Sign in to follow this  
HLM

Adware.agent Shell32.dll

Recommended Posts

Hello, Hope I'm posting in the right place.

 

Recently, I've been infected with a very nasty bit of spyware.

Adaware picked up a number of objects which I tried to remove, which in turn made my computer unable to use any shotcut icons, prevented programs from running and other nasties. I ended up backing up formatting.

I was amazed to see even after a fresh format, the same spyware returned! I had only installed hardware drivers, Adaware, AVG antivirus, and Spybot S&D. I had backed up some files to another hard drive, and others were transferred to another computer.

 

Now, after the return of the spyware, I did some more scanning to track it down. Here's what I found.

 

1) First, I scanned only Active Processes:

 

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 Possible New Malware 0(TAC index:3):12 total references
Adware.Agent(TAC index:5):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath		   : \SystemRoot\System32\
ProcessID		  : 484
ThreadCreationTime : 21-07-2007 3:00:35 a.m.
BasePriority	   : Normal


#:2 [csrss.exe]
FilePath		   : \??\C:\WINDOWS\system32\
ProcessID		  : 540
ThreadCreationTime : 21-07-2007 3:00:36 a.m.
BasePriority	   : Normal


#:3 [winlogon.exe]
FilePath		   : \??\C:\WINDOWS\system32\
ProcessID		  : 564
ThreadCreationTime : 21-07-2007 3:00:37 a.m.
BasePriority	   : High


Adware.Agent Object Recognized!
Type			   : Process
Data			   : SHELL32.dll
TAC Rating		 : 5
Category		   : Adware
Comment			: main_uninstaller.exe.dmp
Object			 : C:\WINDOWS\system32\
FileVersion		: 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion	 : 6.00.2600.0000
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Windows Shell Common Dll
InternalName	   : SHELL32
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : SHELL32.DLL

Warning! Adware.Agent Object found in memory(C:\WINDOWS\system32\SHELL32.dll)


#:4 [services.exe]
FilePath		   : C:\WINDOWS\system32\
ProcessID		  : 608
ThreadCreationTime : 21-07-2007 3:00:38 a.m.
BasePriority	   : Normal
FileVersion		: 5.1.2600.0 (xpclient.010817-1148)
ProductVersion	 : 5.1.2600.0
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Services and Controller app
InternalName	   : services.exe
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : services.exe

#:5 [lsass.exe]
FilePath		   : C:\WINDOWS\system32\
ProcessID		  : 620
ThreadCreationTime : 21-07-2007 3:00:38 a.m.
BasePriority	   : Normal
FileVersion		: 5.1.2600.0 (xpclient.010817-1148)
ProductVersion	 : 5.1.2600.0
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: LSA Shell (Export Version)
InternalName	   : lsass.exe
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : lsass.exe

0 Possible New Malware 0 Object Recognized!
Type			   : Process
Data			   : SHELL32.dll
TAC Rating		 : 0
Category		   : Data Miner
Comment			: 
Object			 : C:\WINDOWS\system32\
FileVersion		: 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion	 : 6.00.2600.0000
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Windows Shell Common Dll
InternalName	   : SHELL32
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : SHELL32.DLL


#:6 [svchost.exe]
FilePath		   : C:\WINDOWS\system32\
ProcessID		  : 800
ThreadCreationTime : 21-07-2007 3:00:38 a.m.
BasePriority	   : Normal
FileVersion		: 5.1.2600.0 (xpclient.010817-1148)
ProductVersion	 : 5.1.2600.0
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Generic Host Process for Win32 Services
InternalName	   : svchost.exe
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : svchost.exe

0 Possible New Malware 0 Object Recognized!
Type			   : Process
Data			   : SHELL32.dll
TAC Rating		 : 0
Category		   : Data Miner
Comment			: 
Object			 : C:\WINDOWS\system32\
FileVersion		: 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion	 : 6.00.2600.0000
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Windows Shell Common Dll
InternalName	   : SHELL32
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : SHELL32.DLL


#:7 [svchost.exe]
FilePath		   : C:\WINDOWS\System32\
ProcessID		  : 852
ThreadCreationTime : 21-07-2007 3:00:38 a.m.
BasePriority	   : Normal
FileVersion		: 5.1.2600.0 (xpclient.010817-1148)
ProductVersion	 : 5.1.2600.0
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Generic Host Process for Win32 Services
InternalName	   : svchost.exe
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : svchost.exe

