HLM

Members
  • Content Count

    11
  • Joined

  • Last visited

Community Reputation

0 Neutral

About HLM

  • Rank
    Member
  • Birthday 01/01/1908

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Location
    New Zealand
  1. For the record, would you or anyone else be able to tell me why exactly I was getting the Remote Procedure Call window and having Windows shut down when the false was being detected? It just bothers me that it's a common thing for spyware to do to protect itself from being removed- so why was it happening without there being an infection?
  2. What definitions are you using? There has been a problem with SE1R181 (16th July). An update has been released that fixes this: SE1R182.
  3. I had already formatted a dozen times. SE1R182 update has fixed all.
  4. That worked perfectly. Nothing but some usual tracking cookies found. I can now rest in peace.
  5. I have been having trouble with Adaware detecting "0 possible new malware 0" and "adware.agent" in system32\shell32.dll. The "problem" is only detected with the latest defintions. From what I've gathered, the dll is harmless and it's a mistake on Adaware's part, but it bothers me that when the detection happens, the system tries to shutdown via a Remote Procedure Call window. Could it be that this is simply some kind of Windows feature that is getting triggered, and not spyware at all? I'd email my shell32.dll, but I don't think it'd be much use, seeing as I have formatted and installed Windows fresh for the 100th time for the last couple of days. I havn't installed the latest definitions to trigger the problem yet, and don't plan to! You can see my problem in more detail here and here.
  6. I know there are a few people waiting for an official answer on this one. It seems very strange that if there is a problem with the latest definitions, there are not hundreds of posts on these forums about it, and no reply from Lavasoft yet.
  7. It looks like this is only happening once you update to the latest definitions. Are the latest definitions (SE1R181 -16th 07 2007) falsely detecting something which is not a problem, or is it possible that something maliscious is actually being included in the download? I have now formatted a hundred times and am now using Adaware with out of date definitions, since I know the moment I press that update button and scan, I'm going to be "infected" again. Also, would anyone know where I can get older definitions? I downloaded 3 different definitions from this site, only to find out they each appear to be exactly the same file, which Adaware detects as SE1R181. Obviously no good. Hope this is being looked into.
  8. I'm having a similar problem. Updated Adaware SE definitions, then this "0 Possibile malware 0" and "adware.agent" are detected. However, my problem file is system32\shell32.dll instead of your SHDOCVW.dll. When they are found, an RPC window pops up and tries to shut down the system. I have formatted a number of times now. Fresh install of windows, only AVG and Adaware installed. Not even a network connection. Spyware comes back every time. My post can be found here.
  9. Thanks. I've since installed Windows once again, this time using the "Repair" installation, so my files and most of my settings remained intact. Sure enough, another scan brings up the same spyware. Another oddity is Internet Explorer shows an error and closes the page when trying to view these forums. Don't know how related this is to the spyware problem. I've also ran HijackThis. eSe below for log. So at the moment I've cleaned any bugs out of the registry, and am left with the 1 adwaare.agent and 13 possible malware "processes". I know if I try and remove them again, the system will go all funny, so I'm just going to wait and see if anyone's got any suggestions. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:47:03 a.m., on 22/07/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\Program Files\Grisoft\AVG Free\avgcc.exe C:\HijackThis\HijackThis.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe -- End of file - 2922 bytes
  10. Hello, Hope I'm posting in the right place. Recently, I've been infected with a very nasty bit of spyware. Adaware picked up a number of objects which I tried to remove, which in turn made my computer unable to use any shotcut icons, prevented programs from running and other nasties. I ended up backing up formatting. I was amazed to see even after a fresh format, the same spyware returned! I had only installed hardware drivers, Adaware, AVG antivirus, and Spybot S&D. I had backed up some files to another hard drive, and others were transferred to another computer. Now, after the return of the spyware, I did some more scanning to track it down. Here's what I found. 