I was installing software from a reputable internet marketing organisation when I got notification via AdWatch on AE Free that a malicious object had been detected and a scan would run in the background. the object was Win32TrojanMirc and was eventually quarantined and nothing done.
I really don't know whether this is a trojan or a false positive. My log file is below. My OS is WinXP Pro Sp3
Thank you
Joe
MSG [1336] 2009/08/13 15:12:15: Configure new scan with profile: smart
MSG [1336] 2009/08/13 15:12:15: -> scanning critical objects
MSG [1336] 2009/08/13 15:12:15: -> scanning running processes
MSG [1336] 2009/08/13 15:12:15: -> scanning registry
MSG [1336] 2009/08/13 15:12:15: -> scanning lsp
MSG [1336] 2009/08/13 15:12:15: -> scanning browser hijacks
MSG [1336] 2009/08/13 15:12:15: -> scanning cookies
MSG [1336] 2009/08/13 15:12:15: -> neutralizing rootkits
MSG [1336] 2009/08/13 15:12:15: -> use spyware heuristics
MSG [1336] 2009/08/13 15:12:15: -> scan only executables
MSG [1336] 2009/08/13 15:12:15: -> file size limit = 20480 kB (0 = unlimited)
ERR [1336] 2009/08/13 15:14:20: SDKController::GetQuarantineList -> Not in idle state
ERR [1336] 2009/08/13 15:14:20: SDKController::GetWhiteList -> Not in idle state
ERR [1336] 2009/08/13 15:14:21: SDKController::GetDefinitonsFileVersion -> Not in idle state
ERR [1336] 2009/08/13 15:14:21: SDKController::GetLatestSuccessfulScanReport -> Not in idle state
MSG [0168] 2009/08/13 15:15:17: Scan was completed in 182 seconds
MSG [0168] 2009/08/13 15:15:17: Objects processed: 13962, infections detected: 4
MSG [0364] 2009/08/13 15:17:46: Remediating 4 infections
MSG [0364] 2009/08/13 15:17:47: Infections quarantined: 1, removed: 3, repaired: 0
MSG [0364] 2009/08/13 15:17:47: Infections ignored by remediation: 0 (0 whitelisted, 0 skipped).
MSG [1336] 2009/08/13 15:17:47: Dumping scan report:
>>> Logfile created: 13/8/2552 15:12:15
>>> Lavasoft Ad-Aware version: 8.0.7
>>> Extended engine version: 8.1
>>> User performing scan: UserA
>>>
>>> *********************** Definitions database information ***********************
>>> Lavasoft definition file: 149.25
>>> Extended engine definition file: 8.1
>>>
>>> ******************************** Scan results: *********************************
>>> Scan profile name: Smart Scan (ID: smart)
>>> Objects scanned: 13962
>>> Objects detected: 4
>>>
>>>
>>> Type Detected
>>> ==========================
>>> Processes.......: 1
>>> Registry entries: 0
>>> Hostfile entries: 0
>>> Files...........: 0
>>> Folders.........: 0
>>> LSPs............: 0
>>> Cookies.........: 3
>>> Browser hijacks.: 0
>>> MRU objects.....: 0
>>>
>>>
>>>
>>> Removed items:
>>> Description: *kontera* Family Name: Cookies Clean status: Success Item ID: 409363 Family ID: 0
>>> Description: *adbureau* Family Name: Cookies Clean status: Success Item ID: 409027 Family ID: 0
>>> Description: *gator* Family Name: Cookies Clean status: Success Item ID: 408861 Family ID: 0
>>>
>>> Quarantined items:
>>> Description: c:\documents and settings\usera\desktop\folders june 09\utilities\content composer\ccinst4006.exe Family Name: Win32.Trojan.Mirc Clean status: Success Item ID: 75432 Family ID: 971
>>>
>>> Scan and cleaning complete: Finished correctly after 182 seconds
>>>
>>> *********************************** Settings ***********************************
>>>
>>> Scan profile:
>>> ID: smart, enabled:1, value: Smart Scan
>>> ID: scancriticalareas, enabled:1, value: true
>>> ID: scanrunningapps, enabled:1, value: true
>>> ID: scanregistry, enabled:1, value: true
>>> ID: scanlsp, enabled:1, value: true
>>> ID: scanads, enabled:1, value: false
>>> ID: scanhostsfile, enabled:1, value: false
>>> ID: scanmru, enabled:1, value: false
>>> ID: scanbrowserhijacks, enabled:1, value: true
>>> ID: scantrackingcookies, enabled:1, value: true
>>> ID: closebrowsers, enabled:1, value: false
>>> ID: folderstoscan, enabled:1, value:
>>> ID: usespywareheuristics, enabled:1, value: true