0 Possible New Malware 0 Object Recognized!
Type			   : Process
Data			   : shell32.dll
TAC Rating		 : 0
Category		   : Data Miner
Comment			: 
Object			 : C:\WINDOWS\system32\
FileVersion		: 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion	 : 6.00.2600.0000
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Windows Shell Common Dll
InternalName	   : SHELL32
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : SHELL32.DLL


#:8 [svchost.exe]
FilePath		   : C:\WINDOWS\System32\
ProcessID		  : 976
ThreadCreationTime : 21-07-2007 3:00:39 a.m.
BasePriority	   : Normal
FileVersion		: 5.1.2600.0 (xpclient.010817-1148)
ProductVersion	 : 5.1.2600.0
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Generic Host Process for Win32 Services
InternalName	   : svchost.exe
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : svchost.exe

0 Possible New Malware 0 Object Recognized!
Type			   : Process
Data			   : SHELL32.dll
TAC Rating		 : 0
Category		   : Data Miner
Comment			: 
Object			 : C:\WINDOWS\system32\
FileVersion		: 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion	 : 6.00.2600.0000
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Windows Shell Common Dll
InternalName	   : SHELL32
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : SHELL32.DLL

"C:\WINDOWS\System32\svchost.exe"Process terminated successfully

#:9 [svchost.exe]
FilePath		   : C:\WINDOWS\System32\
ProcessID		  : 996
ThreadCreationTime : 21-07-2007 3:00:39 a.m.
BasePriority	   : Normal
FileVersion		: 5.1.2600.0 (xpclient.010817-1148)
ProductVersion	 : 5.1.2600.0
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Generic Host Process for Win32 Services
InternalName	   : svchost.exe
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : svchost.exe

0 Possible New Malware 0 Object Recognized!
Type			   : Process
Data			   : SHELL32.dll
TAC Rating		 : 0
Category		   : Data Miner
Comment			: 
Object			 : C:\WINDOWS\system32\
FileVersion		: 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion	 : 6.00.2600.0000
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Windows Shell Common Dll
InternalName	   : SHELL32
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : SHELL32.DLL


#:10 [explorer.exe]
FilePath		   : C:\WINDOWS\
ProcessID		  : 1224
ThreadCreationTime : 21-07-2007 3:00:39 a.m.
BasePriority	   : Normal
FileVersion		: 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion	 : 6.00.2600.0000
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Windows Explorer
InternalName	   : explorer
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : EXPLORER.EXE

0 Possible New Malware 0 Object Recognized!
Type			   : Process
Data			   : SHELL32.dll
TAC Rating		 : 0
Category		   : Data Miner
Comment			: 
Object			 : C:\WINDOWS\system32\
FileVersion		: 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion	 : 6.00.2600.0000
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Windows Shell Common Dll
InternalName	   : SHELL32
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : SHELL32.DLL


#:11 [spoolsv.exe]
FilePath		   : C:\WINDOWS\system32\
ProcessID		  : 1264
ThreadCreationTime : 21-07-2007 3:00:40 a.m.
BasePriority	   : Normal
FileVersion		: 5.1.2600.0 (XPClient.010817-1148)
ProductVersion	 : 5.1.2600.0
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Spooler SubSystem App
InternalName	   : spoolsv.exe
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : spoolsv.exe

0 Possible New Malware 0 Object Recognized!
Type			   : Process
Data			   : SHELL32.dll
TAC Rating		 : 0
Category		   : Data Miner
Comment			: 
Object			 : C:\WINDOWS\system32\
FileVersion		: 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion	 : 6.00.2600.0000
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Windows Shell Common Dll
InternalName	   : SHELL32
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : SHELL32.DLL


#:12 [avgcc.exe]
FilePath		   : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID		  : 1376
ThreadCreationTime : 21-07-2007 3:00:40 a.m.
BasePriority	   : Normal
FileVersion		: 7.5.0.460
ProductVersion	 : 7.5.0.460
ProductName		: AVG Anti-Virus system
CompanyName		: GRISOFT, s.r.o.
FileDescription	: AVG Control Center
InternalName	   : AvgCC
LegalCopyright	 : Copyright © 2007 GRISOFT, s.r.o.
OriginalFilename   : AvgCC.EXE

