tommills

Members
  • Content Count

    15
  • Joined

  • Last visited

Community Reputation

0 Neutral

About tommills

  • Rank
    Member
  1. If anybody has Lsburnwatcher.exe in task manager try disabling it. It worked for me but i did not get error message, just was hanging during full system scan with lsburnwatcher running.
  2. Hey guys I was having similar problems with full system scan hanging around 10 to 40 seconds into scan, I'll link to my post, visitor had me to turn norton tamper protection off as well it worked on my last scan but reappeared the next time so i went through process of elimination. I think I found my problem and I am able to reproduce it again and again, I have a file called "Lsburnwatcher.exe" its associated with lightscribe. When its running in task manager ad-aware hangs but when disabled ad-aware scans fine and finishes. Hope this helps, if you have lsburnwatcher try disabling it and scanning again. Here is my post: [url="http://www.lavasoftsupport.com/index.php?showtopic=29801&st=0&p=121947&#entry121947"]http://www.lavasoftsupport.com/index.php?s...mp;#entry121947[/url]
  3. [quote name='visitor' post='121984' date='Aug 21 2010, 04:47 PM']Looks like you tried my next suggestion - process of elimination using different scans. The last time this happened, it stalled on Critical Areas like your screenshot, but that was a different antivirus engine. I linked both this topic and one in general support to my Lavasoft notification, just in case the unexpected shutdown and full scan hanging are related. Reference to similar topic in General Support Forum: [url="http://www.lavasoftsupport.com/index.php?showtopic=29773"]http://www.lavasoftsupport.com/index.php?showtopic=29773[/url][/quote] Thanks visitor for your help, since my last post i uninstalled adaware free and rebooted then redownloaded and installed fresh. I then turned norton tamper protection, firewall and auto protect off and ran full scan and it worked (yay), have no idea what stopped it before but seems to be working now just have to disable those three things on norton, still hanging when norton fully enabled. Hope this helps someone having similar problems, again thanks for your help visitor.
  4. Disabled tamper protection still hanging as before no change or error report generated i have uploaded snapshot of it also noticed when mousing over ad aware tray icon shows scanning time seems to be frozen at 00:00:33. I have done multiple scans all while disabling one process at a time always same result only able to full scan by putting windows in safe mode but takes around 10 hours to finish, i'm stumped on this one.
  5. [quote name='LS Andy' post='121964' date='Aug 21 2010, 03:58 AM']Hi Tommy, Thanks for your report - this file will be re-investigated and if it is a false positive, removed from detection. Regards, Andy Lavasoft Malware Labs[/quote] Thanks Andy got latest update and removed the file from quarantine scan came back clean thanks again.
  6. [quote name='visitor' post='121957' date='Aug 20 2010, 11:19 PM']When you disabled Norton, did you disable the Tamper Protection described here? [url="http://www.lavasoftsupport.com/index.php?showtopic=27460&st=0&#entry112159"]http://www.lavasoftsupport.com/index.php?s...mp;#entry112159[/url] I'm thinking you can scan in safe mode since it boots only the bare essentials. Norton's caused problems more than once in the past. Ad-Aware's had hanging problems before too, but that was several versions ago, so thought they'd ironed out the problems (except the new one with the error message above).[/quote] I have not tried turning off tamper protection ill try that as soon as i can and post my results.
  7. [quote name='visitor' post='121949' date='Aug 20 2010, 04:33 PM']Does it just hang, or do you get a "shutdown unexpectedly" error message? If the latter, I'll merge your post to this topic which has already been reported to Lavasoft: [url="http://www.lavasoftsupport.com/index.php?showtopic=29750"]http://www.lavasoftsupport.com/index.php?showtopic=29750[/url][/quote] It just hangs with out any error message at all, the area that shows objects scanned stops around 2000 to 3000 and current object scan just shows "c: " and nothing else but the scan time area is still counting. I have left it for 22 hours a week ago and not a single error message, even cpu usage showing normal percentage as if it were scanning.