1) First, I scanned only Active Processes: References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 0 Possible New Malware 0(TAC index:3):12 total references Adware.Agent(TAC index:5):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 484 ThreadCreationTime : 21-07-2007 3:00:35 a.m. BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 540 ThreadCreationTime : 21-07-2007 3:00:36 a.m. BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 564 ThreadCreationTime : 21-07-2007 3:00:37 a.m. BasePriority : High Adware.Agent Object Recognized! Type : Process Data : SHELL32.dll TAC Rating : 5 Category : Adware Comment : main_uninstaller.exe.dmp Object : C:\WINDOWS\system32\ FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Shell Common Dll InternalName : SHELL32 LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : SHELL32.DLL Warning! Adware.Agent Object found in memory(C:\WINDOWS\system32\SHELL32.dll) #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 608 ThreadCreationTime : 21-07-2007 3:00:38 a.m. BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Services and Controller app InternalName : services.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 620 ThreadCreationTime : 21-07-2007 3:00:38 a.m. BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe 0 Possible New Malware 0 Object Recognized! Type : Process Data : SHELL32.dll TAC Rating : 0 Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Shell Common Dll InternalName : SHELL32 LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : SHELL32.DLL #:6 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 800 ThreadCreationTime : 21-07-2007 3:00:38 a.m. BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe 0 Possible New Malware 0 Object Recognized! Type : Process Data : SHELL32.dll TAC Rating : 0 Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Shell Common Dll InternalName : SHELL32 LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : SHELL32.DLL #:7 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 852 ThreadCreationTime : 21-07-2007 3:00:38 a.m. BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe 0 Possible New Malware 0 Object Recognized! Type : Process Data : shell32.dll TAC Rating : 0 Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Shell Common Dll InternalName : SHELL32 LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : SHELL32.DLL #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 976 ThreadCreationTime : 21-07-2007 3:00:39 a.m. BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe 0 Possible New Malware 0 Object Recognized! Type : Process Data : SHELL32.dll TAC Rating : 0 Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Shell Common Dll InternalName : SHELL32 LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : SHELL32.DLL "C:\WINDOWS\System32\svchost.exe"Process terminated successfully #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 996 ThreadCreationTime : 21-07-2007 3:00:39 a.m. BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe 0 Possible New Malware 0 Object Recognized! Type : Process Data : SHELL32.dll TAC Rating : 0 Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Shell Common Dll InternalName : SHELL32 LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : SHELL32.DLL #:10 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1224 ThreadCreationTime : 21-07-2007 3:00:39 a.m. BasePriority : Normal FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : EXPLORER.EXE 0 Possible New Malware 0 Object Recognized! Type : Process Data : SHELL32.dll TAC Rating : 0 Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Shell Common Dll InternalName : SHELL32 LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : SHELL32.DLL #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1264 ThreadCreationTime : 21-07-2007 3:00:40 a.m. BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe 0 Possible New Malware 0 Object Recognized! Type : Process Data : SHELL32.dll TAC Rating : 0 Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Shell Common Dll InternalName : SHELL32 LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : SHELL32.DLL #:12 [avgcc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1376 ThreadCreationTime : 21-07-2007 3:00:40 a.m. BasePriority : Normal FileVersion : 7.5.0.460 ProductVersion : 7.5.0.460 ProductName : AVG Anti-Virus system CompanyName : GRISOFT, s.r.o. FileDescription : AVG Control Center InternalName : AvgCC LegalCopyright : Copyright © 2007 GRISOFT, s.r.o. OriginalFilename : AvgCC.EXE 0 Possible New Malware 0 Object Recognized! Type : Process Data : SHELL32.dll TAC Rating : 0 Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Shell Common Dll InternalName : SHELL32 LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : SHELL32.DLL #:13 [ctfmon.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1392 ThreadCreationTime : 21-07-2007 3:00:40 a.m. BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : CTF Loader InternalName : CTFMON LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : CTFMON.EXE #:14 [avgamsvr.