0 Possible New Malware 0 Object Recognized!
Type			   : Process
Data			   : SHELL32.dll
TAC Rating		 : 0
Category		   : Data Miner
Comment			: 
Object			 : C:\WINDOWS\system32\
FileVersion		: 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion	 : 6.00.2600.0000
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Windows Shell Common Dll
InternalName	   : SHELL32
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : SHELL32.DLL


#:13 [ctfmon.exe]
FilePath		   : C:\WINDOWS\System32\
ProcessID		  : 1392
ThreadCreationTime : 21-07-2007 3:00:40 a.m.
BasePriority	   : Normal
FileVersion		: 5.1.2600.0 (xpclient.010817-1148)
ProductVersion	 : 5.1.2600.0
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: CTF Loader
InternalName	   : CTFMON
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : CTFMON.EXE

#:14 [avgamsvr.exe]
FilePath		   : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID		  : 1996
ThreadCreationTime : 21-07-2007 3:00:50 a.m.
BasePriority	   : Normal
FileVersion		: 7.5.0.453
ProductVersion	 : 7.5.0.453
ProductName		: AVG Anti-Virus system
CompanyName		: GRISOFT, s.r.o.
FileDescription	: AVG Alert Manager
InternalName	   : avgamsvr
LegalCopyright	 : Copyright © 2007 GRISOFT, s.r.o.
OriginalFilename   : avgamsvr.EXE

0 Possible New Malware 0 Object Recognized!
Type			   : Process
Data			   : SHELL32.dll
TAC Rating		 : 0
Category		   : Data Miner
Comment			: 
Object			 : C:\WINDOWS\system32\
FileVersion		: 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion	 : 6.00.2600.0000
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Windows Shell Common Dll
InternalName	   : SHELL32
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : SHELL32.DLL


#:15 [avgupsvc.exe]
FilePath		   : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID		  : 2020
ThreadCreationTime : 21-07-2007 3:00:51 a.m.
BasePriority	   : Normal
FileVersion		: 7.5.0.420
ProductVersion	 : 7.5.0.420
ProductName		: AVG 7.5 Anti-Virus System
CompanyName		: GRISOFT, s.r.o.
FileDescription	: AVG Update Service
InternalName	   : avgupsvc
LegalCopyright	 : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename   : avgupdsvc.EXE

#:16 [googleupdaterservice.exe]
FilePath		   : C:\Program Files\Google\Common\Google Updater\
ProcessID		  : 152
ThreadCreationTime : 21-07-2007 3:00:51 a.m.
BasePriority	   : Normal
FileVersion		: 2.2.824.5515.beta
ProductVersion	 : 2.2.824.5515.beta
ProductName		: Google Updater
CompanyName		: Google
FileDescription	: gusvc
InternalName	   : gusvc
LegalCopyright	 : ©2005-2006 Google. All Rights Reserved.
OriginalFilename   : GoogleUpdaterService.exe
Comments		   : Google Updater

0 Possible New Malware 0 Object Recognized!
Type			   : Process
Data			   : SHELL32.dll
TAC Rating		 : 0
Category		   : Data Miner
Comment			: 
Object			 : C:\WINDOWS\system32\
FileVersion		: 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion	 : 6.00.2600.0000
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Windows Shell Common Dll
InternalName	   : SHELL32
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : SHELL32.DLL

"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"Process terminated successfully

#:17 [nvsvc32.exe]
FilePath		   : C:\WINDOWS\System32\
ProcessID		  : 188
ThreadCreationTime : 21-07-2007 3:00:51 a.m.
BasePriority	   : Normal
FileVersion		: 6.14.10.9371
ProductVersion	 : 6.14.10.9371
ProductName		: NVIDIA Driver Helper Service, Version 93.71
CompanyName		: NVIDIA Corporation
FileDescription	: NVIDIA Driver Helper Service, Version 93.71
InternalName	   : NVSVC
LegalCopyright	 : (C) NVIDIA Corporation. All rights reserved.
OriginalFilename   : nvsvc32.exe

#:18 [teatimer.exe]
FilePath		   : C:\Program Files\Spybot - Search & Destroy\
ProcessID		  : 1012
ThreadCreationTime : 21-07-2007 3:16:54 a.m.
BasePriority	   : Idle
FileVersion		: 1, 4, 0, 2
ProductVersion	 : 1, 4, 0, 3
ProductName		: Spybot - Search & Destroy
CompanyName		: Safer Networking Limited
FileDescription	: System settings protector
InternalName	   : TeaTimer
LegalCopyright	 : © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
LegalTrademarks	: "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
OriginalFilename   : TeaTimer.exe
Comments		   : Schützt Systemeinstellungen vor ungewollten Änderungen.

