Full Version: Adaware Blocks MyBook
I was running Adaware Ver 8.1. I recently purchased a Western Digital My Book External Hard drive. Adaware prevented the installation of the HD software. It kept identifying JSTART.EXE as some type of trojan horse. I had to disable Adaware to get the software loaded but, after reactivation, it prevented any files from being backed up. I could not figure out how to tell it to allow JSTART.EXE. Finally, I removed Adaware from my PC.
QUOTE(GatorsDad @ Oct 27 2009, 04:41 AM) 
I was running Adaware Ver 8.1. I recently purchased a Western Digital My Book External Hard drive. Adaware prevented the installation of the HD software. It kept identifying JSTART.EXE as some type of trojan horse. I had to disable Adaware to get the software loaded but, after reactivation, it prevented any files from being backed up. I could not figure out how to tell it to allow JSTART.EXE. Finally, I removed Adaware from my PC.
Hi GatorsDad!
Thanks for posting!
Would it be possible for you to post the file "JSTART.EXE" that was detected? Just zip that file, password protect it with "infected" and attach it to your post in this thread, or... post the full logfile from a Ad-Aware scan where the object is detected. That would be much appreciated!
Regards,
LS Pekka
Lavasoft Malware Labs
Hi
I just registered on this forum because of the same problem. I haven't gone as far as the original poster. I recieved those same jstart.exe not only on the accept the license agreement with MyBook but also on the user manual and the adobe acrobat on the first install page. This came up from the Adaware Live and it identified these as jstart.exe(2308), jstart.exe(496) and (1552) all were identified by Win32.Trojan.Agent. I have to install the zip program and then be able to follow up with capturing them. When I scanned the MyBook with Adaware it found it clean and so did my Zonealarm. I would prefer to not have to uninstall the Adaware as the last poster did in order to install this MyBook.
Thank you for your help,
caprine1
I just registered on this forum because of the same problem. I haven't gone as far as the original poster. I recieved those same jstart.exe not only on the accept the license agreement with MyBook but also on the user manual and the adobe acrobat on the first install page. This came up from the Adaware Live and it identified these as jstart.exe(2308), jstart.exe(496) and (1552) all were identified by Win32.Trojan.Agent. I have to install the zip program and then be able to follow up with capturing them. When I scanned the MyBook with Adaware it found it clean and so did my Zonealarm. I would prefer to not have to uninstall the Adaware as the last poster did in order to install this MyBook.
Thank you for your help,
caprine1
QUOTE(LS Pekka @ Oct 26 2009, 11:52 PM)
Hi GatorsDad!
Thanks for posting!
Would it be possible for you to post the file "JSTART.EXE" that was detected? Just zip that file, password protect it with "infected" and attach it to your post in this thread, or... post the full logfile from a Ad-Aware scan where the object is detected. That would be much appreciated!
Regards,
LS Pekka
Lavasoft Malware Labs
Thanks for posting!
Would it be possible for you to post the file "JSTART.EXE" that was detected? Just zip that file, password protect it with "infected" and attach it to your post in this thread, or... post the full logfile from a Ad-Aware scan where the object is detected. That would be much appreciated!
Regards,
LS Pekka
Lavasoft Malware Labs
Hi
I just tried to do the install again and the adaware live flagged it as the same trojan but has now a different number after it. There is nothing I can tell to zip up to you since adaware scan comes up with nothing. There is a place to check "do not alert me to this process again." Is this safe to do?
I just tried to do the install again and the adaware live flagged it as the same trojan but has now a different number after it. There is nothing I can tell to zip up to you since adaware scan comes up with nothing. There is a place to check "do not alert me to this process again." Is this safe to do?
QUOTE(caprine1 @ Nov 4 2009, 01:42 PM)
Hi
I just registered on this forum because of the same problem. I haven't gone as far as the original poster. I recieved those same jstart.exe not only on the accept the license agreement with MyBook but also on the user manual and the adobe acrobat on the first install page. This came up from the Adaware Live and it identified these as jstart.exe(2308), jstart.exe(496) and (1552) all were identified by Win32.Trojan.Agent. I have to install the zip program and then be able to follow up with capturing them. When I scanned the MyBook with Adaware it found it clean and so did my Zonealarm. I would prefer to not have to uninstall the Adaware as the last poster did in order to install this MyBook.
Thank you for your help,
caprine1
I just registered on this forum because of the same problem. I haven't gone as far as the original poster. I recieved those same jstart.exe not only on the accept the license agreement with MyBook but also on the user manual and the adobe acrobat on the first install page. This came up from the Adaware Live and it identified these as jstart.exe(2308), jstart.exe(496) and (1552) all were identified by Win32.Trojan.Agent. I have to install the zip program and then be able to follow up with capturing them. When I scanned the MyBook with Adaware it found it clean and so did my Zonealarm. I would prefer to not have to uninstall the Adaware as the last poster did in order to install this MyBook.
Thank you for your help,
caprine1
Hi caprine1,
It would be great if you could zip the log file of the scan that detected this item and upload it to the forum - this will give me some more info that will help me investigate this. If you would like some guidance on how to do this, please refer to the instructions here: http://www.lavasoftsupport.com/index.php?showtopic=18033
Regards,
Andy
Lavasoft Malware Labs
It would be great if you could zip the log file of the scan that detected this item and upload it to the forum - this will give me some more info that will help me investigate this. If you would like some guidance on how to do this, please refer to the instructions here: http://www.lavasoftsupport.com/index.php?showtopic=18033
Regards,
Andy
Lavasoft Malware Labs
Hi Andy,
Here is the log file. This trojan was detected by the adaware live program, but wasn't detected when scanning with the Adaware general program.
Hope you can help.
Thank you,
caprine1
Here is the log file. This trojan was detected by the adaware live program, but wasn't detected when scanning with the Adaware general program.
Hope you can help.
Thank you,
caprine1
QUOTE(LS Andy @ Nov 5 2009, 06:55 AM)
Hi caprine1,
It would be great if you could zip the log file of the scan that detected this item and upload it to the forum - this will give me some more info that will help me investigate this. If you would like some guidance on how to do this, please refer to the instructions here: http://www.lavasoftsupport.com/index.php?showtopic=18033
Regards,
Andy
Lavasoft Malware Labs
It would be great if you could zip the log file of the scan that detected this item and upload it to the forum - this will give me some more info that will help me investigate this. If you would like some guidance on how to do this, please refer to the instructions here: http://www.lavasoftsupport.com/index.php?showtopic=18033
Regards,
Andy
Lavasoft Malware Labs
Hi caprine1,
Looks like the upload didn't work! Could I ask you to try to upload the log file again? If it doesn't work, just copy the contents of the log file and paste it into a forum post. Thanks!
Andy
Looks like the upload didn't work! Could I ask you to try to upload the log file again? If it doesn't work, just copy the contents of the log file and paste it into a forum post. Thanks!
