I loaded an update for Adware SE....SER1R110 32.05.2006. Now when Adware runs it finds my NoAdware as critical objects and I get a screen telling me windows in shutting down in 30 seconds, services.exe status code 0. I can bring the computer up in safe mode and run Adware. All the critical objects other than some data miners are all NoAdware(the registries everything). Now I could put this into the ignore list, but I'm curious as to why this happened with the loading of the new definitions.
Thanks,
Ric
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Ad-Aware SE Resolved/Inactive Issues
rcannella,
These items are not any thing to do with the running of Ad-aware they are in fact Spyware/Malware and can be quarantined but if you not sure then please post a copy of your log file here after doing a "Full Scan" in safe mode and post your logfile here by using the "reply" feature,
GRAFX
QUOTE
when Adware runs it finds my NoAdware as critical objects
These items are not any thing to do with the running of Ad-aware they are in fact Spyware/Malware and can be quarantined but if you not sure then please post a copy of your log file here after doing a "Full Scan" in safe mode and post your logfile here by using the "reply" feature,
GRAFX
Here's the information from the full scan
Thanks
Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, June 02, 2006 3:54:37 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R110 31.05.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):31 total references
NoAdware(TAC index:4):39 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
6-2-2006 3:54:37 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Home\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Home\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\adobe\photoshop\7.0\visiteddirs
Description : adobe photoshop 7 recent work folders
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 736
ThreadCreationTime : 6-2-2006 7:50:36 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 820
ThreadCreationTime : 6-2-2006 7:50:39 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 844
ThreadCreationTime : 6-2-2006 7:50:40 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 900
ThreadCreationTime : 6-2-2006 7:50:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [savedump.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 912
ThreadCreationTime : 6-2-2006 7:50:42 PM
BasePriority : Idle
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows NT Save Dump Utility
InternalName : savedump
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : savedump.exe
#:6 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 6-2-2006 7:50:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 6-2-2006 7:50:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1148
ThreadCreationTime : 6-2-2006 7:50:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1344
ThreadCreationTime : 6-2-2006 7:50:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1356
ThreadCreationTime : 6-2-2006 7:50:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1544
ThreadCreationTime : 6-2-2006 7:50:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1844
ThreadCreationTime : 6-2-2006 7:50:54 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:13 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 424
ThreadCreationTime : 6-2-2006 7:51:27 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:14 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 560
ThreadCreationTime : 6-2-2006 7:51:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:15 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 988
ThreadCreationTime : 6-2-2006 7:54:01 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : home@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:home@2o7.net/
Expires : 6-1-2011 10:27:18 AM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 32
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
NoAdware Object Recognized!
Type : File
Data : noadwareutils.dll
TAC Rating : 4
Category : Misc
Comment :
Object : C:\Program Files\NoAdware4\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 33
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
NoAdware Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : df
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : un
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : rc
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : ver
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : ras
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : sas
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : mtst
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : asl
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : scantype
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : scnlg
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : abrs
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : acu
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : clsshlds
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : dntstrtshld
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : nowarn
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Schedule Scan
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Weekly Scan
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Periodic
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : WeekDay
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Period
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Time
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : shup
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : ghmpg
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : hmpg
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : gfv
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : iehj
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : hsts
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : rltime
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : acbl
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : path
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : xpath
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : lfp
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : rfp
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : firstrun
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : sbfolders
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : NtS
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : NextScan
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 38
Objects found so far: 71
4:06:56 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:19.375
Objects scanned:232556
Objects identified:40
Objects ignored:0
New critical objects:40
Thanks
Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, June 02, 2006 3:54:37 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R110 31.05.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):31 total references
NoAdware(TAC index:4):39 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
6-2-2006 3:54:37 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Home\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : C:\Documents and Settings\Home\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\adobe\photoshop\7.0\visiteddirs
Description : adobe photoshop 7 recent work folders
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\office\11.0\common\general
Description : list of recently used symbols in microsoft office
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-1060284298-2147154963-839522115-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 736
ThreadCreationTime : 6-2-2006 7:50:36 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 820
ThreadCreationTime : 6-2-2006 7:50:39 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 844
ThreadCreationTime : 6-2-2006 7:50:40 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 900
ThreadCreationTime : 6-2-2006 7:50:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [savedump.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 912
ThreadCreationTime : 6-2-2006 7:50:42 PM
BasePriority : Idle
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows NT Save Dump Utility
InternalName : savedump
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : savedump.exe
#:6 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 6-2-2006 7:50:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 6-2-2006 7:50:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1148
ThreadCreationTime : 6-2-2006 7:50:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1344
ThreadCreationTime : 6-2-2006 7:50:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1356
ThreadCreationTime : 6-2-2006 7:50:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1544
ThreadCreationTime : 6-2-2006 7:50:47 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1844
ThreadCreationTime : 6-2-2006 7:50:54 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:13 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 424
ThreadCreationTime : 6-2-2006 7:51:27 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:14 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 560
ThreadCreationTime : 6-2-2006 7:51:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:15 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 988
ThreadCreationTime : 6-2-2006 7:54:01 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : home@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:home@2o7.net/
Expires : 6-1-2011 10:27:18 AM
LastSync : Hits:2
UseCount : 0
Hits : 2
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 32
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
NoAdware Object Recognized!