>>> ID: extendedengine, enabled:0, value: true
>>> ID: useheuristics, enabled:0, value: true
>>> ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>> ID: filescanningoptions, enabled:1
>>> ID: scanrootkits, enabled:1, value: true
>>> ID: archives, enabled:1, value: false
>>> ID: onlyexecutables, enabled:1, value: true
>>> ID: skiplargerthan, enabled:1, value: 20480
>>>
>>> Scan global:
>>> ID: global, enabled:1
>>> ID: addtocontextmenu, enabled:1, value: true
>>> ID: playsoundoninfection, enabled:1, value: false
>>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
>>>
>>> Scheduled scan settings:
>>> <Empty>
>>>
>>> Update settings:
>>> ID: updates, enabled:1
>>> ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
>>> ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: schedules, enabled:1, value: true
>>> ID: updatedaily, enabled:1, value: Daily
>>> ID: time, enabled:1, value: Tue May 05 20:03:00 2009
>>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: false
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>> ID: updateweekly, enabled:1, value: Weekly
>>> ID: time, enabled:1, value: Tue May 05 20:03:00 2009
>>> ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: true
>>> ID: tuesday, enabled:1, value: true
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>>
>>> Appearance settings:
>>> ID: appearance, enabled:1
>>> ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
>>> ID: showtrayicon, enabled:1, value: false
>>> ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
>>>
>>> Realtime protection settings:
>>> ID: realtime, enabled:1
>>> ID: processprotection, enabled:1, value: true
>>> ID: registryprotection, enabled:0, value: false
>>> ID: networkprotection, enabled:0, value: false
>>> ID: usespywareheuristics, enabled:0, value: true
>>> ID: extendedengine, enabled:0, value: false
>>> ID: useheuristics, enabled:0, value: false
>>> ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>> ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
>>>
>>>
>>> ****************************** System information ******************************
>>> Computer name: HOME-380C981631
>>> Processor name: Intel® Pentium® Dual CPU E2200 @ 2.20GHz
>>> Processor identifier: x86 Family 6 Model 15 Stepping 13
>>> Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3853, number of processors 2
>>> Physical memory available: 1494663168 bytes
>>> Physical memory total: 2144161792 bytes
>>> Virtual memory available: 2038616064 bytes
>>> Virtual memory total: 2147352576 bytes
>>> Memory load: 30%
>>> Microsoft Windows XP Professional Service Pack 3 (build 2600)
>>> Windows startup mode:
>>>
>>> Running processes:
>>> PID: 876 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 932 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 956 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1000 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1012 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1204 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1272 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 1416 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1572 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 1720 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 1764 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1912 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2004 name: C:\Program Files\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 332 name: C:\WINDOWS\Explorer.EXE owner: UserA domain: HOME-380C981631
>>> PID: 592 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 640 name: C:\Program Files\Unlocker\UnlockerAssistant.exe owner: UserA domain: HOME-380C981631
>>> PID: 648 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: UserA domain: HOME-380C981631
>>> PID: 680 name: C:\WINDOWS\RTHDCPL.EXE owner: UserA domain: HOME-380C981631
>>> PID: 688 name: C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe owner: UserA domain: HOME-380C981631