Andy
Hi Andy,
I should emphasize that when I scan with Adaware that it does not find an infection. For some reason the Adaware Live is coming up with the Trojan warning. So I doubt you will find anything from the Adaware scan. I will post the latest scan again. So that didn't work again so I have copied pasted a log.
Thank you,
caprine1
MSG [3180] 2009/11/07 23:06:41: Configure new scan with profile: smart
MSG [3180] 2009/11/07 23:06:41: -> scanning critical objects
MSG [3180] 2009/11/07 23:06:41: -> scanning running processes
MSG [3180] 2009/11/07 23:06:41: -> scanning registry
MSG [3180] 2009/11/07 23:06:41: -> scanning lsp
MSG [3180] 2009/11/07 23:06:41: -> scanning browser hijacks
MSG [3180] 2009/11/07 23:06:41: -> scanning cookies
MSG [3180] 2009/11/07 23:06:41: -> neutralizing rootkits
MSG [3180] 2009/11/07 23:06:41: -> use mild rootkit detection
MSG [3180] 2009/11/07 23:06:41: -> use spyware heuristics
MSG [3180] 2009/11/07 23:06:41: -> use mild heuristics
MSG [3180] 2009/11/07 23:06:41: -> scan only executables
MSG [3180] 2009/11/07 23:06:41: -> file size limit = 20480 kB (0 = unlimited)
ERR [3180] 2009/11/07 23:06:41: SDKController::GetInfectionList -> Not in found infections state
MSG [7808] 2009/11/07 23:14:40: Scan was completed in 479 seconds
MSG [7808] 2009/11/07 23:14:40: Objects processed: 6058, infections detected: 3
MSG [6160] 2009/11/07 23:14:44: Remediating 3 infections
MSG [6160] 2009/11/07 23:14:47: Infections quarantined: 0, removed: 3, repaired: 0
MSG [6160] 2009/11/07 23:14:47: Infections ignored by remediation: 0 (0 whitelisted, 0 skipped).
MSG [3180] 2009/11/07 23:14:51: Dumping scan report:
>>> Logfile created: 11/7/2009 23:06:43
>>> Lavasoft Ad-Aware version: 8.1.0
>>> User performing scan: Administrator
>>>
>>> *********************** Definitions database information ***********************
>>> Lavasoft definition file: 149.86
>>> Genotype definition file version: 2009/11/04 10:31:01
>>>
>>> ******************************** Scan results: *********************************
>>> Scan profile name: Smart Scan (ID: smart)
>>> Objects scanned: 6058
>>> Objects detected: 3
>>>
>>>
>>> Type Detected
>>> ==========================
>>> Processes.......: 0
>>> Registry entries: 0
>>> Hostfile entries: 0
>>> Files...........: 0
>>> Folders.........: 0
>>> LSPs............: 0
>>> Cookies.........: 3
>>> Browser hijacks.: 0
>>> MRU objects.....: 0
>>>
>>>
>>>
>>> Removed items:
>>> Description: *ads.telegraph.co* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409348 Family ID: 0
>>> Description: *clickbank* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408890 Family ID: 0
>>> Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
>>>
>>> Scan and cleaning complete: Finished correctly after 479 seconds
>>>
>>> *********************************** Settings ***********************************
>>>
>>> Scan profile:
>>> ID: smart, enabled:1, value: Smart Scan
>>> ID: folderstoscan, enabled:1, value:
>>> ID: useantivirus, enabled:0, value: true
>>> ID: sections, enabled:1
>>> ID: scancriticalareas, enabled:1, value: true
>>> ID: scanrunningapps, enabled:1, value: true
>>> ID: scanregistry, enabled:1, value: true
>>> ID: scanlsp, enabled:1, value: true
>>> ID: scanads, enabled:1, value: false
>>> ID: scanhostsfile, enabled:1, value: false
>>> ID: scanmru, enabled:1, value: false
>>> ID: scanbrowserhijacks, enabled:1, value: true
>>> ID: scantrackingcookies, enabled:1, value: true
>>> ID: closebrowsers, enabled:1, value: false
>>> ID: filescanningoptions, enabled:1
>>> ID: archives, enabled:1, value: false
>>> ID: onlyexecutables, enabled:1, value: true
>>> ID: skiplargerthan, enabled:1, value: 20480
>>> ID: scanrootkits, enabled:1, value: true
>>> ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
>>> ID: usespywareheuristics, enabled:1, value: true
>>> ID: heuristicslevel, enabled:1, value: mild, domain: medium,mild,strict
>>>
>>> Scan global:
>>> ID: global, enabled:1
>>> ID: addtocontextmenu, enabled:1, value: true
>>> ID: playsoundoninfection, enabled:1, value: false
>>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
>>>
>>> Scheduled scan settings:
>>> <Empty>
>>>
>>> Update settings:
>>> ID: updates, enabled:1
>>> ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
>>> ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: schedules, enabled:1, value: true
>>> ID: updatedaily1, enabled:0, value: Daily 1
>>> ID: time, enabled:0, value: Sun Oct 18 23:39:00 2009
>>> ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:0
>>> ID: monday, enabled:0, value: false
>>> ID: tuesday, enabled:0, value: false
>>> ID: wednesday, enabled:0, value: false
>>> ID: thursday, enabled:0, value: false
>>> ID: friday, enabled:0, value: false
>>> ID: saturday, enabled:0, value: false
>>> ID: sunday, enabled:0, value: false
>>> ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:0, value:
>>> ID: auto_deal_with_infections, enabled:0, value: false
>>> ID: updatedaily2, enabled:0, value: Daily 2
>>> ID: time, enabled:0, value: Sun Oct 18 05:39:00 2009
>>> ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:0
>>> ID: monday, enabled:0, value: false
>>> ID: tuesday, enabled:0, value: false
>>> ID: wednesday, enabled:0, value: false
>>> ID: thursday, enabled:0, value: false
>>> ID: friday, enabled:0, value: false
>>> ID: saturday, enabled:0, value: false
>>> ID: sunday, enabled:0, value: false
>>> ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:0, value:
>>> ID: auto_deal_with_infections, enabled:0, value: false
>>> ID: updatedaily3, enabled:0, value: Daily 3
>>> ID: time, enabled:0, value: Sun Oct 18 11:39:00 2009
>>> ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:0
>>> ID: monday, enabled:0, value: false
>>> ID: tuesday, enabled:0, value: false
>>> ID: wednesday, enabled:0, value: false
>>> ID: thursday, enabled:0, value: false
>>> ID: friday, enabled:0, value: false
>>> ID: saturday, enabled:0, value: false
>>> ID: sunday, enabled:0, value: false
>>> ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:0, value:
>>> ID: auto_deal_with_infections, enabled:0, value: false
>>> ID: updatedaily4, enabled:0, value: Daily 4
>>> ID: time, enabled:0, value: Sun Oct 18 17:39:00 2009
>>> ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:0
>>> ID: monday, enabled:0, value: false
>>> ID: tuesday, enabled:0, value: false
>>> ID: wednesday, enabled:0, value: false
>>> ID: thursday, enabled:0, value: false
>>> ID: friday, enabled:0, value: false
>>> ID: saturday, enabled:0, value: false
>>> ID: sunday, enabled:0, value: false
>>> ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:0, value:
>>> ID: auto_deal_with_infections, enabled:0, value: false