Type : File
Data : noadwareutils.dll
TAC Rating : 4
Category : Misc
Comment :
Object : C:\Program Files\NoAdware4\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 33
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
NoAdware Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : df
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : un
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : rc
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : ver
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : ras
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : sas
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : mtst
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : asl
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : scantype
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : scnlg
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : abrs
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : acu
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : clsshlds
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : dntstrtshld
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : nowarn
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Schedule Scan
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Weekly Scan
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Periodic
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : WeekDay
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Period
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Time
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : shup
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : ghmpg
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : hmpg
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : gfv
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : iehj
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : hsts
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : rltime
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : acbl
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : path
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : xpath
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : lfp
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : rfp
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : firstrun
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : sbfolders
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : NtS
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : NextScan
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 38
Objects found so far: 71
4:06:56 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:19.375
Objects scanned:232556
Objects identified:40
Objects ignored:0
New critical objects:40
rcannella,
please can you clear out your cache folder ie: temporary internet folder There are some free programs that you can use that will do that for you if needed like
CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up
also
please can you make sure that you still have “Ticks by these :
"Unload recognized processes during scanning",
"Let Windows remove files in use after reboot."
to do this Open Ad-aware SE
Click “settings� (the Gear)
then Click “Tweaks“,
then click “Scanning Engine�
Tick ."Unload recognized processes during scanning"
Then Click “Cleaning Engine�
And Tick
"Let Windows remove files in use after reboot."
then Click “proceed�.
now use the WebUpDate
(to make sure you are upto date) if you want to clean your PC then scan by doing a "Full Scan" then and once the scan has finished
mark and remove the items then Reboot (ie: Re-start your PC)
Then re-scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .
GRAFX
please can you clear out your cache folder ie: temporary internet folder There are some free programs that you can use that will do that for you if needed like
CCleaner
(Note in CCleaner: go to >options > advanced > Uncheck "Only delete files in Windows Temp folders older than 48 hours"). but see CCleaner Set up
also
please can you make sure that you still have “Ticks by these :
"Unload recognized processes during scanning",
"Let Windows remove files in use after reboot."
to do this Open Ad-aware SE
Click “settings� (the Gear)
then Click “Tweaks“,
then click “Scanning Engine�
Tick ."Unload recognized processes during scanning"
Then Click “Cleaning Engine�
And Tick
"Let Windows remove files in use after reboot."
then Click “proceed�.
now use the WebUpDate
(to make sure you are upto date) if you want to clean your PC then scan by doing a "Full Scan" then and once the scan has finished
mark and remove the items then Reboot (ie: Re-start your PC)
Then re-scan doing a "Full Scan" and then post your logfile here by using the Add-Reply Feature .
GRAFX
okay, did the clean and ran ad-aware removing all the found objects(everything). After the re-boot, NoAdware tried to start and came up with being corrupted. Did a web load of NoAware, re-ran Ad-Aware and all the NoAdware critical objects are back. Here's the logfile.
Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, June 02, 2006 6:40:27 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R110 31.05.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):2 total references
NoAdware(TAC index:4):35 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
6-2-2006 6:40:27 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Home\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 844
ThreadCreationTime : 6-2-2006 10:39:10 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 892
ThreadCreationTime : 6-2-2006 10:39:11 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 6-2-2006 10:39:13 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 960
ThreadCreationTime : 6-2-2006 10:39:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 972
ThreadCreationTime : 6-2-2006 10:39:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1152
ThreadCreationTime : 6-2-2006 10:39:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1220
ThreadCreationTime : 6-2-2006 10:39:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1344
ThreadCreationTime : 6-2-2006 10:39:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1464
ThreadCreationTime : 6-2-2006 10:39:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1548
ThreadCreationTime : 6-2-2006 10:39:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1824
ThreadCreationTime : 6-2-2006 10:39:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 156
ThreadCreationTime : 6-2-2006 10:39:21 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:13 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 7.0\Distillr\
ProcessID : 308
ThreadCreationTime : 6-2-2006 10:39:22 PM
BasePriority : Normal
FileVersion : 7.0.7.2006011200
ProductVersion : 7.0.7.2006011200
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2006 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe
#:14 [ico.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 324
ThreadCreationTime : 6-2-2006 10:39:22 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.
