Help - Search - Members - Calendar
Full Version: need help in removing malware asap!!!!
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
podvideo
Sep 15 2006, 08:07 PM
hi guys. i'm javier here. i'm using Ad-Aware se. i'm quite confuse right now as i just download the lastest webupdate. i discover quite a feel critical object. 5 Win32.trojan.downloader and 1 BargainBuddy. i would like to know if its false postive like u guys mention or if my computer has malware?? coz its quite confusing after reading a few post from the forum. and its the 1st time i got tac 10 and tac 8 malware. its make me having sleeping problem. and i can't download the lastest ad-aware se update. any1 know y?? i realli hope some1 can clarify 4 me. thanks alot.


Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, September 16, 2006 1:50:13 AM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R123 12.09.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):1 total references
MRU List(TAC index:0):34 total references
Tracking Cookie(TAC index:3):11 total references
Win32.Trojan.Downloader(TAC index:10):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


9-16-2006 1:50:13 AM - Scan started. (Full System Scan)


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 860
ThreadCreationTime : 9-15-2006 5:04:03 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 936
ThreadCreationTime : 9-15-2006 5:04:04 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 960
ThreadCreationTime : 9-15-2006 5:04:07 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1008
ThreadCreationTime : 9-15-2006 5:04:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1020
ThreadCreationTime : 9-15-2006 5:04:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1188
ThreadCreationTime : 9-15-2006 5:04:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1236
ThreadCreationTime : 9-15-2006 5:04:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1380
ThreadCreationTime : 9-15-2006 5:04:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [incdsrv.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 1400
ThreadCreationTime : 9-15-2006 5:04:09 PM
BasePriority : Normal
FileVersion : 4, 3, 18, 0
ProductVersion : 4, 3, 18, 0
ProductName : Nero AG incdsrv
CompanyName : Nero AG
FileDescription : incdsrv
InternalName : incdsrv
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : incdsrv.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1548
ThreadCreationTime : 9-15-2006 5:04:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1604
ThreadCreationTime : 9-15-2006 5:04:10 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1876
ThreadCreationTime : 9-15-2006 5:04:10 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:13 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1904
ThreadCreationTime : 9-15-2006 5:04:11 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:14 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1976
ThreadCreationTime : 9-15-2006 5:04:11 PM
BasePriority : Normal
FileVersion : 6.0.3.303
ProductVersion : 6.0
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002 - 2006 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:15 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 1996
ThreadCreationTime : 9-15-2006 5:04:11 PM
BasePriority : Normal
FileVersion : 2.1.0.4
ProductVersion : 2.1.0.4
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004, 2005 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:16 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 2020
ThreadCreationTime : 9-15-2006 5:04:11 PM
BasePriority : Normal
FileVersion : 1.9.1.762
ProductVersion : 1.9.1.762
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:17 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 392
ThreadCreationTime : 9-15-2006 5:04:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp.050610-1527)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:18 [atkkbservice.exe]
FilePath : C:\WINDOWS\
ProcessID : 984
ThreadCreationTime : 9-15-2006 5:04:21 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 0
ProductVersion : 1, 0, 0, 0
ProductName : ASUS Keyboard Service
CompanyName : ASUSTeK COMPUTER INC.
FileDescription : ASUS Keyboard Service
InternalName : ATKKBService
LegalCopyright : Copyright © 2004 @ASUSTeK COMPUTER INC.
OriginalFilename : ATKKBService.exe

#:19 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 1024
ThreadCreationTime : 9-15-2006 5:04:21 PM
BasePriority : Normal
FileVersion : 3.0.0.166
ProductVersion : 3.0.0.166
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:20 [guard.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 1292
ThreadCreationTime : 9-15-2006 5:04:21 PM
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware guard
InternalName : ewido anti-spywareguard
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : guard.exe