>>> PID: 760 name: C:\WINDOWS\system32\RUNDLL32.EXE owner: UserA domain: HOME-380C981631
>>> PID: 1324 name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe owner: UserA domain: HOME-380C981631
>>> PID: 1340 name: C:\Program Files\Spyware Doctor\pctsTray.exe owner: UserA domain: HOME-380C981631
>>> PID: 1476 name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe owner: UserA domain: HOME-380C981631
>>> PID: 1488 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: UserA domain: HOME-380C981631
>>> PID: 1508 name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe owner: UserA domain: HOME-380C981631
>>> PID: 1532 name: C:\WINDOWS\system32\ctfmon.exe owner: UserA domain: HOME-380C981631
>>> PID: 1856 name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1888 name: C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 224 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 300 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 532 name: C:\Program Files\Spyware Doctor\pctsAuxs.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 924 name: C:\Program Files\Spyware Doctor\pctsSvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2184 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 3184 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 3240 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 3376 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 3612 name: C:\WINDOWS\system32\wuauclt.exe owner: UserA domain: HOME-380C981631
>>> PID: 620 name: C:\Program Files\YCIII\YankClip.exe owner: UserA domain: HOME-380C981631
>>> PID: 188 name: C:\PROGRA~1\FREEDO~1\fdm.exe owner: UserA domain: HOME-380C981631
>>> PID: 2496 name: C:\Program Files\Copernic Desktop Search - Home\DesktopSearch.exe owner: UserA domain: HOME-380C981631
>>> PID: 3688 name: C:\PROGRA~1\COPERN~1\DESKTO~3.EXE owner: UserA domain: HOME-380C981631
>>> PID: 3048 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2284 name: C:\Documents and Settings\UserA\Desktop\Folders June 09\UTILITIES\Content Composer\ccinst4006.exe owner: UserA domain: HOME-380C981631
>>> PID: 672 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe owner: UserA domain: HOME-380C981631
>>>
>>> Startup items:
>>> Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
>>> imagepath: Browseui preloader
>>> Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
>>> imagepath: Component Categories cache daemon
>>> Name: WPDShServiceObj
>>> imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
>>> Name: PostBootReminder
>>> imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
>>> Name: CDBurn
>>> imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
>>> Name: WebCheck
>>> imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
>>> Name: SysTray
>>> imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
>>> Name:
>>> imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
>>>
>>> Bootexecute items:
>>> Name:
>>> imagepath: autocheck autochk *
>>> Name:
>>> imagepath: autocheck lsdelete
>>> Name:
>>> imagepath: autocheck lsdelete
>>> Name:
>>> imagepath: autocheck lsdelete
>>> Name:
>>> imagepath: autocheck lsdelete
>>> Name:
>>> imagepath: autocheck lsdelete
>>> Name:
>>> imagepath: autocheck lsdelete
>>>
>>> Running services:
>>> Name: Alerter
>>> displayname: Alerter
>>> Name: ALG
>>> displayname: Application Layer Gateway Service
>>> Name: AntiVirSchedulerService
>>> displayname: Avira AntiVir Scheduler
>>> Name: AntiVirService
>>> displayname: Avira AntiVir Guard
>>> Name: AudioSrv
>>> displayname: Windows Audio
>>> Name: BITS
>>> displayname: Background Intelligent Transfer Service
>>> Name: Browser
>>> displayname: Computer Browser
>>> Name: CryptSvc
>>> displayname: CryptSvc
>>> Name: DcomLaunch
>>> displayname: DCOM Server Process Launcher
>>> Name: Dhcp
>>> displayname: DHCP Client
>>> Name: Diskeeper
>>> displayname: Diskeeper
>>> Name: dmserver