  8. I have Ad-Aware free version 8.3.1 on both my tower and my laptop both running windows xp pro sp3, the tower will run through full system scan fine but the laptop hangs after 15 to 20 seconds into the scan every time. I am able to run smart scan fine, i have norton on both machines as well and i have disabled norton firewall and autoprotect on the laptop with no change. I also uninstalled and reinstalled fresh twice with no change still hanging at same time during full scan no error log generated even after leaving it running a full day, the only way I am able to run full scan is in safe mode but it takes around 10 hours or better to complete. Has anyone else had these symptoms and if so is there a fix ?? By the way all scans done have returned no infections even norton comes back nothing found. Thanks for any help, Tommy
  9. Ad-Aware found this as a Trojan.win32.Generic!BT in quicktime folder file path is c:\program files\quicktime\qtsystem\quicktimeinternetextras.resources\nb.lproj\quicktimeinternetextraslocalized.qtr I apologize for no scan log for some reason it did not save after restarting computer. I would like to know if it is a trojan or not I have attached the file in zip password is "infected". Thanks for your help, Tommy
  10. [quote name='LS Albin' post='121059' date='Jul 13 2010, 03:31 AM']Hi! This is not a false positive. Thanks for your report Albin Lavasoft Malware Labs[/quote] Ok much thanks for the info.
  11. Hi my last scan of this file show it as a webHancer and i need to know if it's a false positive or not any help would be appreciated. I have uploaded the file in zip with a password of infected and here is the scan log. Thanks, Tommills Logfile created: 7/10/2010 13:34:10 Ad-Aware version: 8.3.0 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: user *********************** Definitions database information *********************** Lavasoft definition file: 150.6 Genotype definition file version: 2010/07/09 07:17:03 Extended engine definition file: 6565.0 ******************************** Scan results: ********************************* Scan profile name: Context menu scan (ID: contextmenuscan) Objects scanned: 2 Objects detected: 1 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 1 Folders.........: 0 LSPs............: 0 Cookies.........: 0 Browser hijacks.: 0 MRU objects.....: 0 Quarantined items: Description: c:\windows\web\wallpaper\welcome\awhelper.dll Family Name: webHancer Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: 2dcaa711c9b64ff6cdeba93202b4f408 Scan and cleaning complete: Finished correctly after 0 seconds *********************************** Settings *********************************** Scan profile: ID: contextmenuscan, enabled:1, value: Context menu scan ID: folderstoscan, enabled:1, value: ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: false ID: scanrunningapps, enabled:1, value: false ID: scanregistry, enabled:1, value: false ID: scanlsp, enabled:1, value: false ID: scanads, enabled:1, value: false ID: scanhostsfile, enabled:1, value: false ID: scanmru, enabled:1, value: false ID: scanbrowserhijacks, enabled:1, value: false ID: scantrackingcookies, enabled:1, value: false ID: closebrowsers, enabled:0, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: false ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently ID: licenseandinfo, enabled:1, value: dontcheck, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Fri Oct 16 17:29:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Fri Oct 16 23:29:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Fri Oct 16 05:29:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Fri Oct 16 11:29:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Fri Oct 16 17:29:00 2009 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: true ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: true ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: Default.eGL, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language ID: autoentertainmentmode, enabled:1, value: false ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple Realtime protection settings: ID: realtime, enabled:1 ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: registryprotection, enabled:1, value: false ID: networkprotection, enabled:1, value: false ID: onaccessprotection, enabled:1, value: false ****************************** System information ****************************** Computer name: userMAIN Processor name: Intel® Pentium® D CPU 3.20GHz Processor identifier: x86 Family 15 Model 6 Stepping 2 Processor speed: ~3200MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1538, number of processors 2, processor features: [MMX,SSE,SSE2] Physical memory available: 819298304 bytes Physical memory total: 2145820672 bytes Virtual memory available: 1913425920 bytes Virtual memory total: 2147352576 bytes Memory load: 61% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 728 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 816 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 864 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 