>>> ID: updateweekly1, enabled:1, value: Weekly
>>> ID: time, enabled:1, value: Sun Oct 18 23:39:00 2009
>>> ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: false
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: true
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: true
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>>
>>> Appearance settings:
>>> ID: appearance, enabled:1
>>> ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
>>> ID: showtrayicon, enabled:1, value: true
>>> ID: autoentertainmentmode, enabled:0, value: true
>>> ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
>>> ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
>>>
>>> Realtime protection settings:
>>> ID: realtime, enabled:1
>>> ID: modules, enabled:1
>>> ID: processprotection, enabled:1, value: true
>>> ID: registryprotection, enabled:0, value: true
>>> ID: networkprotection, enabled:0, value: true
>>> ID: layers, enabled:1
>>> ID: useantivirus, enabled:0, value: true
>>> ID: usespywareheuristics, enabled:0, value: true
>>> ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>> ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
>>>
>>>
>>> ****************************** System information ******************************
>>> Computer name: SAMPLE
>>> Processor name: Intel® Pentium® 4 CPU 2.80GHz
>>> Processor identifier: x86 Family 15 Model 4 Stepping 9
>>> Processor speed: ~2800MHZ
>>> Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1033, number of processors 2, processor features: [MMX,SSE,SSE2]
>>> Physical memory available: 71446528 bytes
>>> Physical memory total: 1071034368 bytes
>>> Virtual memory available: 1977679872 bytes
>>> Virtual memory total: 2147352576 bytes
>>> Memory load: 93%
>>> Microsoft Windows XP Professional Service Pack 2 (build 2600)
>>> Windows startup mode:
>>>
>>> Running processes:
>>> PID: 656 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 720 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 744 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 788 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 800 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 960 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1040 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 1080 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1168 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 1196 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 1252 name: C:\WINDOWS\system32\ZoneLabs\vsmon.exe owner: <UNKNOWN> domain: <UNKNOWN>
>>> PID: 1624 name: C:\WINDOWS\Explorer.EXE owner: Administrator domain: SAMPLE
>>> PID: 1816 name: C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1880 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1996 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2016 name: C:\Program Files\RegCure\RegCure.exe owner: Administrator domain: SAMPLE
>>> PID: 228 name: C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1596 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1504 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 2104 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2460 name: C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe owner: Administrator domain: SAMPLE
>>> PID: 2512 name: C:\WINDOWS\system32\igfxtray.exe owner: Administrator domain: SAMPLE
>>> PID: 2540 name: C:\WINDOWS\system32\hkcmd.exe owner: Administrator domain: SAMPLE
>>> PID: 2564 name: C:\WINDOWS\SOUNDMAN.EXE owner: Administrator domain: SAMPLE
>>> PID: 2588 name: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe owner: Administrator domain: SAMPLE
>>> PID: 2616 name: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe owner: <UNKNOWN> domain: <UNKNOWN>
>>> PID: 2632 name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe owner: Administrator domain: SAMPLE
>>> PID: 2724 name: C:\Program Files\Messenger\msmsgs.exe owner: Administrator domain: SAMPLE
>>> PID: 2740 name: C:\WINDOWS\system32\ctfmon.exe owner: Administrator domain: SAMPLE
>>> PID: 2764 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Administrator domain: SAMPLE
>>> PID: 2812 name: C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe owner: Administrator domain: SAMPLE
>>> PID: 2952 name: C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe owner: Administrator domain: SAMPLE
>>> PID: 2980 name: C:\Program Files\CheckPoint\ZAForceField\ForceField.exe owner: Administrator domain: SAMPLE
>>> PID: 3540 name: C:\WINDOWS\system32\wuauclt.exe owner: Administrator domain: SAMPLE
>>> PID: 3092 name: C:\Program Files\Internet Explorer\iexplore.exe owner: <UNKNOWN> domain: <UNKNOWN>
>>> PID: 3204 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Administrator domain: SAMPLE
>>> PID: 3296 name: C:\Program Files\Internet Explorer\iexplore.exe owner: <UNKNOWN> domain: <UNKNOWN>
>>> PID: 1728 name: C:\Program Files\Internet Explorer\iexplore.exe owner: <UNKNOWN> domain: <UNKNOWN>
>>> PID: 2660 name: C:\Program Files\Internet Explorer\iexplore.exe owner: <UNKNOWN> domain: <UNKNOWN>
>>> PID: 6128 name: C:\Program Files\Internet Explorer\iexplore.exe owner: <UNKNOWN> domain: <UNKNOWN>
>>> PID: 7360 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Administrator domain: SAMPLE
>>> PID: 5196 name: C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe owner: SYSTEM domain: NT AUTHORITY
>>>
>>> Startup items:
>>> Name: PRONoMgr.exe
>>> imagepath: C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
>>> Name: IgfxTray
>>> imagepath: C:\WINDOWS\system32\igfxtray.exe
>>> Name: HotKeysCmds
>>> imagepath: C:\WINDOWS\system32\hkcmd.exe
>>> Name: SoundMan
>>> imagepath: SOUNDMAN.EXE
>>> Name: NeroFilterCheck
>>> imagepath: C:\WINDOWS\system32\NeroCheck.exe
>>> Name: SunJavaUpdateSched
>>> imagepath: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
>>> Name: ZoneAlarm Client
>>> imagepath: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
>>> Name: TkBellExe
>>> imagepath: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
>>> Name: Adobe Reader Speed Launcher
>>> imagepath: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
>>> Name: EPSON Stylus CX5000 Series
>>> imagepath: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S108.tmp" /EF "HKLM"
>>> Name: PostBootReminder
>>> imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
>>> Name: CDBurn
>>> imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
>>> Name: WebCheck
>>> imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
>>> Name: SysTray
>>> imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
>>> Name: WPDShServiceObj
>>> imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
>>> Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