>>> displayname: Logical Disk Manager
>>> Name: Dnscache
>>> displayname: DNS Client
>>> Name: ERSvc
>>> displayname: Error Reporting Service
>>> Name: Eventlog
>>> displayname: Event Log
>>> Name: EventSystem
>>> displayname: COM+ Event System
>>> Name: FastUserSwitchingCompatibility
>>> displayname: Fast User Switching Compatibility
>>> Name: helpsvc
>>> displayname: Help and Support
>>> Name: HidServ
>>> displayname: HID Input Service
>>> Name: JavaQuickStarterService
>>> displayname: Java Quick Starter
>>> Name: lanmanserver
>>> displayname: Server
>>> Name: lanmanworkstation
>>> displayname: Workstation
>>> Name: Lavasoft Ad-Aware Service
>>> displayname: Lavasoft Ad-Aware Service
>>> Name: LmHosts
>>> displayname: TCP/IP NetBIOS Helper
>>> Name: Netman
>>> displayname: Network Connections
>>> Name: Nla
>>> displayname: Network Location Awareness (NLA)
>>> Name: NVSvc
>>> displayname: NVIDIA Display Driver Service
>>> Name: PlugPlay
>>> displayname: Plug and Play
>>> Name: PolicyAgent
>>> displayname: IPSEC Services
>>> Name: ProtectedStorage
>>> displayname: Protected Storage
>>> Name: RasMan
>>> displayname: Remote Access Connection Manager
>>> Name: RpcSs
>>> displayname: Remote Procedure Call (RPC)
>>> Name: SamSs
>>> displayname: Security Accounts Manager
>>> Name: Schedule
>>> displayname: Task Scheduler
>>> Name: sdAuxService
>>> displayname: PC Tools Auxiliary Service
>>> Name: sdCoreService
>>> displayname: PC Tools Security Service
>>> Name: seclogon
>>> displayname: Secondary Logon
>>> Name: SENS
>>> displayname: System Event Notification
>>> Name: SharedAccess
>>> displayname: Windows Firewall/Internet Connection Sharing (ICS)
>>> Name: ShellHWDetection
>>> displayname: Shell Hardware Detection
>>> Name: Spooler
>>> displayname: Print Spooler
>>> Name: srservice
>>> displayname: System Restore Service
>>> Name: stisvc
>>> displayname: Windows Image Acquisition (WIA)
>>> Name: TapiSrv
>>> displayname: Telephony
>>> Name: TermService
>>> displayname: Terminal Services
>>> Name: Themes
>>> displayname: Themes
>>> Name: TrkWks
>>> displayname: Distributed Link Tracking Client
>>> Name: W32Time
>>> displayname: Windows Time
>>> Name: WebClient
>>> displayname: WebClient
>>> Name: winmgmt
>>> displayname: Windows Management Instrumentation
>>> Name: wscsvc
>>> displayname: Security Center
>>> Name: wuauserv
>>> displayname: Automatic Updates
>>> Name: WZCSVC
>>> displayname: Wireless Zero Configuration
>>>
>>>
MSG [1336] 2009/08/13 15:42:02: Configure new scan with profile: smart
MSG [1336] 2009/08/13 15:42:02: -> scanning critical objects
MSG [1336] 2009/08/13 15:42:02: -> scanning running processes
MSG [1336] 2009/08/13 15:42:02: -> scanning registry
MSG [1336] 2009/08/13 15:42:02: -> scanning lsp
MSG [1336] 2009/08/13 15:42:02: -> scanning browser hijacks
MSG [1336] 2009/08/13 15:42:02: -> scanning cookies
MSG [1336] 2009/08/13 15:42:02: -> neutralizing rootkits
MSG [1336] 2009/08/13 15:42:02: -> use spyware heuristics
MSG [1336] 2009/08/13 15:42:02: -> scan only executables
MSG [1336] 2009/08/13 15:42:02: -> file size limit = 20480 kB (0 = unlimited)
ERR [1336] 2009/08/13 15:43:15: SDKController::StartScan -> Scan already in progress
ERR [1336] 2009/08/13 15:49:05: SDKController::GetQuarantineList -> Not in idle state
ERR [1336] 2009/08/13 15:49:05: SDKController::GetWhiteList -> Not in idle state
ERR [1336] 2009/08/13 15:49:07: SDKController::GetDefinitonsFileVersion -> Not in idle state
ERR [1336] 2009/08/13 15:49:07: SDKController::GetLatestSuccessfulScanReport -> Not in idle state
MSG [2880] 2009/08/13 15:49:53: Scan was completed in 470 seconds
MSG [2880] 2009/08/13 15:49:53: Objects processed: 14234, infections detected: 1
MSG [3296] 2009/08/13 15:55:46: Remediating 1 infections
MSG [3296] 2009/08/13 15:55:46: Infections quarantined: 1, removed: 0, repaired: 0
MSG [3296] 2009/08/13 15:55:46: Infections ignored by remediation: 0 (0 whitelisted, 0 skipped).
