rwest53

Members
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

0 Neutral

About rwest53

  • Rank
    Newbie
  1. What' up now? Seems like all the replies have been moved from the forum. Any ideas?
  2. Can anybody give me an idea where this came from, Adaware.Searchlt. I updated and run a full can and this showed up. Never have seen this before, It recomended that it needed to quaranteened. Information said it could steal computer info. and send it back to Adaware. What gives? Here's a copy of the log. Logfile created: 3/7/2009 14:39:30 Lavasoft Ad-Aware version: 8.0.3 Extended engine version: 8.1 User performing scan: Owner *********************** Definitions database information *********************** Lavasoft definition file: 146.19 Extended engine definition file: 8.1 ******************************** Scan results: ********************************* Scan profile name: Full Scan (ID: full) Objects scanned: 131908 Objects detected: 1 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 1 Folders.........: 0 LSPs............: 0 Cookies.........: 0 Browser hijacks.: 0 MRU objects.....: 0 Quarantined items: Description: D:\i386\Apps\App13914\comps\toolbar\toolbr.exe Family Name: Adware.SearchIt Clean status: Success Item ID: 401153 Family ID: 5115 Scan and cleaning complete: Finished correctly after 3303 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Full Scan ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: folderstoscan, enabled:1, value: C:\,D:\ ID: scanrootkits, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: extendedengine, enabled:0, value: true ID: useheuristics, enabled:0, value: true ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently ID: displaystatus, enabled:1, value: false ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: autodetectproxy, enabled:1, value: false ID: useautoconfigscript, enabled:1, value: false ID: autoconfigurl, enabled:0, value: ID: useproxy, enabled:1, value: false ID: proxyserver, enabled:0, value: ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily, enabled:1, value: Daily ID: time, enabled:1, value: Tue Jan 20 06:55:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly, enabled:1, value: Weekly ID: time, enabled:1, value: Tue Jan 20 06:55:00 2009 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: true ID: tuesday, enabled:1, value: true ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: processprotection, enabled:1, value: true ID: registryprotection, enabled:0, value: false ID: networkprotection, enabled:0, value: false ID: loadatstartup, enabled:1, value: true ID: usespywareheuristics, enabled:0, value: false ID: extendedengine, enabled:0, value: false ID: useheuristics, enabled:0, value: false ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ****************************** System information ****************************** Computer name: ROGER Processor name: Intel® Celeron® M processor 1.50GHz Processor identifier: x86 Family 6 Model 13 Stepping 8 Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3336, number of processors 1 Physical memory available: 618586112 bytes Physical memory total: 1575403520 bytes Virtual memory available: 2005954560 bytes Virtual memory total: 2147352576 bytes Memory load: 60% Microsoft Windows XP Professional Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 676 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 756 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 780 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 824 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 836 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 984 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1048 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1088 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1152 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1216 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1624 name: C:\WINDOWS\system32\brsvc01a.exe owner: SYSTEM domain: NT AUTHORITY PID: 1648 name: C:\WINDOWS\system32\brss01a.exe owner: SYSTEM domain: NT AUTHORITY PID: 1652 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1704 name: C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe owner: SYSTEM domain: NT AUTHORITY PID: 1808 name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 1820 name: C:\WINDOWS\system32\Brmfrmps.exe owner: SYSTEM domain: NT AUTHORITY PID: 1892 name: C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS owner: SYSTEM domain: NT AUTHORITY PID: 1996 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 508 name: C:\PROGRA~1\AVG\AVG8\avgrsx.exe owner: SYSTEM domain: NT AUTHORITY PID: 540 name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe owner: SYSTEM domain: NT AUTHORITY PID: 1200 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1368 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 2744 name: C:\WINDOWS\Explorer.EXE owner: Owner domain: ROGER PID: 3136 name: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe owner: Owner domain: ROGER PID: 3204 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: Owner domain: ROGER PID: 3212 name: C:\WINDOWS\system32\igfxtray.exe owner: Owner domain: ROGER PID: 3232 name: C:\WINDOWS\system32\hkcmd.exe owner: Owner domain: ROGER PID: 3316 name: C:\WINDOWS\system32\LVCOMSX.EXE owner: Owner domain: ROGER PID: 3436 name: C:\PROGRA~1\AVG\AVG8\avgtray.exe owner: Owner domain: ROGER PID: 3476 name: C:\WINDOWS\system32\ctfmon.exe owner: Owner domain: ROGER PID: 3548 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Owner domain: ROGER PID: 3768 name: C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\wirelesscm.exe owner: Owner domain: ROGER PID: 3796 name: C:\Sun\SDK\jdk\bin\javaw.exe owner: Owner domain: ROGER PID: 2240 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: Owner domain: ROGER PID: 2388 name: C:\Program Files\Messenger\msmsgs.exe owner: Owner domain: ROGER PID: 2132 name: C:\Program Files\AVG\AVG8\avgscanx.exe owner: SYSTEM domain: NT AUTHORITY PID: 4072 name: C:\Program Files\AVG\AVG8\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY PID: 192 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY PID: 760 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 3948 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 3836 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Owner domain: ROGER PID: 1164 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Owner domain: ROGER Startup items: Name: RunNarrator imagepath: Narrator.exe Name: SynTPLpr imagepath: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe Name: SynTPEnh imagepath: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Name: IgfxTray imagepath: C:\WINDOWS\system32\igfxtray.exe Name: HotKeysCmds imagepath: C:\WINDOWS\system32\hkcmd.exe Name: Reminder imagepath: %WINDIR%\Creator\Remind_XP.exe Name: Recguard imagepath: %WINDIR%\SMINST\RECGUARD.EXE Name: ISUSPM imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler Name: LVCOMSX imagepath: C:\WINDOWS\system32\LVCOMSX.EXE Name: Logitech Hardware Abstraction Layer imagepath: KHALMNPR.EXE Name: AVG8_TRAY imagepath: C:\PROGRA~1\AVG\AVG8\avgtray.exe Name: comtf imagepath: C:\DOCUME~1\Owner\LOCALS~1\Temp\orz.exe Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Name: Ad-Watch imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK imagepath: C:\Program Files\SIFXINST\SIFXINST.EXE Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk imagepath: C:\Program Files\Microsoft Office\Office\OSA9.EXE Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk imagepath: C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\wirelesscm.exe Name: imagepath: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: ACS displayname: Atheros Configuration Service Name: ALG displayname: Application Layer Gateway Service Name: AudioSrv displayname: Windows Audio Name: avg8wd displayname: AVG8 WatchDog Name: brmfrmps displayname: Brother Popup Suspend service for Resource manager Name: Brother XP spl Service displayname: BrSplService Name: CryptSvc displayname: Cryptographic Services Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: Dnscache displayname: DNS Client Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: helpsvc displayname: Help and Support Name: HidServ displayname: HID Input Service Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: Netman displayname: Network Connections Name: Nla displayname: Network Location Awareness (NLA) Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPSEC Services Name: PrismXL displayname: PrismXL Name: ProtectedStorage displayname: Protected Storage Name: RasMan displayname: Remote Access Connection Manager Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: stisvc displayname: Windows Image Acquisition (WIA) Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: upnphost displayname: Universal Plug and Play Device Host Name: W32Time displayname: Windows Time Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows Management Instrumentation Name: wscsvc displayname: Security Center Name: wuauserv displayname: Automatic Updates Name: WZCSVC displayname: Wireless Zero Configuration I just run another full scan and it showed up again. What's up? Again, I've never seen this before. What does Adaware have to do with this? The reason this has been detected now (and not before) is that a recent program update made ad-aware scan all drives and partitions on your hard drive. So it now scans your d: drive, which is where this threat is located. Before this drive was not scanned. If Ad-Aware recommends quarantining then I'd follow it's advice. Casey Plz have a look to the spelling. It's not Ad-Aware related. I Think your system is infected. Install 'HijackThis'*,run a scan and copy/paste the log in your next reply. If it's done ,I'll prepare your post for analysis. Regards Raziel Here's a log file from Hijack This Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:39:11 AM, on 3/8/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18372) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\Brmfrmps.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\wirelesscm.exe C:\Sun\SDK\jdk\bin\javaw.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing) O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [comtf] C:\DOCUME~1\Owner\LOCALS~1\Temp\orz.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user') O4 - Startup: SDK Tray Menu.lnk = ? O4 - Global Startup: Install Pending Files.LNK = C:\Program Files\SIFXINST\SIFXINST.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\wirelesscm.exe O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1195052962234 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link DWA-652 Xtreme N Notebook Adapter\acs.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
  3. Never seen this before. Started using AE a couple of weeks ago and have never seen these suspicious files. Brought it up on the forum and never received an answer other than they'll look at it Recommended Action is to allow once. What's Up? Here's a copy of the log file Extended engine definition file: 8.1 ******************************** Scan results: ********************************* Scan profile name: Full Scan (ID: full) Objects scanned: 102818 Objects detected: 13 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 13 Folders.........: 0 LSPs............: 0 Cookies.........: 0 Browser hijacks.: 0 MRU objects.....: 0 Skipped items: Description: C:\WINDOWS\creator\wnaspint.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\I386\alf\mfu_us.exe Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\OPTIONS\AOLicon.EXE Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\OPTIONS\post_sysprep.EXE Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\OPTIONS\pwrm.EXE Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\OPTIONS\shipaol.EXE Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\OPTIONS\WBDDA34I.DLL Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\OPTIONS\WBODA34I.DLL Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\system\vdremote.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\system\vdsvrlnk.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\system32\divx.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0
  4. Just downloaded AE yesterday, been using the previous versions for quite awhile. Yesterday after downloading it I ran the smart scan and all it showed was a few cookies. Today I ran a full scan just to see how long it would take and see if any thing would show up. This is what popped up up and I'm not sure what to do with these, I've never seen these files before, recommends to "allow once" Can somebody tell me what these are? Here's a copy: Registry entries: 0 Hostfile entries: 0 Files...........: 13 Folders.........: 0 LSPs............: 0 Cookies.........: 1 Browser hijacks.: 0 MRU objects.....: 0 Skipped items: Description: C:\WINDOWS\creator\wnaspint.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\I386\alf\mfu_us.exe Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\OPTIONS\AOLicon.EXE Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\OPTIONS\post_sysprep.EXE Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\OPTIONS\pwrm.EXE Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\OPTIONS\shipaol.EXE Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\OPTIONS\WBDDA34I.DLL Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\OPTIONS\WBODA34I.DLL Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\system\vdremote.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\system\vdsvrlnk.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Description: C:\WINDOWS\system32\divx.dll Family Name: Suspicious Object Clean status: Success Item ID: 0 Family ID: 0 Removed items: Description: zedo* Family Name: Cookies Clean status: Success Item ID: 408736 Family ID: 0