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 1996 ThreadCreationTime : 21-07-2007 3:00:50 a.m. BasePriority : Normal FileVersion : 7.5.0.453 ProductVersion : 7.5.0.453 ProductName : AVG Anti-Virus system CompanyName : GRISOFT, s.r.o. FileDescription : AVG Alert Manager InternalName : avgamsvr LegalCopyright : Copyright © 2007 GRISOFT, s.r.o. OriginalFilename : avgamsvr.EXE 0 Possible New Malware 0 Object Recognized! Type : Process Data : SHELL32.dll TAC Rating : 0 Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Shell Common Dll InternalName : SHELL32 LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : SHELL32.DLL #:15 [avgupsvc.exe] FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\ ProcessID : 2020 ThreadCreationTime : 21-07-2007 3:00:51 a.m. BasePriority : Normal FileVersion : 7.5.0.420 ProductVersion : 7.5.0.420 ProductName : AVG 7.5 Anti-Virus System CompanyName : GRISOFT, s.r.o. FileDescription : AVG Update Service InternalName : avgupsvc LegalCopyright : Copyright © 2006 GRISOFT, s.r.o. OriginalFilename : avgupdsvc.EXE #:16 [googleupdaterservice.exe] FilePath : C:\Program Files\Google\Common\Google Updater\ ProcessID : 152 ThreadCreationTime : 21-07-2007 3:00:51 a.m. BasePriority : Normal FileVersion : 2.2.824.5515.beta ProductVersion : 2.2.824.5515.beta ProductName : Google Updater CompanyName : Google FileDescription : gusvc InternalName : gusvc LegalCopyright : ©2005-2006 Google. All Rights Reserved. OriginalFilename : GoogleUpdaterService.exe Comments : Google Updater 0 Possible New Malware 0 Object Recognized! Type : Process Data : SHELL32.dll TAC Rating : 0 Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Shell Common Dll InternalName : SHELL32 LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : SHELL32.DLL "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"Process terminated successfully #:17 [nvsvc32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 188 ThreadCreationTime : 21-07-2007 3:00:51 a.m. BasePriority : Normal FileVersion : 6.14.10.9371 ProductVersion : 6.14.10.9371 ProductName : NVIDIA Driver Helper Service, Version 93.71 CompanyName : NVIDIA Corporation FileDescription : NVIDIA Driver Helper Service, Version 93.71 InternalName : NVSVC LegalCopyright : (C) NVIDIA Corporation. All rights reserved. OriginalFilename : nvsvc32.exe #:18 [teatimer.exe] FilePath : C:\Program Files\Spybot - Search & Destroy\ ProcessID : 1012 ThreadCreationTime : 21-07-2007 3:16:54 a.m. BasePriority : Idle FileVersion : 1, 4, 0, 2 ProductVersion : 1, 4, 0, 3 ProductName : Spybot - Search & Destroy CompanyName : Safer Networking Limited FileDescription : System settings protector InternalName : TeaTimer LegalCopyright : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten. LegalTrademarks : "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen. OriginalFilename : TeaTimer.exe Comments : Schützt Systemeinstellungen vor ungewollten Änderungen. 0 Possible New Malware 0 Object Recognized! Type : Process Data : shell32.dll TAC Rating : 0 Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Shell Common Dll InternalName : SHELL32 LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : SHELL32.DLL #:19 [ad-aware.exe] FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\ ProcessID : 728 ThreadCreationTime : 21-07-2007 4:37:59 a.m. BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved 0 Possible New Malware 0 Object Recognized! Type : Process Data : shell32.dll TAC Rating : 0 Category : Data Miner Comment : Object : C:\WINDOWS\system32\ FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Shell Common Dll InternalName : SHELL32 LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : SHELL32.DLL Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 13 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 13 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 13 4:40:19 p.m. Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:00:12.63 Objects scanned:1153 Objects identified:0 Objects ignored:0 New critical objects:0 2) Then I scanned only the registry (normal and deep scan). References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 0 Possible New Malware 0(TAC index:3):27 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 0 Possible New Malware 0 Object Recognized! Type : Regkey Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{00021400-0000-0000-C000-000000000046} 0 Possible New Malware 0 Object Recognized! Type : File Data : shell32.dll TAC Rating : 0 Category : Data Miner Comment : Object : c:\windows\system32\ FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows Shell Common Dll InternalName : SHELL32 LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : SHELL32.DLL 0 Possible New Malware 0 Object Recognized! Type : Regkey Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{00021401-0000-0000-C000-000000000046} 0 Possible New Malware 0 Object Recognized! Type : Regkey Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D} 0 Possible New Malware 0 Object Recognized! Type : Regkey Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D} 0 Possible New Malware 0 Object Recognized! Type : RegValue Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D} Value : InfoTip 0 Possible New Malware 0 Object Recognized! Type : Regkey Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D} 0 Possible New Malware 0 Object Recognized! Type : RegValue Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D} Value : InfoTip 0 Possible New Malware 0 Object Recognized! Type : RegValue Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D} Value : IntroText 0 Possible New Malware 0 Object Recognized! Type : RegValue Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D} Value : {305CA226-D286-468e-B848-2B2E8E697B74} 2 0 Possible New Malware 0 Object Recognized! Type : RegValue Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D} Value : LocalizedString 0 Possible New Malware 0 Object Recognized! Type : Regkey Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B} 0 Possible New Malware 0 Object Recognized! Type : Regkey Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{61E218E0-65D3-101B-9F08-061CEAC3D50D} 0 Possible New Malware 0 Object Recognized! Type : Regkey Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{645FF040-5081-101B-9F08-00AA002F954E} 0 Possible New Malware 0 Object Recognized! Type : RegValue Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{645FF040-5081-101B-9F08-00AA002F954E} Value : InfoTip 0 Possible New Malware 0 Object Recognized! Type : RegValue Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{645FF040-5081-101B-9F08-00AA002F954E} Value : SortOrderIndex 0 Possible New Malware 0 Object Recognized! Type : RegValue Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{645FF040-5081-101B-9F08-00AA002F954E} Value : IntroText 0 Possible New Malware 0 Object Recognized! Type : RegValue Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{645FF040-5081-101B-9F08-00AA002F954E} Value : LocalizedString 0 Possible New Malware 0 Object Recognized! Type : Regkey Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{86F19A00-42A0-1069-A2E9-08002B30309D} 0 Possible New Malware 0 Object Recognized! Type : Regkey Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{86F19A00-42A0-1069-A2EB-08002B30309D} 0 Possible New Malware 0 Object Recognized! Type : Regkey Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50} 0 Possible New Malware 0 Object Recognized! Type : Regkey Data : TAC Rating : 0 Category : Data Miner Comment : C:\WINDOWS\System32\shell32.dll Rootkey : HKEY_CLASSES_ROOT Object : CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} 0 Possible New Malware 0 Object Recognized! Type : Regkey Data : C:\WINDOWS\system32\SHELL32.dll TAC Rating : 0 Category : Data Miner Comment : Rootkey : HKEY_CLASSES_ROOT Object : TYPELIB\{50A7E9B0-70EF-11D1-B75A-00A0C90564FE} 0 Possible New Malware 0 Object Recognized! Type : Regkey Data : TAC Rating : 0 Category : Data Miner Comment : ({00021401-0000-0000-C000-000000000046}) Rootkey : HKEY_CLASSES_ROOT Object : lnkfile 0 Possible New Malware 0 Object Recognized! Type : RegValue Data : TAC Rating : 0 Category : Data Miner Comment : ({00021401-0000-0000-C000-000000000046}) Rootkey : HKEY_CLASSES_ROOT Object : lnkfile Value : EditFlags 0 Possible New Malware 0 Object Recognized! Type : RegValue Data : TAC Rating : 0 Category : Data Miner Comment : ({00021401-0000-0000-C000-000000000046}) Rootkey : HKEY_CLASSES_ROOT Object : lnkfile Value : IsShortcut 0 Possible New Malware 0 Object Recognized! Type : RegValue Data : TAC Rating : 0 Category : Data Miner Comment : ({00021401-0000-0000-C000-000000000046}) Rootkey : HKEY_CLASSES_ROOT Object : lnkfile Value : NeverShowExt Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 26 Objects found so far: 27 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 27 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 27 4:45:48 p.m. Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:00:16.797 Objects scanned:86070 Objects identified:27 Objects ignored:0 New critical objects:27 Now when the spyware is detected, a Remote Procedure Call Service window will pop up warning the computer will shut down after 1 minute. However, I can bypass this by running the command shutdown -a and continue the scan. Trying to delete the spyware will cause everything in the background to disappear. Adaware will freeze on "Deleting Selection" (Though the program is still responsive). The last thing I did was try removing the detected entries in the registry scan, but that caused the problems I explained before (due to shell32.dll)