framework
Name: WZCSVC
displayname: Wireless Zero Configuration

LS CalamityJane
Jul 4 2009, 01:13 PM
Thanks for posting the log! This may not be a false detection, however, Our Malware Labs team would also like to examine those quarantined files to determine their nature. Could you follow the direction here to attach the Quarantined files (in a zip file) to your thread here so they can take a look at them for you.
Guide for posting false positives
http://www.lavasoftsupport.com/index.php?showtopic=18033
nking69
Jul 4 2009, 03:54 PM
QUOTE(LS CalamityJane @ Jul 4 2009, 01:13 PM) *
Guide for posting false positives
http://www.lavasoftsupport.com/index.php?showtopic=18033

Doesn't help sorry, can't find any of the files using windows search and can't find quarantined files using the file paths provided in the above post. huh.gif
LS CalamityJane
Jul 5 2009, 12:57 AM
Ok, I think those files are in the Ad-Aware quarantine. Try this please.

Navigate to this directory:
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware

Look for a folder named: Quarantine
Right click on the folder and select “Send To” and “Compressed (zipped) Folder.” This will create a new compressed folder with the same name as the file, except with the extension .zip. (i.e.: Quarantine.zip that will be located in that same directory now: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware)

Attach the zip file that you created (quarantine.zip) to a reply here
nking69
Jul 5 2009, 12:07 PM
QUOTE(LS CalamityJane @ Jul 5 2009, 12:57 AM) *
Ok, I think those files are in the Ad-Aware quarantine. Try this please.

Navigate to this directory:
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware

Look for a folder named: Quarantine
Right click on the folder and select “Send To” and “Compressed (zipped) Folder.” This will create a new compressed folder with the same name as the file, except with the extension .zip. (i.e.: Quarantine.zip that will be located in that same directory now: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware)

Attach the zip file that you created (quarantine.zip) to a reply here


Hi,
Sorry about that I still couldn't find the path, until I turned hidden files on rolleyes.gif

Find attached zipped copy of quarantined files.

Regards,

Neil

Moderator note: Removed attachment - no longer needed
LS Anders
Jul 6 2009, 09:35 AM
Hello nking69

This is NOT a False Positive. Please post on the help forum for more help removing this infection. http://www.lavasoftsupport.com/index.php?showforum=61

Regards
LS Anders
nking69
Jul 6 2009, 06:31 PM
QUOTE(LS Anders @ Jul 6 2009, 09:35 AM) *
Hello nking69

This is NOT a False Positive. Please post on the help forum for more help removing this infection. http://www.lavasoftsupport.com/index.php?showforum=61

Regards
LS Anders

Thanks for your help, have now posted in the general support forum (from your link).

Regards,
Nking69
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.