MSG [1336] 2009/08/13 15:55:46: Dumping scan report:
>>> Logfile created: 13/8/2552 15:42:2
>>> Lavasoft Ad-Aware version: 8.0.7
>>> Extended engine version: 8.1
>>> User performing scan: UserA
>>>
>>> *********************** Definitions database information ***********************
>>> Lavasoft definition file: 149.25
>>> Extended engine definition file: 8.1
>>>
>>> ******************************** Scan results: *********************************
>>> Scan profile name: Smart Scan (ID: smart)
>>> Objects scanned: 14234
>>> Objects detected: 1
>>>
>>>
>>> Type Detected
>>> ==========================
>>> Processes.......: 1
>>> Registry entries: 0
>>> Hostfile entries: 0
>>> Files...........: 0
>>> Folders.........: 0
>>> LSPs............: 0
>>> Cookies.........: 0
>>> Browser hijacks.: 0
>>> MRU objects.....: 0
>>>
>>>
>>>
>>> Quarantined items:
>>> Description: c:\documents and settings\usera\desktop\ccinst4006.exe Family Name: Win32.Trojan.Mirc Clean status: Success Item ID: 75432 Family ID: 971
>>>
>>> Scan and cleaning complete: Finished correctly after 470 seconds
>>>
>>> *********************************** Settings ***********************************
>>>
>>> Scan profile:
>>> ID: smart, enabled:1, value: Smart Scan
>>> ID: scancriticalareas, enabled:1, value: true
>>> ID: scanrunningapps, enabled:1, value: true
>>> ID: scanregistry, enabled:1, value: true
>>> ID: scanlsp, enabled:1, value: true
>>> ID: scanads, enabled:1, value: false
>>> ID: scanhostsfile, enabled:1, value: false
>>> ID: scanmru, enabled:1, value: false
>>> ID: scanbrowserhijacks, enabled:1, value: true
>>> ID: scantrackingcookies, enabled:1, value: true
>>> ID: closebrowsers, enabled:1, value: false
>>> ID: folderstoscan, enabled:1, value:
>>> ID: usespywareheuristics, enabled:1, value: true
>>> ID: extendedengine, enabled:0, value: true
>>> ID: useheuristics, enabled:0, value: true
>>> ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>> ID: filescanningoptions, enabled:1
>>> ID: scanrootkits, enabled:1, value: true
>>> ID: archives, enabled:1, value: false
>>> ID: onlyexecutables, enabled:1, value: true
>>> ID: skiplargerthan, enabled:1, value: 20480
>>>
>>> Scan global:
>>> ID: global, enabled:1
>>> ID: addtocontextmenu, enabled:1, value: true
>>> ID: playsoundoninfection, enabled:1, value: false
>>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
>>>
>>> Scheduled scan settings:
>>> <Empty>
>>>
>>> Update settings:
>>> ID: updates, enabled:1
>>> ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
>>> ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: schedules, enabled:1, value: true
>>> ID: updatedaily, enabled:1, value: Daily
>>> ID: time, enabled:1, value: Tue May 05 20:03:00 2009
>>> ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: false
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>> ID: updateweekly, enabled:1, value: Weekly
>>> ID: time, enabled:1, value: Tue May 05 20:03:00 2009
>>> ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: true
>>> ID: tuesday, enabled:1, value: true
>>> ID: wednesday, enabled:1, value: false
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: false
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>>
>>> Appearance settings:
>>> ID: appearance, enabled:1
>>> ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
>>> ID: showtrayicon, enabled:1, value: false
>>> ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
>>>
>>> Realtime protection settings:
>>> ID: realtime, enabled:1
>>> ID: processprotection, enabled:1, value: true
>>> ID: registryprotection, enabled:0, value: false
>>> ID: networkprotection, enabled:0, value: false
>>> ID: usespywareheuristics, enabled:0, value: true
>>> ID: extendedengine, enabled:0, value: false
>>> ID: useheuristics, enabled:0, value: false