>>> imagepath: Browseui preloader
>>> Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
>>> imagepath: Component Categories cache daemon
>>> Name:
>>> imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
>>>
>>> Bootexecute items:
>>> Name:
>>> imagepath: autocheck autochk *
>>> Name:
>>> imagepath: lsdelete
>>>
>>> Running services:
>>> Name: ALG
>>> displayname: Application Layer Gateway Service
>>> Name: AudioSrv
>>> displayname: Windows Audio
>>> Name: Browser
>>> displayname: Computer Browser
>>> Name: CryptSvc
>>> displayname: Cryptographic Services
>>> Name: DcomLaunch
>>> displayname: DCOM Server Process Launcher
>>> Name: Dhcp
>>> displayname: DHCP Client
>>> Name: dmserver
>>> displayname: Logical Disk Manager
>>> Name: Dnscache
>>> displayname: DNS Client
>>> Name: Eventlog
>>> displayname: Event Log
>>> Name: EventSystem
>>> displayname: COM+ Event System
>>> Name: FastUserSwitchingCompatibility
>>> displayname: Fast User Switching Compatibility
>>> Name: HidServ
>>> displayname: HID Input Service
>>> Name: IswSvc
>>> displayname: ZoneAlarm ForceField IswSvc
>>> Name: lanmanserver
>>> displayname: Server
>>> Name: lanmanworkstation
>>> displayname: Workstation
>>> Name: Lavasoft Ad-Aware Service
>>> displayname: Lavasoft Ad-Aware Service
>>> Name: LmHosts
>>> displayname: TCP/IP NetBIOS Helper
>>> Name: Netman
>>> displayname: Network Connections
>>> Name: Nla
>>> displayname: Network Location Awareness (NLA)
>>> Name: PlugPlay
>>> displayname: Plug and Play
>>> Name: PrismXL
>>> displayname: PrismXL
>>> Name: ProtectedStorage
>>> displayname: Protected Storage
>>> Name: RasMan
>>> displayname: Remote Access Connection Manager
>>> Name: RpcSs
>>> displayname: Remote Procedure Call (RPC)
>>> Name: SamSs
>>> displayname: Security Accounts Manager
>>> Name: Schedule
>>> displayname: Task Scheduler
>>> Name: seclogon
>>> displayname: Secondary Logon
>>> Name: SENS
>>> displayname: System Event Notification
>>> Name: SharedAccess
>>> displayname: Windows Firewall/Internet Connection Sharing (ICS)
>>> Name: ShellHWDetection
>>> displayname: Shell Hardware Detection
>>> Name: Spooler
>>> displayname: Print Spooler
>>> Name: srservice
>>> displayname: System Restore Service
>>> Name: SSDPSRV
>>> displayname: SSDP Discovery Service
>>> Name: TapiSrv
>>> displayname: Telephony
>>> Name: TermService
>>> displayname: Terminal Services
>>> Name: Themes
>>> displayname: Themes
>>> Name: vsmon
>>> displayname: TrueVector Internet Monitor
>>> Name: W32Time
>>> displayname: Windows Time
>>> Name: winmgmt
>>> displayname: Windows Management Instrumentation
>>> Name: wscsvc
>>> displayname: Security Center
>>> Name: wuauserv
>>> displayname: Automatic Updates
>>> Name: WZCSVC
>>> displayname: Wireless Zero Configuration
>>>
>>>
Thank you,
caprine1
I should emphasize that when I scan with Adaware that it does not find an infection. For some reason the Adaware Live is coming up with the Trojan warning. So I doubt you will find anything from the Adaware scan. I will post the latest scan again. So that didn't work again so I have copied pasted a log.
Thank you,
caprine1
MSG [3180] 2009/11/07 23:06:41: Configure new scan with profile: smart
MSG [3180] 2009/11/07 23:06:41: -> scanning critical objects
MSG [3180] 2009/11/07 23:06:41: -> scanning running processes
MSG [3180] 2009/11/07 23:06:41: -> scanning registry
MSG [3180] 2009/11/07 23:06:41: -> scanning lsp
MSG [3180] 2009/11/07 23:06:41: -> scanning browser hijacks
MSG [3180] 2009/11/07 23:06:41: -> scanning cookies
MSG [3180] 2009/11/07 23:06:41: -> neutralizing rootkits
MSG [3180] 2009/11/07 23:06:41: -> use mild rootkit detection
MSG [3180] 2009/11/07 23:06:41: -> use spyware heuristics
MSG [3180] 2009/11/07 23:06:41: -> use mild heuristics
MSG [3180] 2009/11/07 23:06:41: -> scan only executables
MSG [3180] 2009/11/07 23:06:41: -> file size limit = 20480 kB (0 = unlimited)
ERR [3180] 2009/11/07 23:06:41: SDKController::GetInfectionList -> Not in found infections state
MSG [7808] 2009/11/07 23:14:40: Scan was completed in 479 seconds
MSG [7808] 2009/11/07 23:14:40: Objects processed: 6058, infections detected: 3
MSG [6160] 2009/11/07 23:14:44: Remediating 3 infections
MSG [6160] 2009/11/07 23:14:47: Infections quarantined: 0, removed: 3, repaired: 0
MSG [6160] 2009/11/07 23:14:47: Infections ignored by remediation: 0 (0 whitelisted, 0 skipped).
MSG [3180] 2009/11/07 23:14:51: Dumping scan report:
>>> Logfile created: 11/7/2009 23:06:43
>>> Lavasoft Ad-Aware version: 8.1.0
>>> User performing scan: Administrator
>>>
>>> *********************** Definitions database information ***********************
>>> Lavasoft definition file: 149.86
>>> Genotype definition file version: 2009/11/04 10:31:01
>>>
>>> ******************************** Scan results: *********************************
>>> Scan profile name: Smart Scan (ID: smart)
>>> Objects scanned: 6058
>>> Objects detected: 3
>>>
>>>
>>> Type Detected
>>> ==========================
>>> Processes.......: 0
>>> Registry entries: 0
>>> Hostfile entries: 0
>>> Files...........: 0
>>> Folders.........: 0
>>> LSPs............: 0
>>> Cookies.........: 3
>>> Browser hijacks.: 0
>>> MRU objects.....: 0
>>>
>>>
>>>
>>> Removed items:
>>> Description: *ads.telegraph.co* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409348 Family ID: 0
>>> Description: *clickbank* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408890 Family ID: 0
>>> Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
>>>
>>> Scan and cleaning complete: Finished correctly after 479 seconds
>>>
>>> *********************************** Settings ***********************************
>>>
>>> Scan profile:
>>> ID: smart, enabled:1, value: Smart Scan
>>> ID: folderstoscan, enabled:1, value:
>>> ID: useantivirus, enabled:0, value: true
>>> ID: sections, enabled:1
>>> ID: scancriticalareas, enabled:1, value: true
>>> ID: scanrunningapps, enabled:1, value: true
>>> ID: scanregistry, enabled:1, value: true
>>> ID: scanlsp, enabled:1, value: true
>>> ID: scanads, enabled:1, value: false
>>> ID: scanhostsfile, enabled:1, value: false
>>> ID: scanmru, enabled:1, value: false
>>> ID: scanbrowserhijacks, enabled:1, value: true
>>> ID: scantrackingcookies, enabled:1, value: true
>>> ID: closebrowsers, enabled:1, value: false
>>> ID: filescanningoptions, enabled:1
>>> ID: archives, enabled:1, value: false
>>> ID: onlyexecutables, enabled:1, value: true
>>> ID: skiplargerthan, enabled:1, value: 20480
>>> ID: scanrootkits, enabled:1, value: true
>>> ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
>>> ID: usespywareheuristics, enabled:1, value: true
>>> ID: heuristicslevel, enabled:1, value: mild, domain: medium,mild,strict