908 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 920 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 1092 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY PID: 1128 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1196 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1320 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1384 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY PID: 1492 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1576 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1652 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1748 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1860 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1900 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1912 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY PID: 1932 name: C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLHNService.exe owner: SYSTEM domain: NT AUTHORITY PID: 284 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 372 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY PID: 464 name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 480 name: C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe owner: SYSTEM domain: NT AUTHORITY PID: 496 name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE owner: SYSTEM domain: NT AUTHORITY PID: 528 name: C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe owner: <UNKNOWN> domain: <UNKNOWN> PID: 632 name: C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe owner: SYSTEM domain: NT AUTHORITY PID: 664 name: C:\WINDOWS\system32\ScsiAccess.EXE owner: SYSTEM domain: NT AUTHORITY PID: 648 name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: NT AUTHORITY PID: 1180 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1252 name: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe owner: <UNKNOWN> domain: <UNKNOWN> PID: 1444 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE owner: SYSTEM domain: NT AUTHORITY PID: 1628 name: C:\WINDOWS\system32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY PID: 2152 name: C:\Program Files\Windows Media Player\WMPNetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 2824 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 3244 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe owner: SYSTEM domain: NT AUTHORITY PID: 3544 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 3556 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 2768 name: C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe owner: <UNKNOWN> domain: <UNKNOWN> PID: 3644 name: C:\WINDOWS\Explorer.EXE owner: user domain: userMAIN PID: 2116 name: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe owner: user domain: userMAIN PID: 2548 name: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe owner: user domain: userMAIN PID: 2432 name: C:\HP\KBD\KBD.EXE owner: user domain: userMAIN PID: 2268 name: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe owner: user domain: userMAIN PID: 2368 name: C:\WINDOWS\system32\hphmon06.exe owner: user domain: userMAIN PID: 2448 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: user domain: userMAIN PID: 2556 name: C:\WINDOWS\RTHDCPL.EXE owner: user domain: userMAIN PID: 3756 name: C:\Program Files\Common Files\Java\Java Update\jusched.exe owner: user domain: userMAIN PID: 2616 name: C:\Program Files\iTunes\iTunesHelper.exe owner: user domain: userMAIN PID: 2876 name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe owner: user domain: userMAIN PID: 1540 name: C:\WINDOWS\system32\ctfmon.exe owner: user domain: userMAIN PID: 116 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: user domain: userMAIN PID: 720 name: C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe owner: user domain: userMAIN PID: 764 name: C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe owner: user domain: userMAIN PID: 3932 name: C:\Program Files\Windows Media Player\WMPNSCFG.exe owner: user domain: userMAIN PID: 3632 name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe owner: user domain: userMAIN PID: 2308 name: C:\Program Files\Logitech\SetPoint\SetPoint.exe owner: user domain: userMAIN PID: 3660 name: C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE owner: user domain: userMAIN PID: 4896 name: c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe owner: user domain: userMAIN PID: 5072 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY PID: 5496 name: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe owner: user domain: userMAIN PID: 6092 name: c:\windows\system\hpsysdrv.exe owner: user domain: userMAIN PID: 404 name: C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe owner: user domain: userMAIN PID: 5360 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: user domain: userMAIN PID: 5544 name: C:\Program Files\Mozilla Firefox\plugin-container.exe owner: user domain: userMAIN PID: 4176 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: user domain: userMAIN PID: 5888 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe owner: user domain: userMAIN PID: 4484 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: user domain: userMAIN Startup items: Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: DWQueuedReporting imagepath: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t Name: ATICCC imagepath: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay Name: HPHUPD08 imagepath: c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe Name: Name: PCDrProfiler Name: HPBootOp imagepath: "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run Name: HP Software Update imagepath: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe Name: PCDrSmartMonitor imagepath: "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r Name: KBD imagepath: C:\HP\KBD\KBD.EXE Name: Logitech Hardware Abstraction Layer imagepath: KHALMNPR.EXE Name: ISUSPM imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler Name: SymLnch imagepath: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\LnchStub.exe Name: HPDJ Taskbar Utility imagepath: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe Name: HPHmon06 imagepath: C:\WINDOWS\system32\hphmon06.exe Name: RecoverFromReboot imagepath: C:\WINDOWS\Temp\RecoverFromReboot.exe Name: RTHDCPL imagepath: RTHDCPL.EXE Name: Alcmtr imagepath: ALCMTR.EXE Name: AppleSyncNotifier imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Name: Adobe ARM imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Name: QuickTime Task imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime Name: SunJavaUpdateSched imagepath: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" Name: iTunesHelper imagepath: "C:\Program Files\iTunes\iTunesHelper.exe" Name: TkBellExe imagepath: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Name: imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk imagepath: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk imagepath: C:\Program Files\Logitech\SetPoint\SetPoint.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk imagepath: C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: ALG displayname: Application Layer Gateway Service Name: Apple Mobile Device displayname: Apple Mobile Device Name: Ati HotKey Poller displayname: Ati HotKey Poller Name: AudioSrv displayname: Windows Audio Name: BITS displayname: Background Intelligent Transfer Service Name: Bonjour Service displayname: Bonjour Service Name: Browser displayname: Computer Browser Name: CLHNService3 displayname: CLHNService3 Name: CryptSvc displayname: Cryptographic Services Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: dmserver displayname: Logical Disk Manager Name: Dnscache displayname: DNS Client Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: helpsvc displayname: Help and Support Name: HidServ displayname: HID Input Service Name: HTTPFilter displayname: HTTP SSL Name: iPod Service displayname: iPod Service Name: JavaQuickStarterService displayname: Java Quick Starter Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LightScribeService displayname: LightScribeService Direct Disc Labeling Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: LVPrcSrv displayname: Process Monitor Name: MDM displayname: Machine Debug Manager Name: Netman displayname: Network Connections Name: NIS displayname: Norton Internet Security Name: Nla displayname: Network Location Awareness (NLA) Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPSEC Services Name: ppped displayname: PowerPanel Personal Edition Service Name: ProtectedStorage displayname: Protected Storage Name: RasMan displayname: Remote Access Connection Manager Name: RemoteRegistry displayname: Remote Registry Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: ScsiAccess displayname: ScsiAccess Name: SeaPort displayname: SeaPort Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: stisvc displayname: Windows Image Acquisition (WIA) Name: Symantec Core LC displayname: Symantec Core LC Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: upnphost displayname: Universal Plug and Play Device Host Name: W32Time displayname: Windows Time Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows Management Instrumentation Name: wlidsvc displayname: Windows Live ID Sign-in Assistant Name: WMPNetworkSvc displayname: Windows Media Player Network Sharing Service Name: wscsvc displayname: Security Center Name: WSearch displayname: Windows Search Name: wuauserv displayname: Automatic Updates Name: WZCSVC displayname: Wireless Zero Configuration [attachment=8197:awhelper.dll.zip]
  12. [quote name='LS Albin' post='119406' date='May 3 2010, 02:09 AM']Hi! Can you please tell me the name of the application and where to download it, so we can analyze further. Thanks for your scan-report and attached file. Albin Lavasoft Malware Labs[/quote] It was in the attached compressed zip in my previous post New_Compressed__zipped__Folder.zip the password to the zip file is infected the file is called ConTest.dll Not sure if this is what you mean because i do not know what application the file is associated with or where it was downloaded from. The file was in my system32 folder.