>>> ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>> ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
>>>
>>>
>>> ****************************** System information ******************************
>>> Computer name: HOME-380C981631
>>> Processor name: Intel® Pentium® Dual CPU E2200 @ 2.20GHz
>>> Processor identifier: x86 Family 6 Model 15 Stepping 13
>>> Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3853, number of processors 2
>>> Physical memory available: 1407713280 bytes
>>> Physical memory total: 2144161792 bytes
>>> Virtual memory available: 2026786816 bytes
>>> Virtual memory total: 2147352576 bytes
>>> Memory load: 34%
>>> Microsoft Windows XP Professional Service Pack 3 (build 2600)
>>> Windows startup mode:
>>>
>>> Running processes:
>>> PID: 876 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 932 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 956 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1000 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1012 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1204 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1272 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 1416 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1572 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 1720 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 1764 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1912 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2004 name: C:\Program Files\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 332 name: C:\WINDOWS\Explorer.EXE owner: UserA domain: HOME-380C981631
>>> PID: 592 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 640 name: C:\Program Files\Unlocker\UnlockerAssistant.exe owner: UserA domain: HOME-380C981631
>>> PID: 648 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: UserA domain: HOME-380C981631
>>> PID: 680 name: C:\WINDOWS\RTHDCPL.EXE owner: UserA domain: HOME-380C981631
>>> PID: 688 name: C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe owner: UserA domain: HOME-380C981631
>>> PID: 760 name: C:\WINDOWS\system32\RUNDLL32.EXE owner: UserA domain: HOME-380C981631
>>> PID: 1324 name: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe owner: UserA domain: HOME-380C981631
>>> PID: 1340 name: C:\Program Files\Spyware Doctor\pctsTray.exe owner: UserA domain: HOME-380C981631
>>> PID: 1476 name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe owner: UserA domain: HOME-380C981631
>>> PID: 1488 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: UserA domain: HOME-380C981631
>>> PID: 1508 name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe owner: UserA domain: HOME-380C981631
>>> PID: 1532 name: C:\WINDOWS\system32\ctfmon.exe owner: UserA domain: HOME-380C981631
>>> PID: 1856 name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1888 name: C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 224 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 300 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 532 name: C:\Program Files\Spyware Doctor\pctsAuxs.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 924 name: C:\Program Files\Spyware Doctor\pctsSvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2184 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 3184 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 3240 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 3376 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 3612 name: C:\WINDOWS\system32\wuauclt.exe owner: UserA domain: HOME-380C981631
>>> PID: 620 name: C:\Program Files\YCIII\YankClip.exe owner: UserA domain: HOME-380C981631
>>> PID: 188 name: C:\PROGRA~1\FREEDO~1\fdm.exe owner: UserA domain: HOME-380C981631
>>> PID: 2496 name: C:\Program Files\Copernic Desktop Search - Home\DesktopSearch.exe owner: UserA domain: HOME-380C981631