#:21 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1316
ThreadCreationTime : 9-15-2006 5:04:21 PM
BasePriority : Normal
FileVersion : 12.2.0.13
ProductVersion : 12.2.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:22 [npfmntor.exe]
FilePath : C:\Program Files\Norton AntiVirus\IWP\
ProcessID : 1588
ThreadCreationTime : 9-15-2006 5:04:24 PM
BasePriority : Normal
FileVersion : 12.2.0.13
ProductVersion : 12.2.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:23 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1624
ThreadCreationTime : 9-15-2006 5:04:24 PM
BasePriority : Normal
FileVersion : 6.14.10.8391
ProductVersion : 6.14.10.8391
ProductName : NVIDIA Driver Helper Service, Version 83.91
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 83.91
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:24 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1736
ThreadCreationTime : 9-15-2006 5:04:24 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:25 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 1988
ThreadCreationTime : 9-15-2006 5:04:24 PM
BasePriority : Normal
FileVersion : 6.5.731.000
ProductVersion : 6.5.731.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:26 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1576
ThreadCreationTime : 9-15-2006 5:04:27 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:27 [wgatray.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2540
ThreadCreationTime : 9-15-2006 5:04:54 PM
BasePriority : Normal
FileVersion : 1.5.0540.0
ProductVersion : 1.5.0540.0
ProductName : Windows Genuine Advantage
CompanyName : Microsoft Corporation
FileDescription : Windows Genuine Advantage Notification
InternalName : WgaNotify
LegalCopyright : © 1995-2006 Microsoft Corporation
OriginalFilename : WgaTray.exe

#:28 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2584
ThreadCreationTime : 9-15-2006 5:04:54 PM
BasePriority : Normal
FileVersion : 6.00.2900.2649 (xpsp.050406-1732)
ProductVersion : 6.00.2900.2649
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:29 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 2816
ThreadCreationTime : 9-15-2006 5:04:56 PM
BasePriority : Normal
FileVersion : 5.1.0.38
ProductVersion : 5.1.0.38
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:30 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2932
ThreadCreationTime : 9-15-2006 5:04:56 PM
BasePriority : Normal
FileVersion : 104.0.8.3
ProductVersion : 104.0.8.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2005 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:31 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3040
ThreadCreationTime : 9-15-2006 5:04:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:32 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3060
ThreadCreationTime : 9-15-2006 5:04:57 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:33 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink DVD Solution\PowerDVD\
ProcessID : 3116
ThreadCreationTime : 9-15-2006 5:04:57 PM
BasePriority : Normal
FileVersion : 6.00.1027
ProductVersion : 6.00.1027
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2004
OriginalFilename : PDVDSERV.EXE

#:34 [incd.exe]
FilePath : C:\Program Files\Ahead\InCD\
ProcessID : 3156
ThreadCreationTime : 9-15-2006 5:04:58 PM
BasePriority : Normal
FileVersion : 4, 3, 18, 0
ProductVersion : 4, 3, 18, 0
ProductName : Nero AG InCD
CompanyName : Nero AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright 1995-2005 Nero AG and its licensors. All Rights Reserved.
LegalTrademarks : InCD is a trademark of Nero AG
OriginalFilename : InCD.exe

#:35 [fwupdate.exe]
FilePath : C:\Program Files\lg_fwupdate\
ProcessID : 3216
ThreadCreationTime : 9-15-2006 5:05:01 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : LG Firmware Autoupdate
CompanyName : CST
InternalName : fwupdate
OriginalFilename : fwupdate.exe

#:36 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3264
ThreadCreationTime : 9-15-2006 5:05:01 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:37 [caissdt.exe]
FilePath : C:\Program Files\CA\eTrust Internet Security Suite\
ProcessID : 3280
ThreadCreationTime : 9-15-2006 5:05:01 PM
BasePriority : Normal
FileVersion : Version 2.0.1.1
ProductVersion : Version 2.0.1.1
ProductName : Computer Associates Dashboard Tray
CompanyName : Computer Associates International, Inc.
FileDescription : CA ISS Dashboard Tray
InternalName : CAISSDT
LegalCopyright : Copyright © 2005 Computer Associates International, Inc. All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.
OriginalFilename : CAISSDT.exe

#:38 [ppactivedetection.exe]
FilePath : C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\
ProcessID : 3408
ThreadCreationTime : 9-15-2006 5:05:03 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 3
ProductVersion : 8, 0, 0, 3
ProductName : eTrust PestPatrol
CompanyName : Computer Associates
FileDescription : eTrust PestPatrol background protection application
InternalName : PPActiveDetection
LegalCopyright : © 2005 Computer Associates International, Inc.
LegalTrademarks : PestPatrol®, eTrust™, Center for Pest Research™
OriginalFilename : PPActiveDetection.EXE
Comments : The advanced technology is brought to you by the fine eTrust PestPatrol product development team