>>>
>>> Scan global:
>>> ID: global, enabled:1
>>> ID: addtocontextmenu, enabled:1, value: true
>>> ID: playsoundoninfection, enabled:1, value: false
>>> ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
>>>
>>> Scheduled scan settings:
>>> <Empty>
>>>
>>> Update settings:
>>> ID: updates, enabled:1
>>> ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
>>> ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
>>> ID: schedules, enabled:1, value: true
>>> ID: updatedaily1, enabled:0, value: Daily 1
>>> ID: time, enabled:0, value: Sun Oct 18 23:39:00 2009
>>> ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:0
>>> ID: monday, enabled:0, value: false
>>> ID: tuesday, enabled:0, value: false
>>> ID: wednesday, enabled:0, value: false
>>> ID: thursday, enabled:0, value: false
>>> ID: friday, enabled:0, value: false
>>> ID: saturday, enabled:0, value: false
>>> ID: sunday, enabled:0, value: false
>>> ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:0, value:
>>> ID: auto_deal_with_infections, enabled:0, value: false
>>> ID: updatedaily2, enabled:0, value: Daily 2
>>> ID: time, enabled:0, value: Sun Oct 18 05:39:00 2009
>>> ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:0
>>> ID: monday, enabled:0, value: false
>>> ID: tuesday, enabled:0, value: false
>>> ID: wednesday, enabled:0, value: false
>>> ID: thursday, enabled:0, value: false
>>> ID: friday, enabled:0, value: false
>>> ID: saturday, enabled:0, value: false
>>> ID: sunday, enabled:0, value: false
>>> ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:0, value:
>>> ID: auto_deal_with_infections, enabled:0, value: false
>>> ID: updatedaily3, enabled:0, value: Daily 3
>>> ID: time, enabled:0, value: Sun Oct 18 11:39:00 2009
>>> ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:0
>>> ID: monday, enabled:0, value: false
>>> ID: tuesday, enabled:0, value: false
>>> ID: wednesday, enabled:0, value: false
>>> ID: thursday, enabled:0, value: false
>>> ID: friday, enabled:0, value: false
>>> ID: saturday, enabled:0, value: false
>>> ID: sunday, enabled:0, value: false
>>> ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:0, value:
>>> ID: auto_deal_with_infections, enabled:0, value: false
>>> ID: updatedaily4, enabled:0, value: Daily 4
>>> ID: time, enabled:0, value: Sun Oct 18 17:39:00 2009
>>> ID: frequency, enabled:0, value: daily, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:0
>>> ID: monday, enabled:0, value: false
>>> ID: tuesday, enabled:0, value: false
>>> ID: wednesday, enabled:0, value: false
>>> ID: thursday, enabled:0, value: false
>>> ID: friday, enabled:0, value: false
>>> ID: saturday, enabled:0, value: false
>>> ID: sunday, enabled:0, value: false
>>> ID: monthly, enabled:0, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:0, value:
>>> ID: auto_deal_with_infections, enabled:0, value: false
>>> ID: updateweekly1, enabled:1, value: Weekly
>>> ID: time, enabled:1, value: Sun Oct 18 23:39:00 2009
>>> ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
>>> ID: weekdays, enabled:1
>>> ID: monday, enabled:1, value: false
>>> ID: tuesday, enabled:1, value: false
>>> ID: wednesday, enabled:1, value: true
>>> ID: thursday, enabled:1, value: false
>>> ID: friday, enabled:1, value: false
>>> ID: saturday, enabled:1, value: false
>>> ID: sunday, enabled:1, value: true
>>> ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
>>> ID: scanprofile, enabled:1, value:
>>> ID: auto_deal_with_infections, enabled:1, value: false
>>>
>>> Appearance settings:
>>> ID: appearance, enabled:1
>>> ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
>>> ID: showtrayicon, enabled:1, value: true
>>> ID: autoentertainmentmode, enabled:0, value: true
>>> ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
>>> ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
>>>
>>> Realtime protection settings:
>>> ID: realtime, enabled:1
>>> ID: modules, enabled:1
>>> ID: processprotection, enabled:1, value: true
>>> ID: registryprotection, enabled:0, value: true
>>> ID: networkprotection, enabled:0, value: true
>>> ID: layers, enabled:1
>>> ID: useantivirus, enabled:0, value: true
>>> ID: usespywareheuristics, enabled:0, value: true
>>> ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
>>> ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
>>>
>>>
>>> ****************************** System information ******************************
>>> Computer name: SAMPLE
>>> Processor name: Intel® Pentium® 4 CPU 2.80GHz
>>> Processor identifier: x86 Family 15 Model 4 Stepping 9
>>> Processor speed: ~2800MHZ
>>> Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1033, number of processors 2, processor features: [MMX,SSE,SSE2]
>>> Physical memory available: 71446528 bytes
>>> Physical memory total: 1071034368 bytes
>>> Virtual memory available: 1977679872 bytes
>>> Virtual memory total: 2147352576 bytes
>>> Memory load: 93%
>>> Microsoft Windows XP Professional Service Pack 2 (build 2600)
>>> Windows startup mode:
>>>
>>> Running processes:
>>> PID: 656 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 720 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 744 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 788 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 800 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 960 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1040 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 1080 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1168 name: C:\WINDOWS\System32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
>>> PID: 1196 name: C:\WINDOWS\System32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 1252 name: C:\WINDOWS\system32\ZoneLabs\vsmon.exe owner: <UNKNOWN> domain: <UNKNOWN>
>>> PID: 1624 name: C:\WINDOWS\Explorer.EXE owner: Administrator domain: SAMPLE
>>> PID: 1816 name: C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1880 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1996 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2016 name: C:\Program Files\RegCure\RegCure.exe owner: Administrator domain: SAMPLE
>>> PID: 228 name: C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1596 name: C:\WINDOWS\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 1504 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
>>> PID: 2104 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
>>> PID: 2460 name: C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe owner: Administrator domain: SAMPLE
>>> PID: 2512 name: C:\WINDOWS\system32\igfxtray.exe owner: Administrator domain: SAMPLE
>>> PID: 2540 name: C:\WINDOWS\system32\hkcmd.exe owner: Administrator domain: SAMPLE
>>> PID: 2564 name: C:\WINDOWS\SOUNDMAN.EXE owner: Administrator domain: SAMPLE