  13. Please check if this file is adware , I have also posted the scan log. The password for the compressed zip file is 'infected' thanks. Scan profile name: Full Scan (ID: full) Objects scanned: 214551 Objects detected: 1 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 1 Folders.........: 0 LSPs............: 0 Cookies.........: 0 Browser hijacks.: 0 MRU objects.....: 0 Quarantined items: Description: c:\windows\system32\contest.dll Family Name: Win32.Adware.Ascentive Engine: 1 Clean status: Success Item ID: 3702390 Family ID: 1440870 MD5: 99bec0db41a72445261a7591039dc0be Scan and cleaning complete: Finished correctly after 14269 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Full Scan ID: folderstoscan, enabled:1, value: C:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: licenseandinfo, enabled:1, value: dontcheck, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Fri Oct 16 17:37:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Fri Oct 16 23:37:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Fri Oct 16 05:37:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Fri Oct 16 11:37:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Fri Oct 16 17:37:00 2009 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: true ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: true ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: deffiles, enabled:1, value: dontcheck, domain: dontcheck,downloadandinstall Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language ID: autoentertainmentmode, enabled:1, value: false ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple Realtime protection settings: ID: realtime, enabled:1 ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: layers, enabled:1 ID: useantivirus, enabled:1, value: false ID: usespywareheuristics, enabled:1, value: false ID: modules, enabled:1 ID: processprotection, enabled:0, value: false ID: registryprotection, enabled:0, value: false ID: networkprotection, enabled:0, value: false ID: onaccessprotection, enabled:0, value: false ****************************** System information ****************************** Computer name: userLAPTOP Processor name: Intel® Pentium® 4 CPU 3.40GHz Processor identifier: x86 Family 15 Model 4 Stepping 3 Processor speed: ~3391MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1027, number of processors 2, processor features: [MMX,SSE,SSE2] Physical memory available: 1135783936 bytes Physical memory total: 2145890304 bytes Virtual memory available: 1775497216 bytes Virtual memory total: 2147352576 bytes Memory load: 47% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 864 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 972 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 1000 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 1044 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 1056 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 1236 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY PID: 1256 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1392 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1504 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1588 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1832 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 2028 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 144 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY PID: 184 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY PID: 296 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 308 name: C:\WINDOWS\system32\inetsrv\inetinfo.exe owner: SYSTEM domain: NT AUTHORITY PID: 424 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY PID: 592 name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 608 name: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe owner: SYSTEM domain: NT AUTHORITY PID: 832 name: C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe owner: <UNKNOWN> domain: <UNKNOWN> PID: 900 name: C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe owner: SYSTEM domain: NT AUTHORITY PID: 1200 name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: NT AUTHORITY PID: 1480 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1580 name: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe owner: <UNKNOWN> domain: <UNKNOWN> PID: 1740 name: C:\Program Files\Viewpoint\Common\ViewpointService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1828 name: C:\WINDOWS\system32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY PID: 1116 name: C:\Program Files\Windows Media Player\WMPNetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 3452 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 3796 name: C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe owner: SYSTEM domain: NT AUTHORITY PID: 2568 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 3060 name: C:\Program Files\HPQ\SHARED\HPQWMI.exe owner: SYSTEM domain: NT AUTHORITY PID: 812 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY PID: 6076 name: C:\Program Files\Lavasoft\Ad-Aware\ThreatWork.exe owner: SYSTEM domain: NT AUTHORITY PID: 1164 name: C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe owner: <UNKNOWN> domain: <UNKNOWN> PID: 2120 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY PID: 5224 name: C:\WINDOWS\Explorer.EXE owner: user domain: userLAPTOP PID: 2680 name: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe owner: user domain: userLAPTOP PID: 5204 name: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe owner: user domain: userLAPTOP PID: 3348 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: user domain: userLAPTOP PID: 3392 name: C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe owner: user domain: userLAPTOP PID: 4404 name: C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe owner: user domain: userLAPTOP PID: 3232 name: C:\Program Files\Microsoft IntelliPoint\point32.exe owner: user domain: userLAPTOP PID: 3224 name: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe owner: user domain: userLAPTOP PID: 1220 name: C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe owner: user domain: userLAPTOP PID: 6040 name: C:\Program Files\iTunes\iTunesHelper.exe owner: user domain: userLAPTOP PID: 5072 name: C:\Program Files\Common Files\Java\Java Update\jusched.exe owner: user domain: userLAPTOP PID: 1340 name: C:\WINDOWS\system32\ctfmon.exe owner: user domain: userLAPTOP PID: 2228 name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe owner: user domain: userLAPTOP PID: 3900 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: user domain: userLAPTOP PID: 3196 name: C:\Program Files\Windows Media Player\WMPNSCFG.exe owner: user domain: userLAPTOP PID: 5172 name: C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe owner: user domain: userLAPTOP PID: 1632 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1372 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 3572 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: user domain: userLAPTOP PID: 2068 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: user domain: userLAPTOP PID: 4564 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 3288 name: C:\WINDOWS\system32\SearchProtocolHost.exe owner: user domain: userLAPTOP PID: 5116 name: C:\WINDOWS\system32\SearchFilterHost.exe owner: LOCAL SERVICE domain: NT AUTHORITY Startup items: Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: MySpaceIM imagepath: C:\Program Files\MySpace\IM\MySpaceIM.exe Name: hpWirelessAssistant imagepath: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe Name: ATIPTA imagepath: "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" Name: SynTPLpr imagepath: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe Name: SynTPEnh imagepath: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Name: Cpqset imagepath: C:\Program Files\HPQ\Default Settings\cpqset.exe
  14. Hi, I think this file could be false positive it should be part of hp digital imaging software. I have attached the AdAware log file for when it was detected and a compressed zip file password = 'infected' for your review, please let me know if it is false positive thanks. Logfile created: 4/9/2010 19:15:08 Ad-Aware version: 8.2.2 User performing scan: User *********************** Definitions database information *********************** Lavasoft definition file: 149.202 Genotype definition file version: 2010/04/09 06:29:41 ******************************** Scan results: ********************************* Scan profile name: Full Scan (ID: full) Objects scanned: 270708 Objects detected: 3 Type Detected ========================== Processes.......: 0 Registry entries: 2 Hostfile entries: 0 Files...........: 1 Folders.........: 0 LSPs............: 0 Cookies.........: 0 Browser hijacks.: 0 MRU objects.....: 0 Quarantined items: Description: c:\program files\hp\digital imaging\bin\hpospd08.exe Family Name: Win32.TrojanDownloader.Agent Engine: 1 Clean status: Success Item ID: 3266282 Family ID: 1001 MD5: ffa8af5208679a8f2671675498c8627f Description: HKLM:software\wget: Family Name: Win32.TrojanDownloader.Agent Engine: 1 Clean status: Success Item ID: 28793 Family ID: 1001 Description: HKU:S-1-5-21-1137078503-2177008987-31698808-1011\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced:Hidden Family Name: Win32.TrojanDownloader.Agent Engine: 1 Clean status: Success Item ID: 414374 Family ID: 1001 Scan and cleaning complete: Finished correctly after 7828 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Full Scan ID: folderstoscan, enabled:1, value: C:\,D:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav Scheduled scan settings: <Empty> Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: licenseandinfo, enabled:1, value: dontcheck, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Fri Oct 16 17:29:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Fri Oct 16 23:29:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Fri Oct 16 05:29:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Fri Oct 16 11:29:00 2009 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Fri Oct 16 17:29:00 2009 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: true ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: true ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: deffiles, enabled:1, value: dontcheck, domain: dontcheck,downloadandinstall Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: Default.eGL, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language ID: autoentertainmentmode, enabled:1, value: false ID: guimode, enabled:1, value: mode_advanced, domain: mode_advanced,mode_simple Realtime protection settings: ID: realtime, enabled:1 ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: layers, enabled:1 ID: useantivirus, enabled:1, value: false ID: usespywareheuristics, enabled:1, value: false ID: modules, enabled:1 ID: processprotection, enabled:0, value: false ID: registryprotection, enabled:0, value: false ID: networkprotection, enabled:0, value: false ID: onaccessprotection, enabled:0, value: false ****************************** System information ****************************** Computer name: UserMAIN Processor name: Intel® Pentium® D CPU 3.20GHz Processor identifier: x86 Family 15 Model 6 Stepping 2 Processor speed: ~3200MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 15, processor revision 1538, number of processors 2, processor features: [MMX,SSE,SSE2] Physical memory available: 1333043200 bytes Physical memory total: 2145820672 bytes Virtual memory available: 1779240960 bytes Virtual memory total: 2147352576 bytes Memory load: 37% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 708 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 804 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 832 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 880 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 892 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 1064 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY PID: 1084 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1152 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1260 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1352 name: C:\WINDOWS\system32\Ati2evxx.exe owner: SYSTEM domain: NT AUTHORITY PID: 1488 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1556 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1788 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1824 name: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1836 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY PID: 1872 name: C:\Program Files\DirecTV\DirecTV\Kernel\DMP\CLHNService.exe owner: SYSTEM domain: NT AUTHORITY PID: 188 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 204 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY PID: 264 name: C:\Program Files\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT AUTHORITY PID: 284 name: C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe owner: SYSTEM domain: NT AUTHORITY PID: 376 name: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE owner: SYSTEM domain: NT AUTHORITY PID: 620 name: C:\Program Files\CyberPower PowerPanel Personal Edition\ppped.exe owner: SYSTEM domain: NT AUTHORITY PID: 756 name: C:\WINDOWS\system32\ScsiAccess.EXE owner: SYSTEM domain: NT AUTHORITY PID: 780 name: C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: NT AUTHORITY PID: 956 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1252 name: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe owner: <UNKNOWN> domain: <UNKNOWN> PID: 1456 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE owner: SYSTEM domain: NT AUTHORITY PID: 1752 name: C:\Program Files\Windows Media Player\WMPNetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1904 name: C:\WINDOWS\system32\SearchIndexer.exe owner: SYSTEM domain: NT AUTHORITY PID: 2520 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe owner: SYSTEM domain: NT AUTHORITY PID: 2788 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 3128 name: C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe owner: <UNKNOWN> domain: <UNKNOWN> PID: 3520 name: C:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe owner: <UNKNOWN> domain: <UNKNOWN> PID: 3792 name: C:\WINDOWS\Explorer.EXE owner: User domain: UserMAIN PID: 1424 name: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe owner: User domain: UserMAIN PID: 2624 name: C:\HP\KBD\KBD.EXE owner: User domain: UserMAIN PID: 2116 name: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe owner: User domain: UserMAIN PID: 1832 name: C:\WINDOWS\system32\hphmon06.exe owner: User domain: UserMAIN PID: 1324 name: C:\WINDOWS\RTHDCPL.EXE owner: User domain: UserMAIN PID: 3056 name: C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe owner: User domain: UserMAIN PID: 3436 name: C:\Program Files\iTunes\iTunesHelper.exe owner: User domain: UserMAIN PID: 3532 name: C:\Program Files\Common Files\Java\Java Update\jusched.exe owner: User domain: UserMAIN PID: 3548 name: C:\WINDOWS\system32\ctfmon.exe owner: User domain: UserMAIN PID: 3560 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: User domain: UserMAIN PID: 3720 name: C:\Program Files\Windows Media Player\WMPNSCFG.exe owner: User domain: UserMAIN PID: 3768 name: C:\Program Files\CyberPower PowerPanel Personal Edition\pppeuser.exe owner: User domain: UserMAIN PID: 1204 name: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe owner: User domain: UserMAIN PID: 2628 name: C:\Program Files\Logitech\SetPoint\SetPoint.exe owner: User domain: UserMAIN PID: 3956 name: C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe owner: User domain: UserMAIN PID: 2420 name: c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe owner: User domain: UserMAIN PID: 2288 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY PID: 2308 name: C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE owner: User domain: UserMAIN PID: 4164 name: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe owner: User domain: UserMAIN PID: 3572 name: c:\windows\system\hpsysdrv.exe owner: User domain: UserMAIN PID: 5972 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 7084 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 