#:39 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 3468
ThreadCreationTime : 9-15-2006 5:05:03 PM
BasePriority : Normal
FileVersion : 7.1
ProductVersion : QuickTime 7.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:40 [ituneshelper.exe]
FilePath : E:\Program Files\iTunes\
ProcessID : 3476
ThreadCreationTime : 9-15-2006 5:05:04 PM
BasePriority : Normal
FileVersion : 6.0.5.20
ProductVersion : 6.0.5.20
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:41 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 3492
ThreadCreationTime : 9-15-2006 5:05:04 PM
BasePriority : Normal
FileVersion : 6.5.731.000
ProductVersion : 6.5.731.000
ProductName : Zone Labs Client
CompanyName : Zone Labs, LLC
FileDescription : Zone Labs Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:42 [ipodservice.exe]
FilePath : E:\Program Files\iPod\bin\
ProcessID : 3564
ThreadCreationTime : 9-15-2006 5:05:05 PM
BasePriority : Normal
FileVersion : 6.0.5.20
ProductVersion : 6.0.5.20
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:43 [ewido.exe]
FilePath : C:\Program Files\ewido anti-spyware 4.0\
ProcessID : 3716
ThreadCreationTime : 9-15-2006 5:05:09 PM
BasePriority : Normal
FileVersion : 4, 0, 0, 172
ProductVersion : 4, 0, 0, 172
ProductName : ewido anti-spyware
CompanyName : Anti-Malware Development a.s.
FileDescription : ewido anti-spyware
InternalName : ewido anti-spyware
LegalCopyright : Copyright © 2005 Anti-Malware Development a.s.
OriginalFilename : ewido.exe

#:44 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 3820
ThreadCreationTime : 9-15-2006 5:05:12 PM
BasePriority : Normal
FileVersion : 7.5.0324
ProductVersion : 7.5.0324
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:45 [nscsrvce.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Console\
ProcessID : 500
ThreadCreationTime : 9-15-2006 5:05:43 PM
BasePriority : Normal
FileVersion : 2006.1.6.2
ProductVersion : 2006.1.6
ProductName : Norton Security Console
CompanyName : Symantec Corporation
FileDescription : Norton Security Console Norton Protection Center Service
InternalName : NSCService
LegalCopyright : Norton Security Console 2006 for Windows 2000/XP Copyright © 2005 Symantec Corporation. All rights reserved.
OriginalFilename : NSCSrvce.exe

#:46 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2408
ThreadCreationTime : 9-15-2006 5:22:46 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:47 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 824
ThreadCreationTime : 9-15-2006 5:50:06 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 34


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{48e59293-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{48e59291-9880-11cf-9754-00aa00c00908}

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{48e59290-9880-11cf-9754-00aa00c00908}

BargainBuddy Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-606747145-1177238915-682003330-1003\software\microsoft\windows\currentversion\ext\stats\{d27cdb6e-ae6d-11cf-96b8-444553540000}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 38


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 38


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : j2g@adtech[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:j2g@adtech.de/
Expires : 9-12-2016 1:15:38 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : j2g@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:j2g@tribalfusion.com/
Expires : 1-1-2038 8:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : j2g@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:j2g@fastclick.net/
Expires : 9-14-2008 8:04:20 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : j2g@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:j2g@atdmt.com/
Expires : 9-14-2011 8:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : j2g@ehg-dig.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:j2g@ehg-dig.hitbox.com/
Expires : 9-16-2007 1:26:16 AM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : j2g@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:j2g@doubleclick.net/
Expires : 9-16-2006 1:55:58 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : j2g@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:j2g@hitbox.com/
Expires : 9-16-2007 1:26:16 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : j2g@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:j2g@mediaplex.com/
Expires : 6-22-2009 8:00:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : j2g@serving-sys[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:j2g@serving-sys.com/
Expires : 1-1-2038 6:00:00 AM
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : j2g@questionmarket[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:j2g@questionmarket.com/
Expires : 11-5-2007 4:39:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : j2g@clickbank[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:j2g@clickbank.net/
Expires : 3-14-2007 8:20:02 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 11
Objects found so far: 49



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49


Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49


Deep scanning and examining files (G:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for G:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 49


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 49




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : inetctls.inet

Win32.Trojan.Downloader Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : inetctls.inet.1

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 51

1:56:46 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:32.578
Objects scanned:188201
Objects identified:17
Objects ignored:0
New critical objects:17
LS CalamityJane
Sep 20 2006, 10:48 PM
Yes, this was a false positive - all were fixed in the definitions for 14 Sept 2006. However we have had an additional update since then (Sept 19). So update your Ad-Aware and that should resolve the problem.

I'm going to archive this in the resolved section so if you have any further issues, please feel free to start a new topic. smile.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.