>>> PID: 2588 name: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe owner: Administrator domain: SAMPLE
>>> PID: 2616 name: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe owner: <UNKNOWN> domain: <UNKNOWN>
>>> PID: 2632 name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe owner: Administrator domain: SAMPLE
>>> PID: 2724 name: C:\Program Files\Messenger\msmsgs.exe owner: Administrator domain: SAMPLE
>>> PID: 2740 name: C:\WINDOWS\system32\ctfmon.exe owner: Administrator domain: SAMPLE
>>> PID: 2764 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Administrator domain: SAMPLE
>>> PID: 2812 name: C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe owner: Administrator domain: SAMPLE
>>> PID: 2952 name: C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe owner: Administrator domain: SAMPLE
>>> PID: 2980 name: C:\Program Files\CheckPoint\ZAForceField\ForceField.exe owner: Administrator domain: SAMPLE
>>> PID: 3540 name: C:\WINDOWS\system32\wuauclt.exe owner: Administrator domain: SAMPLE
>>> PID: 3092 name: C:\Program Files\Internet Explorer\iexplore.exe owner: <UNKNOWN> domain: <UNKNOWN>
>>> PID: 3204 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Administrator domain: SAMPLE
>>> PID: 3296 name: C:\Program Files\Internet Explorer\iexplore.exe owner: <UNKNOWN> domain: <UNKNOWN>
>>> PID: 1728 name: C:\Program Files\Internet Explorer\iexplore.exe owner: <UNKNOWN> domain: <UNKNOWN>
>>> PID: 2660 name: C:\Program Files\Internet Explorer\iexplore.exe owner: <UNKNOWN> domain: <UNKNOWN>
>>> PID: 6128 name: C:\Program Files\Internet Explorer\iexplore.exe owner: <UNKNOWN> domain: <UNKNOWN>
>>> PID: 7360 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Administrator domain: SAMPLE
>>> PID: 5196 name: C:\Program Files\Lavasoft\Ad-Aware\AAWWSC.exe owner: SYSTEM domain: NT AUTHORITY
>>>
>>> Startup items:
>>> Name: PRONoMgr.exe
>>> imagepath: C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
>>> Name: IgfxTray
>>> imagepath: C:\WINDOWS\system32\igfxtray.exe
>>> Name: HotKeysCmds
>>> imagepath: C:\WINDOWS\system32\hkcmd.exe
>>> Name: SoundMan
>>> imagepath: SOUNDMAN.EXE
>>> Name: NeroFilterCheck
>>> imagepath: C:\WINDOWS\system32\NeroCheck.exe
>>> Name: SunJavaUpdateSched
>>> imagepath: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
>>> Name: ZoneAlarm Client
>>> imagepath: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
>>> Name: TkBellExe
>>> imagepath: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
>>> Name: Adobe Reader Speed Launcher
>>> imagepath: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
>>> Name: EPSON Stylus CX5000 Series
>>> imagepath: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S108.tmp" /EF "HKLM"
>>> Name: PostBootReminder
>>> imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
>>> Name: CDBurn
>>> imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
>>> Name: WebCheck
>>> imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
>>> Name: SysTray
>>> imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
>>> Name: WPDShServiceObj
>>> imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
>>> Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
>>> imagepath: Browseui preloader
>>> Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
>>> imagepath: Component Categories cache daemon
>>> Name:
>>> imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
>>>
>>> Bootexecute items:
>>> Name:
>>> imagepath: autocheck autochk *
>>> Name:
>>> imagepath: lsdelete
>>>
>>> Running services:
>>> Name: ALG
>>> displayname: Application Layer Gateway Service
>>> Name: AudioSrv
>>> displayname: Windows Audio
>>> Name: Browser
>>> displayname: Computer Browser
>>> Name: CryptSvc
>>> displayname: Cryptographic Services
>>> Name: DcomLaunch
>>> displayname: DCOM Server Process Launcher
>>> Name: Dhcp
>>> displayname: DHCP Client
>>> Name: dmserver
>>> displayname: Logical Disk Manager
>>> Name: Dnscache
>>> displayname: DNS Client
>>> Name: Eventlog
>>> displayname: Event Log
>>> Name: EventSystem
>>> displayname: COM+ Event System
>>> Name: FastUserSwitchingCompatibility
>>> displayname: Fast User Switching Compatibility
>>> Name: HidServ
>>> displayname: HID Input Service
>>> Name: IswSvc
>>> displayname: ZoneAlarm ForceField IswSvc
>>> Name: lanmanserver
>>> displayname: Server
>>> Name: lanmanworkstation
>>> displayname: Workstation
>>> Name: Lavasoft Ad-Aware Service
>>> displayname: Lavasoft Ad-Aware Service
>>> Name: LmHosts
>>> displayname: TCP/IP NetBIOS Helper
>>> Name: Netman
>>> displayname: Network Connections
>>> Name: Nla
>>> displayname: Network Location Awareness (NLA)
>>> Name: PlugPlay
>>> displayname: Plug and Play
>>> Name: PrismXL
>>> displayname: PrismXL
>>> Name: ProtectedStorage
>>> displayname: Protected Storage
>>> Name: RasMan
>>> displayname: Remote Access Connection Manager
>>> Name: RpcSs
>>> displayname: Remote Procedure Call (RPC)
>>> Name: SamSs
>>> displayname: Security Accounts Manager
>>> Name: Schedule
>>> displayname: Task Scheduler
>>> Name: seclogon
>>> displayname: Secondary Logon
>>> Name: SENS
>>> displayname: System Event Notification
>>> Name: SharedAccess
>>> displayname: Windows Firewall/Internet Connection Sharing (ICS)
>>> Name: ShellHWDetection
>>> displayname: Shell Hardware Detection
>>> Name: Spooler
>>> displayname: Print Spooler
>>> Name: srservice
>>> displayname: System Restore Service
>>> Name: SSDPSRV
>>> displayname: SSDP Discovery Service
>>> Name: TapiSrv
>>> displayname: Telephony
>>> Name: TermService
>>> displayname: Terminal Services
>>> Name: Themes
>>> displayname: Themes
>>> Name: vsmon
>>> displayname: TrueVector Internet Monitor
>>> Name: W32Time
>>> displayname: Windows Time
>>> Name: winmgmt
>>> displayname: Windows Management Instrumentation
>>> Name: wscsvc
>>> displayname: Security Center
>>> Name: wuauserv
>>> displayname: Automatic Updates
>>> Name: WZCSVC
>>> displayname: Wireless Zero Configuration
>>>
>>>
Thank you,
caprine1
QUOTE(LS Andy @ Nov 6 2009, 04:03 AM)
Hi caprine1,
Looks like the upload didn't work! Could I ask you to try to upload the log file again? If it doesn't work, just copy the contents of the log file and paste it into a forum post. Thanks!
Andy
Looks like the upload didn't work! Could I ask you to try to upload the log file again? If it doesn't work, just copy the contents of the log file and paste it into a forum post. Thanks!
Andy
Hi everybody,
I have the same problem with JSTART.EXE. Yesterday I wrote to the Western Digital company and I'm waiting for a reply. I will let you know something as soon as they reply, in the meanwhile I wish you can find a solution.