>>> PID: 3688 name: C:\PROGRA~1\COPERN~1\DESKTO~3.EXE owner: UserA domain: HOME-380C981631
>>> PID: 2684 name: C:\ArticleAssistant\ArticleAssistant.exe owner: UserA domain: HOME-380C981631
>>> PID: 1696 name: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE owner: UserA domain: HOME-380C981631
>>> PID: 2892 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: UserA domain: HOME-380C981631
>>> PID: 3516 name: C:\Documents and Settings\UserA\Desktop\ccinst4006.exe owner: UserA domain: HOME-380C981631
>>> PID: 1680 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe owner: UserA domain: HOME-380C981631
>>>
>>> Startup items:
>>> Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
>>> imagepath: Browseui preloader
>>> Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
>>> imagepath: Component Categories cache daemon
>>> Name: WPDShServiceObj
>>> imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
>>> Name: PostBootReminder
>>> imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
>>> Name: CDBurn
>>> imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
>>> Name: WebCheck
>>> imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
>>> Name: SysTray
>>> imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
>>> Name:
>>> imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
>>>
>>> Bootexecute items:
>>> Name:
>>> imagepath: autocheck autochk *
>>> Name:
>>> imagepath: autocheck lsdelete
>>> Name:
>>> imagepath: autocheck lsdelete
>>> Name:
>>> imagepath: autocheck lsdelete
>>> Name:
>>> imagepath: autocheck lsdelete
>>> Name:
>>> imagepath: autocheck lsdelete
>>> Name:
>>> imagepath: autocheck lsdelete
>>> Name:
>>> imagepath: lsdelete
>>>
>>> Running services:
>>> Name: Alerter
>>> displayname: Alerter
>>> Name: ALG
>>> displayname: Application Layer Gateway Service
>>> Name: AntiVirSchedulerService
>>> displayname: Avira AntiVir Scheduler
>>> Name: AntiVirService
>>> displayname: Avira AntiVir Guard
>>> Name: AudioSrv
>>> displayname: Windows Audio
>>> Name: BITS
>>> displayname: Background Intelligent Transfer Service
>>> Name: Browser
>>> displayname: Computer Browser
>>> Name: CryptSvc
>>> displayname: CryptSvc
>>> Name: DcomLaunch
>>> displayname: DCOM Server Process Launcher
>>> Name: Dhcp
>>> displayname: DHCP Client
>>> Name: Diskeeper
>>> displayname: Diskeeper
>>> Name: dmserver
>>> displayname: Logical Disk Manager
>>> Name: Dnscache
>>> displayname: DNS Client
>>> Name: ERSvc
>>> displayname: Error Reporting Service
>>> Name: Eventlog
>>> displayname: Event Log
>>> Name: EventSystem
>>> displayname: COM+ Event System
>>> Name: FastUserSwitchingCompatibility
>>> displayname: Fast User Switching Compatibility
>>> Name: helpsvc
>>> displayname: Help and Support
>>> Name: HidServ
>>> displayname: HID Input Service
>>> Name: JavaQuickStarterService
>>> displayname: Java Quick Starter
>>> Name: lanmanserver
>>> displayname: Server
>>> Name: lanmanworkstation
>>> displayname: Workstation
>>> Name: Lavasoft Ad-Aware Service
>>> displayname: Lavasoft Ad-Aware Service
>>> Name: LmHosts
>>> displayname: TCP/IP NetBIOS Helper
>>> Name: Netman
>>> displayname: Network Connections
>>> Name: Nla
>>> displayname: Network Location Awareness (NLA)
>>> Name: NVSvc
>>> displayname: NVIDIA Display Driver Service
>>> Name: PlugPlay
>>> displayname: Plug and Play
>>> Name: PolicyAgent
>>> displayname: IPSEC Services
>>> Name: ProtectedStorage
>>> displayname: Protected Storage
>>> Name: RasMan
>>> displayname: Remote Access Connection Manager
>>> Name: RpcSs
>>> displayname: Remote Procedure Call (RPC)
>>> Name: SamSs
>>> displayname: Security Accounts Manager
>>> Name: Schedule
>>> displayname: Task Scheduler
>>> Name: sdAuxService
>>> displayname: PC Tools Auxiliary Service
>>> Name: sdCoreService
>>> displayname: PC Tools Security Service
>>> Name: seclogon
>>> displayname: Secondary Logon