#:15 [freedom.exe]
FilePath : C:\Program Files\Zero Knowledge\Freedom\
ProcessID : 344
ThreadCreationTime : 6-2-2006 10:39:22 PM
BasePriority : Normal
FileVersion : 5.1.3.36337
ProductVersion : 5.1.3.36337
ProductName : Freedom 5.1.3
CompanyName : Zero-Knowledge Systems Inc.
FileDescription : Freedom 5.1.3
InternalName : Freedom Client
LegalCopyright : Copyright © 2002-2004
LegalTrademarks : Zero-Knowledge Systems Inc.
OriginalFilename : Freedom.exe
#:16 [fsrremos.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 348
ThreadCreationTime : 6-2-2006 10:39:22 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 1
ProductName : sysinf_s Application
FileDescription : sysinf_s MFC Application
InternalName : sysinf_s
LegalCopyright : Copyright © 2003
OriginalFilename : sysinf_s.EXE
#:17 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 356
ThreadCreationTime : 6-2-2006 10:39:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:18 [noadware4.exe]
FilePath : C:\Program Files\NoAdware4\
ProcessID : 368
ThreadCreationTime : 6-2-2006 10:39:22 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Noadware4 Application
FileDescription : Noadware4 MFC Application
InternalName : Noadware4
LegalCopyright : Copyright © 2005
OriginalFilename : Noadware4.EXE
#:19 [pelmiced.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 396
ThreadCreationTime : 6-2-2006 10:39:23 PM
BasePriority : Normal
FileVersion : 1, 1, 0, 6
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.
#:20 [acrobat_sl.exe]
FilePath : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\
ProcessID : 412
ThreadCreationTime : 6-2-2006 10:39:23 PM
BasePriority : Normal
FileVersion : 7.0.5.2005092300
ProductVersion : 7.0.5.2005092300
ProductName : Adobe Acrobat
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Acrobat SpeedLauncher
LegalCopyright : Copyright 1984-2005 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroSpeedLaunch.exe
#:21 [dkservice.exe]
FilePath : C:\Program Files\Executive Software\DiskeeperLite\
ProcessID : 704
ThreadCreationTime : 6-2-2006 10:39:27 PM
BasePriority : Normal
FileVersion : 7.0.418.0
ProductVersion : 7.0.418.0
ProductName : Diskeeper ™ Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2002 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE
#:22 [dvpapi.exe]
FilePath : C:\Program Files\Common Files\Command Software\
ProcessID : 736
ThreadCreationTime : 6-2-2006 10:39:27 PM
BasePriority : Normal
#:23 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 812
ThreadCreationTime : 6-2-2006 10:39:27 PM
BasePriority : Normal
FileVersion : 7.10.3077
ProductVersion : 7.10.3077
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright© Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:24 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 6-2-2006 10:39:27 PM
BasePriority : Normal
FileVersion : 6.14.10.6177
ProductVersion : 6.14.10.6177
ProductName : NVIDIA Driver Helper Service, Version 61.77
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 61.77
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:25 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1404
ThreadCreationTime : 6-2-2006 10:39:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:26 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1428
ThreadCreationTime : 6-2-2006 10:39:28 PM
BasePriority : Normal
FileVersion : 1, 8, 48, 77
ProductVersion : 1, 8, 48, 77
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe
#:27 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1484
ThreadCreationTime : 6-2-2006 10:39:28 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:28 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2140
ThreadCreationTime : 6-2-2006 10:39:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:29 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3868
ThreadCreationTime : 6-2-2006 10:40:14 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:30 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3968
ThreadCreationTime : 6-2-2006 10:40:17 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
NoAdware Object Recognized!