Have a good day,
Pippi
I have the same problem with JSTART.EXE. Yesterday I wrote to the Western Digital company and I'm waiting for a reply. I will let you know something as soon as they reply, in the meanwhile I wish you can find a solution.
Have a good day,
Pippi
Hi All!
Can someone please attach the detected file in this thread please.
"To upload the file, click on the Browse button within your post, navigate to the log file's location, select the file then click the green UPLOAD button."
"If you have access to the detected file, upload it as described above, however, please be sure to zip your file first - the forum will not accept the upload of .exe files or renamed .exe files. You could use an application like 7-Zip, ZipCentral or your preferred compression program to zip your file."
Best Regards
Albin
Lavasoft Malware Labs
Can someone please attach the detected file in this thread please.
"To upload the file, click on the Browse button within your post, navigate to the log file's location, select the file then click the green UPLOAD button."
"If you have access to the detected file, upload it as described above, however, please be sure to zip your file first - the forum will not accept the upload of .exe files or renamed .exe files. You could use an application like 7-Zip, ZipCentral or your preferred compression program to zip your file."
Best Regards
Albin
Lavasoft Malware Labs
Hi Moderators,
I don't think you understand that when the MyBook is scanned with adaware it comes up CLEAN, but when I try to use the installation program for the MyBook the Adaware Live pops and stops the operation with the notice of these Trojans. Nothing scans as there in the Adaware. I copied and pasted as recommended by Andy the scan log, but those Trojans wouldn't be there I would imagine since it tells me the MyBook is clean. But again trying to install, the MyBook the Adaware Live pops.
Thank you,
Caprine1
I don't think you understand that when the MyBook is scanned with adaware it comes up CLEAN, but when I try to use the installation program for the MyBook the Adaware Live pops and stops the operation with the notice of these Trojans. Nothing scans as there in the Adaware. I copied and pasted as recommended by Andy the scan log, but those Trojans wouldn't be there I would imagine since it tells me the MyBook is clean. But again trying to install, the MyBook the Adaware Live pops.
Thank you,
Caprine1
QUOTE(LS Albin @ Nov 9 2009, 05:57 AM)
Hi All!
Can someone please attach the detected file in this thread please.
"To upload the file, click on the Browse button within your post, navigate to the log file's location, select the file then click the green UPLOAD button."
"If you have access to the detected file, upload it as described above, however, please be sure to zip your file first - the forum will not accept the upload of .exe files or renamed .exe files. You could use an application like 7-Zip, ZipCentral or your preferred compression program to zip your file."
Best Regards
Albin
Lavasoft Malware Labs
Can someone please attach the detected file in this thread please.
"To upload the file, click on the Browse button within your post, navigate to the log file's location, select the file then click the green UPLOAD button."
"If you have access to the detected file, upload it as described above, however, please be sure to zip your file first - the forum will not accept the upload of .exe files or renamed .exe files. You could use an application like 7-Zip, ZipCentral or your preferred compression program to zip your file."
Best Regards
Albin
Lavasoft Malware Labs
Okay did an upload again this time says it was successful. Truly hope this helps. 
Thank you,
Caprine1
Thank you,
Caprine1
QUOTE(caprine1 @ Nov 10 2009, 01:54 PM)
Hi Moderators,
I don't think you understand that when the MyBook is scanned with adaware it comes up CLEAN, but when I try to use the installation program for the MyBook the Adaware Live pops and stops the operation with the notice of these Trojans. Nothing scans as there in the Adaware. I copied and pasted as recommended by Andy the scan log, but those Trojans wouldn't be there I would imagine since it tells me the MyBook is clean. But again trying to install, the MyBook the Adaware Live pops.
Thank you,
Caprine1
I don't think you understand that when the MyBook is scanned with adaware it comes up CLEAN, but when I try to use the installation program for the MyBook the Adaware Live pops and stops the operation with the notice of these Trojans. Nothing scans as there in the Adaware. I copied and pasted as recommended by Andy the scan log, but those Trojans wouldn't be there I would imagine since it tells me the MyBook is clean. But again trying to install, the MyBook the Adaware Live pops.
Thank you,
Caprine1
QUOTE(caprine1 @ Nov 10 2009, 01:54 PM)
Hi Moderators,
I don't think you understand that when the MyBook is scanned with adaware it comes up CLEAN, but when I try to use the installation program for the MyBook the Adaware Live pops and stops the operation.
I don't think you understand that when the MyBook is scanned with adaware it comes up CLEAN, but when I try to use the installation program for the MyBook the Adaware Live pops and stops the operation.
I think they understand - after reviewing your log posted here, LS Albin requested someone to zip and attach a copy of JSTART.EXE. They need to look at the executable file to see why Ad-Watch stops the installation.
Dear all,
just few minuts ago I received the reply from WD staff. I report here a translation of the original Italian text:
We are sorry for the drawback, and we ensure that all the WD software is reliable and malware-free.
All the WD software is available of download on our website (the software of my HD is at http://support.wdc.com/product/download.as...upid=117〈=en).
Please contact the producer of your antivirus software.
I suggest that the required problem may be pointed out by trying to install the windows version of the software available on the above link (no hardware is required to get into adaware message).
Best regards,
Pippi
just few minuts ago I received the reply from WD staff. I report here a translation of the original Italian text:
We are sorry for the drawback, and we ensure that all the WD software is reliable and malware-free.
All the WD software is available of download on our website (the software of my HD is at http://support.wdc.com/product/download.as...upid=117〈=en).
Please contact the producer of your antivirus software.
I suggest that the required problem may be pointed out by trying to install the windows version of the software available on the above link (no hardware is required to get into adaware message).
Best regards,
Pippi
Hi Pippi!
Thanks for your post. However we need to pinpoint the correct software download to find the file mentioned above in this thread. Does anyone have the model nr for the software download we detect files within? WD has many different downloads to choose from.
The fastest way to solve this issue would be to get a log report with a hit on the file or the file sent to us for investigation.
Cheers
Albin
Lavasoft Malware Labs
Thanks for your post. However we need to pinpoint the correct software download to find the file mentioned above in this thread. Does anyone have the model nr for the software download we detect files within? WD has many different downloads to choose from.
The fastest way to solve this issue would be to get a log report with a hit on the file or the file sent to us for investigation.
Cheers
Albin
Lavasoft Malware Labs
Hi Albin!
I apologize for the misunderstanding. I simply supposed the above link would have pointed to the specific WD product software: it does not! Sorry!
Therefore, the HD at issue is: "My Book World Edition (white light)". The software may be downloaded by clicking on "My Book World Edition Software" link. The file name is WD_My_Book_World_1NC_v1_1.iso (size 188 MB) and contains the image of the CD that was included with the drive.
Please let me know if you need any other detail.