7716 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 984 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: User domain: UserMAIN PID: 5260 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: User domain: UserMAIN PID: 5344 name: C:\Program Files\HP\HP Software Update\hpwuschd2.exe owner: User domain: UserMAIN PID: 4844 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 5640 name: C:\WINDOWS\system32\HPZipm12.exe owner: SYSTEM domain: NT AUTHORITY Startup items: Name: ATICCC imagepath: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay Name: HPHUPD08 imagepath: c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe Name: Name: PCDrProfiler Name: HPBootOp imagepath: "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run Name: HP Software Update imagepath: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe Name: PCDrSmartMonitor imagepath: "C:\Program Files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" -r Name: KBD imagepath: C:\HP\KBD\KBD.EXE Name: Logitech Hardware Abstraction Layer imagepath: KHALMNPR.EXE Name: ISUSPM imagepath: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler Name: SymLnch imagepath: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\LnchStub.exe Name: HPDJ Taskbar Utility imagepath: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe Name: HPHmon06 imagepath: C:\WINDOWS\system32\hphmon06.exe Name: RecoverFromReboot imagepath: C:\WINDOWS\Temp\RecoverFromReboot.exe Name: RTHDCPL imagepath: RTHDCPL.EXE Name: Alcmtr imagepath: ALCMTR.EXE Name: AppleSyncNotifier imagepath: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" Name: Adobe ARM imagepath: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" Name: QuickTime Task imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime Name: iTunesHelper imagepath: "C:\Program Files\iTunes\iTunesHelper.exe" Name: SunJavaUpdateSched imagepath: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" Name: DWQueuedReporting imagepath: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk imagepath: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk imagepath: C:\Program Files\Logitech\SetPoint\SetPoint.exe Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk imagepath: C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe Name: imagepath: C:\Documents and Settings\User\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: ALG displayname: Application Layer Gateway Service Name: Apple Mobile Device displayname: Apple Mobile Device Name: Ati HotKey Poller displayname: Ati HotKey Poller Name: AudioSrv displayname: Windows Audio Name: BITS displayname: Background Intelligent Transfer Service Name: Bonjour Service displayname: Bonjour Service Name: Browser displayname: Computer Browser Name: CLHNService3 displayname: CLHNService3 Name: CryptSvc displayname: Cryptographic Services Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: dmserver displayname: Logical Disk Manager Name: Dnscache displayname: DNS Client Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: helpsvc displayname: Help and Support Name: HidServ displayname: HID Input Service Name: HTTPFilter displayname: HTTP SSL Name: iPod Service displayname: iPod Service Name: JavaQuickStarterService displayname: Java Quick Starter Name: lanmanserver displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LightScribeService displayname: LightScribeService Direct Disc Labeling Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: LVPrcSrv displayname: Process Monitor Name: MDM displayname: Machine Debug Manager Name: Netman displayname: Network Connections Name: NIS displayname: Norton Internet Security Name: Nla displayname: Network Location Awareness (NLA) Name: PlugPlay displayname: Plug and Play Name: Pml Driver HPZ12 displayname: Pml Driver HPZ12 Name: PolicyAgent displayname: IPSEC Services Name: ppped displayname: PowerPanel Personal Edition Service Name: ProtectedStorage displayname: Protected Storage Name: RasMan displayname: Remote Access Connection Manager Name: RemoteRegistry displayname: Remote Registry Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: ScsiAccess displayname: ScsiAccess Name: SeaPort displayname: SeaPort Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: stisvc displayname: Windows Image Acquisition (WIA) Name: Symantec Core LC displayname: Symantec Core LC Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: upnphost displayname: Universal Plug and Play Device Host Name: W32Time displayname: Windows Time Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows Management Instrumentation Name: wlidsvc displayname: Windows Live ID Sign-in Assistant Name: WMPNetworkSvc displayname: Windows Media Player Network Sharing Service Name: wscsvc displayname: Security Center Name: WSearch displayname: Windows Search Name: wuauserv displayname: Automatic Updates Name: WZCSVC displayname: Wireless Zero Configuration
  15. Hi new to the forum here so apologies if i am not in the right place for this topic. I am wondering if the latest def update has found false positives on these files they appear to have been on my computer for a couple years. They were detected as Win32.TrojanDownloader.Agent I am attaching the hijackthis log as well as ad aware log file after full system scan. I'm running windows xp pro sp3 ad aware free version 8.2.2 Thanks for any help in determining if these are false positives.