Type : File
Data : A0050646.dll
TAC Rating : 4
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{BC3E6F8E-7147-4BD6-A40B-C12E4B7D8DAC}\RP675\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 3
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
NoAdware Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : df
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : un
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : rc
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : ver
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : ras
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : sas
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : mtst
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : asl
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : abrs
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : acu
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : clsshlds
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : dntstrtshld
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : nowarn
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Schedule Scan
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Weekly Scan
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Periodic
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : WeekDay
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Period
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Time
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : scantype
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : firstrun
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : shup
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : ghmpg
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : hmpg
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : rltime
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : gfv
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : iehj
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : hsts
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : acbl
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : path
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : xpath
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : lfp
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : rfp
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 34
Objects found so far: 37
6:50:14 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:46.750
Objects scanned:213643
Objects identified:35
Objects ignored:0
New critical objects:35
Ad-Aware SE Build 1.06r1
Logfile Created on:Friday, June 02, 2006 6:40:27 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R110 31.05.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):2 total references
NoAdware(TAC index:4):35 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
6-2-2006 6:40:27 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Home\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 844
ThreadCreationTime : 6-2-2006 10:39:10 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 892
ThreadCreationTime : 6-2-2006 10:39:11 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 916
ThreadCreationTime : 6-2-2006 10:39:13 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 960
ThreadCreationTime : 6-2-2006 10:39:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 972
ThreadCreationTime : 6-2-2006 10:39:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1152
ThreadCreationTime : 6-2-2006 10:39:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1220
ThreadCreationTime : 6-2-2006 10:39:14 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1344
ThreadCreationTime : 6-2-2006 10:39:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1464
ThreadCreationTime : 6-2-2006 10:39:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1548
ThreadCreationTime : 6-2-2006 10:39:15 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1824
ThreadCreationTime : 6-2-2006 10:39:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 156
ThreadCreationTime : 6-2-2006 10:39:21 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:13 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 7.0\Distillr\
ProcessID : 308
ThreadCreationTime : 6-2-2006 10:39:22 PM
BasePriority : Normal
FileVersion : 7.0.7.2006011200
ProductVersion : 7.0.7.2006011200
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright 1984-2006 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroTray.exe
#:14 [ico.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 324
ThreadCreationTime : 6-2-2006 10:39:22 PM
BasePriority : Normal
FileVersion : 1, 0, 1, 0
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.
#:15 [freedom.exe]
FilePath : C:\Program Files\Zero Knowledge\Freedom\
ProcessID : 344
ThreadCreationTime : 6-2-2006 10:39:22 PM
BasePriority : Normal
FileVersion : 5.1.3.36337
ProductVersion : 5.1.3.36337
ProductName : Freedom 5.1.3
CompanyName : Zero-Knowledge Systems Inc.
FileDescription : Freedom 5.1.3
InternalName : Freedom Client
LegalCopyright : Copyright © 2002-2004
LegalTrademarks : Zero-Knowledge Systems Inc.
OriginalFilename : Freedom.exe
#:16 [fsrremos.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 348
ThreadCreationTime : 6-2-2006 10:39:22 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 3
ProductVersion : 1, 0, 0, 1
ProductName : sysinf_s Application
FileDescription : sysinf_s MFC Application
InternalName : sysinf_s
LegalCopyright : Copyright © 2003
OriginalFilename : sysinf_s.EXE
#:17 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 356
ThreadCreationTime : 6-2-2006 10:39:22 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:18 [noadware4.exe]
FilePath : C:\Program Files\NoAdware4\
ProcessID : 368
ThreadCreationTime : 6-2-2006 10:39:22 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Noadware4 Application
FileDescription : Noadware4 MFC Application
InternalName : Noadware4
LegalCopyright : Copyright © 2005
OriginalFilename : Noadware4.EXE
#:19 [pelmiced.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 396
ThreadCreationTime : 6-2-2006 10:39:23 PM
BasePriority : Normal
FileVersion : 1, 1, 0, 6
ProductVersion : 1.0.0.0
ProductName : MouseSuite 98
CompanyName : Primax Electronics Ltd.
FileDescription : Mouse Suite 98 Daemon
InternalName : pelmiced.exe
LegalCopyright : Copyright © 1997, Primax Electronics Ltd.
LegalTrademarks : Primax Electronics Ltd.
#:20 [acrobat_sl.exe]
FilePath : C:\Program Files\Adobe\Acrobat 7.0\Acrobat\
ProcessID : 412
ThreadCreationTime : 6-2-2006 10:39:23 PM
BasePriority : Normal
FileVersion : 7.0.5.2005092300
ProductVersion : 7.0.5.2005092300
ProductName : Adobe Acrobat
CompanyName : Adobe Systems Incorporated
FileDescription : Adobe Acrobat SpeedLauncher
LegalCopyright : Copyright 1984-2005 Adobe Systems Incorporated and its licensors. All rights reserved.