Best whishes,
Pippi
I apologize for the misunderstanding. I simply supposed the above link would have pointed to the specific WD product software: it does not! Sorry!
Therefore, the HD at issue is: "My Book World Edition (white light)". The software may be downloaded by clicking on "My Book World Edition Software" link. The file name is WD_My_Book_World_1NC_v1_1.iso (size 188 MB) and contains the image of the CD that was included with the drive.
Please let me know if you need any other detail.
Best whishes,
Pippi
Hi Moderators,
My version of MyBook is different "My Book Studio (WDH1Q3200N)" Mine did not come with a CD as it has the software inside according to the info coming with it. There is an exe file to start which when almost any link on that installation window is hit causes the LiveWatch to activate. I do not know how to send a file from the adwatch. Any help here most appreciated.
Thank You,
caprine1
My version of MyBook is different "My Book Studio (WDH1Q3200N)" Mine did not come with a CD as it has the software inside according to the info coming with it. There is an exe file to start which when almost any link on that installation window is hit causes the LiveWatch to activate. I do not know how to send a file from the adwatch. Any help here most appreciated.
Thank You,
caprine1
QUOTE(Pippi @ Nov 11 2009, 06:54 AM)
Hi Albin!
I apologize for the misunderstanding. I simply supposed the above link would have pointed to the specific WD product software: it does not! Sorry!
Therefore, the HD at issue is: "My Book World Edition (white light)". The software may be downloaded by clicking on "My Book World Edition Software" link. The file name is WD_My_Book_World_1NC_v1_1.iso (size 188 MB) and contains the image of the CD that was included with the drive.
Please let me know if you need any other detail.
Best whishes,
Pippi
I apologize for the misunderstanding. I simply supposed the above link would have pointed to the specific WD product software: it does not! Sorry!
Therefore, the HD at issue is: "My Book World Edition (white light)". The software may be downloaded by clicking on "My Book World Edition Software" link. The file name is WD_My_Book_World_1NC_v1_1.iso (size 188 MB) and contains the image of the CD that was included with the drive.
Please let me know if you need any other detail.
Best whishes,
Pippi
Hi Albin,
I'm not sure either user knows how to find, zip, and upload the file. It might be easier to download from Western Digital's site.
Download links for software:
Pippi - World Edition (white light), 188 mb
http://support.wdc.com/product/download.as...115&lang=en
caprine1 - Studio Edition, 53.6 mb
http://support.wdc.com/product/download.as...=75&lang=en
I'm not sure either user knows how to find, zip, and upload the file. It might be easier to download from Western Digital's site.
Download links for software:
Pippi - World Edition (white light), 188 mb
http://support.wdc.com/product/download.as...115&lang=en
caprine1 - Studio Edition, 53.6 mb
http://support.wdc.com/product/download.as...=75&lang=en
QUOTE(caprine1 @ Nov 13 2009, 11:14 PM)
Hi Moderators,
My version of MyBook is different "My Book Studio (WDH1Q3200N)" Mine did not come with a CD as it has the software inside according to the info coming with it. There is an exe file to start which when almost any link on that installation window is hit causes the LiveWatch to activate. I do not know how to send a file from the adwatch. Any help here most appreciated.
Thank You,
caprine1
My version of MyBook is different "My Book Studio (WDH1Q3200N)" Mine did not come with a CD as it has the software inside according to the info coming with it. There is an exe file to start which when almost any link on that installation window is hit causes the LiveWatch to activate. I do not know how to send a file from the adwatch. Any help here most appreciated.
Thank You,
caprine1
Hi caprine1 !
You can locate the file by looking in a log report.
The logfile is located in: %SystemRoot%\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\RPProcess.log
Please try to find the file Process Watch has blocked and attach it in this thread.
Thanks
Albin
Lavasoft Malware Labs
QUOTE(visitor @ Nov 14 2009, 01:02 AM)
Hi Albin,
I'm not sure either user knows how to find, zip, and upload the file. It might be easier to download from Western Digital's site.
Download links for software:
Pippi - World Edition (white light), 188 mb
http://support.wdc.com/product/download.as...115&lang=en
caprine1 - Studio Edition, 53.6 mb
http://support.wdc.com/product/download.as...=75&lang=en
I'm not sure either user knows how to find, zip, and upload the file. It might be easier to download from Western Digital's site.
Download links for software:
Pippi - World Edition (white light), 188 mb
http://support.wdc.com/product/download.as...115&lang=en
caprine1 - Studio Edition, 53.6 mb
http://support.wdc.com/product/download.as...=75&lang=en
Hi Visitor!
We have been looking for the file in downloads located on WD's domain. Couldn't find any file which was detected by us though.
I contacted WD and got this answer:
"That file is not actually included in the Western Digital external hard drives."
It seems like WD does not provide their customers with this file or download package anymore.
I´ll hope someone can get hold of it anyway.
Thanks for your research regarding this issue.
Albin
Lavasoft Malware Labs
Hi Moderators,
Here is the file I think you are looking for...
Hope so...
Thank You,
Caprine1
Here is the file I think you are looking for...
Hope so...
Thank You,
Caprine1
QUOTE(LS Albin @ Nov 15 2009, 11:41 PM)
Hi caprine1 !
You can locate the file by looking in a log report.
The logfile is located in: %SystemRoot%\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\RPProcess.log
Please try to find the file Process Watch has blocked and attach it in this thread.
Thanks
Albin
Lavasoft Malware Labs
You can locate the file by looking in a log report.
The logfile is located in: %SystemRoot%\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Logs\RPProcess.log
Please try to find the file Process Watch has blocked and attach it in this thread.
Thanks
Albin
Lavasoft Malware Labs
QUOTE(caprine1 @ Nov 17 2009, 09:28 AM)
Hi Moderators,
Here is the file I think you are looking for...
Hope so...
Thank You,
Caprine1
Here is the file I think you are looking for...
Hope so...
Thank You,
Caprine1
Hi !
We have been looking at the log report. It seems like Process Watch blocks a "temp file". The file might just exist on the system a few ms. It would be really helpful if you could track down the actual file, if possible.
The location of it should be in:
C:\docume~1\admini~1\locals~1\temp\jgl_rt\jstart.exe
Zip the file and attach it in this thread please.
Thanks
Albin
Lavasoft Malware Labs
Here is a zipped version of the offending executable (jstart.exe). My logfile looks pretty much like the ones that have been posted. I hope you can straighten this out soon.
QUOTE(WDuser @ Nov 18 2009, 10:41 PM)
Here is a zipped version of the offending executable (jstart.exe). My logfile looks pretty much like the ones that have been posted. I hope you can straighten this out soon.
Hi WDuser!
Thanks for uploading the file
The file is falsely detected as Win32.Trojan.Agent and it will be removed from detection as of the upcoming definition file update i.e. 0149.0097.
Regards,
LS Pekka
Lavasoft Malware Labs
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.