>>> Name: SENS
>>> displayname: System Event Notification
>>> Name: SharedAccess
>>> displayname: Windows Firewall/Internet Connection Sharing (ICS)
>>> Name: ShellHWDetection
>>> displayname: Shell Hardware Detection
>>> Name: Spooler
>>> displayname: Print Spooler
>>> Name: srservice
>>> displayname: System Restore Service
>>> Name: stisvc
>>> displayname: Windows Image Acquisition (WIA)
>>> Name: TapiSrv
>>> displayname: Telephony
>>> Name: TermService
>>> displayname: Terminal Services
>>> Name: Themes
>>> displayname: Themes
>>> Name: TrkWks
>>> displayname: Distributed Link Tracking Client
>>> Name: W32Time
>>> displayname: Windows Time
>>> Name: WebClient
>>> displayname: WebClient
>>> Name: winmgmt
>>> displayname: Windows Management Instrumentation
>>> Name: wscsvc
>>> displayname: Security Center
>>> Name: wuauserv
>>> displayname: Automatic Updates
>>> Name: WZCSVC
>>> displayname: Wireless Zero Configuration
>>>
>>>
Full Version: AdWatch Detected a Malicious Object
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive False Postive Issues
Hi Joe Watson!
The detection was caused by a weak fingerprint that has been removed from detection.
Please update to the current definitions i.e. 0149.0027 and the problem should be fixed.
Thanks for notifying us about the issue
Regards,
LS Pekka
Lavasoft Malware Labs
The detection was caused by a weak fingerprint that has been removed from detection.
Please update to the current definitions i.e. 0149.0027 and the problem should be fixed.
Thanks for notifying us about the issue
Regards,
LS Pekka
Lavasoft Malware Labs
QUOTE(LS Pekka @ Aug 13 2009, 09:46 PM) 
Hi Joe Watson!
The detection was caused by a weak fingerprint that has been removed from detection.
Please update to the current definitions i.e. 0149.0027 and the problem should be fixed.
Thanks for notifying us about the issue
Regards,
LS Pekka
Lavasoft Malware Labs
The detection was caused by a weak fingerprint that has been removed from detection.
Please update to the current definitions i.e. 0149.0027 and the problem should be fixed.
Thanks for notifying us about the issue
Regards,
LS Pekka
Lavasoft Malware Labs
Hi LS Pekka
Sorry to be so naive but how do I actually download this definition and install it. Went to updates and saw the definition but couldn't find how to download.
Joe
QUOTE(Joe Watson @ Aug 13 2009, 05:06 PM)
Hi LS Pekka
Sorry to be so naive but how do I actually download this definition and install it. Went to updates and saw the definition but couldn't find how to download.
Joe
Sorry to be so naive but how do I actually download this definition and install it. Went to updates and saw the definition but couldn't find how to download.
Joe
Hi again Joe Watson!
In Ad-Aware AE Free click on "Main" then on "Web Update". That should launch the update manager in Ad-Aware.
When the update finishes the current definitions file is listed under "Web Update".
Regards,
LS Pekka
QUOTE(LS Pekka @ Aug 13 2009, 10:52 PM)
Hi again Joe Watson!
In Ad-Aware AE Free click on "Main" then on "Web Update". That should launch the update manager in Ad-Aware.
When the update finishes the current definitions file is listed under "Web Update".
Regards,
LS Pekka
In Ad-Aware AE Free click on "Main" then on "Web Update". That should launch the update manager in Ad-Aware.
When the update finishes the current definitions file is listed under "Web Update".
Regards,
LS Pekka
Hi LS Pekka
Your service has been commendable and I am very impressed. Many thanks.
Joe Watson
QUOTE(Joe Watson @ Aug 14 2009, 06:00 AM)
Hi LS Pekka
Your service has been commendable and I am very impressed. Many thanks.
Joe Watson
Your service has been commendable and I am very impressed. Many thanks.
Joe Watson
I´m glad it sorted out
LS Pekka
Lavasoft Malware Labs
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.