OriginalFilename : AcroSpeedLaunch.exe
#:21 [dkservice.exe]
FilePath : C:\Program Files\Executive Software\DiskeeperLite\
ProcessID : 704
ThreadCreationTime : 6-2-2006 10:39:27 PM
BasePriority : Normal
FileVersion : 7.0.418.0
ProductVersion : 7.0.418.0
ProductName : Diskeeper ™ Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2002 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE
#:22 [dvpapi.exe]
FilePath : C:\Program Files\Common Files\Command Software\
ProcessID : 736
ThreadCreationTime : 6-2-2006 10:39:27 PM
BasePriority : Normal
#:23 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 812
ThreadCreationTime : 6-2-2006 10:39:27 PM
BasePriority : Normal
FileVersion : 7.10.3077
ProductVersion : 7.10.3077
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright© Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe
#:24 [nvsvc32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 6-2-2006 10:39:27 PM
BasePriority : Normal
FileVersion : 6.14.10.6177
ProductVersion : 6.14.10.6177
ProductName : NVIDIA Driver Helper Service, Version 61.77
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 61.77
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe
#:25 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1404
ThreadCreationTime : 6-2-2006 10:39:28 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:26 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1428
ThreadCreationTime : 6-2-2006 10:39:28 PM
BasePriority : Normal
FileVersion : 1, 8, 48, 77
ProductVersion : 1, 8, 48, 77
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe
#:27 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1484
ThreadCreationTime : 6-2-2006 10:39:28 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:28 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2140
ThreadCreationTime : 6-2-2006 10:39:35 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:29 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3868
ThreadCreationTime : 6-2-2006 10:40:14 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:30 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3968
ThreadCreationTime : 6-2-2006 10:40:17 PM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
NoAdware Object Recognized!
Type : File
Data : A0050646.dll
TAC Rating : 4
Category : Misc
Comment :
Object : C:\System Volume Information\_restore{BC3E6F8E-7147-4BD6-A40B-C12E4B7D8DAC}\RP675\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 3
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
NoAdware Object Recognized!
Type : Regkey
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : df
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : un
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : rc
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : ver
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : ras
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : sas
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : mtst
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : asl
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : abrs
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : acu
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : clsshlds
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : dntstrtshld
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : nowarn
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Schedule Scan
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Weekly Scan
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Periodic
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : WeekDay
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Period
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : Time
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : scantype
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : firstrun
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : shup
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : ghmpg
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : hmpg
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : rltime
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : gfv
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : iehj
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : hsts
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : acbl
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : path
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : xpath
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : lfp
NoAdware Object Recognized!
Type : RegValue
Data :
TAC Rating : 4
Category : Misc
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\noadware4
Value : rfp
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 34
Objects found so far: 37
6:50:14 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:09:46.750
Objects scanned:213643
Objects identified:35
Objects ignored:0
New critical objects:35
rcannella,
Try the removal in Safe mode ,
Safe mode is the Windows diagnostics mode. When you start the computer in Safe mode, only the specific components that are needed to run the operating system are loaded. Safe mode does not allow some functions, such as connection to the Internet. It also loads a standard video driver at a low resolution; therefore, your programs and the Windows desktop may look different than usual, In addition, the desktop icons may have moved to different locations on the desktop.
see
How to start the computer in Safe mode
aftaer you have done that please can you download HijackThis
After you have downloaded it and Unzipped it, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and then can you please post you Logfile in the
HijackThis Logs forum.
Call it some ting like "my HijachThis log" in the Topic Title
and then put "referred by GRAFX" as the Topic Description
Also Please can you include a link to this post for reference
GRAFX
Try the removal in Safe mode ,
Safe mode is the Windows diagnostics mode. When you start the computer in Safe mode, only the specific components that are needed to run the operating system are loaded. Safe mode does not allow some functions, such as connection to the Internet. It also loads a standard video driver at a low resolution; therefore, your programs and the Windows desktop may look different than usual, In addition, the desktop icons may have moved to different locations on the desktop.
see
How to start the computer in Safe mode
aftaer you have done that please can you download HijackThis
After you have downloaded it and Unzipped it, doubleclick HijackThis.exe, and hit "Scan".
When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log somewhere, and then can you please post you Logfile in the
HijackThis Logs forum.
Call it some ting like "my HijachThis log" in the Topic Title
and then put "referred by GRAFX" as the Topic Description
Also Please can you include a link to this post for reference
GRAFX
Rcannella,
Please see this thread:
http://www.lavasoftsupport.com/index.php?s...106&hl=noadware
All my best
-Michael
Please see this thread:
http://www.lavasoftsupport.com/index.php?s...106&hl=noadware
All my best
-Michael
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.