0 Possible New Malware 0 Object Recognized!
Type			   : Process
Data			   : shell32.dll
TAC Rating		 : 0
Category		   : Data Miner
Comment			: 
Object			 : C:\WINDOWS\system32\
FileVersion		: 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion	 : 6.00.2600.0000
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Windows Shell Common Dll
InternalName	   : SHELL32
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : SHELL32.DLL


#:19 [ad-aware.exe]
FilePath		   : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID		  : 728
ThreadCreationTime : 21-07-2007 4:37:59 a.m.
BasePriority	   : Normal
FileVersion		: 6.2.0.236
ProductVersion	 : SE 106
ProductName		: Lavasoft Ad-Aware SE
CompanyName		: Lavasoft Sweden
FileDescription	: Ad-Aware SE Core application
InternalName	   : Ad-Aware.exe
LegalCopyright	 : Copyright © Lavasoft AB Sweden
OriginalFilename   : Ad-Aware.exe
Comments		   : All Rights Reserved

0 Possible New Malware 0 Object Recognized!
Type			   : Process
Data			   : shell32.dll
TAC Rating		 : 0
Category		   : Data Miner
Comment			: 
Object			 : C:\WINDOWS\system32\
FileVersion		: 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion	 : 6.00.2600.0000
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Windows Shell Common Dll
InternalName	   : SHELL32
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : SHELL32.DLL


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13

4:40:19 p.m. Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:12.63
Objects scanned:1153
Objects identified:0
Objects ignored:0
New critical objects:0

 

2) Then I scanned only the registry (normal and deep scan).

 

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 Possible New Malware 0(TAC index:3):27 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

0 Possible New Malware 0 Object Recognized!
Type			   : Regkey
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{00021400-0000-0000-C000-000000000046}

0 Possible New Malware 0 Object Recognized!
Type			   : File
Data			   : shell32.dll
TAC Rating		 : 0
Category		   : Data Miner
Comment			: 
Object			 : c:\windows\system32\
FileVersion		: 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion	 : 6.00.2600.0000
ProductName		: Microsoft® Windows® Operating System
CompanyName		: Microsoft Corporation
FileDescription	: Windows Shell Common Dll
InternalName	   : SHELL32
LegalCopyright	 : © Microsoft Corporation. All rights reserved.
OriginalFilename   : SHELL32.DLL


0 Possible New Malware 0 Object Recognized!
Type			   : Regkey
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{00021401-0000-0000-C000-000000000046}

0 Possible New Malware 0 Object Recognized!
Type			   : Regkey
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{217FC9C0-3AEA-1069-A2DB-08002B30309D}

0 Possible New Malware 0 Object Recognized!
Type			   : Regkey
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}

0 Possible New Malware 0 Object Recognized!
Type			   : RegValue
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{21EC2020-3AEA-1069-A2DD-08002B30309D}
Value			  : InfoTip

0 Possible New Malware 0 Object Recognized!
Type			   : Regkey
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D}

0 Possible New Malware 0 Object Recognized!
Type			   : RegValue
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D}
Value			  : InfoTip

0 Possible New Malware 0 Object Recognized!
Type			   : RegValue
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D}
Value			  : IntroText

0 Possible New Malware 0 Object Recognized!
Type			   : RegValue
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D}
Value			  : {305CA226-D286-468e-B848-2B2E8E697B74} 2

0 Possible New Malware 0 Object Recognized!
Type			   : RegValue
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{2227A280-3AEA-1069-A2DE-08002B30309D}
Value			  : LocalizedString

0 Possible New Malware 0 Object Recognized!
Type			   : Regkey
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{3DA165B6-CC41-11d2-BDC6-00C04F79EC6B}

0 Possible New Malware 0 Object Recognized!
Type			   : Regkey
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{61E218E0-65D3-101B-9F08-061CEAC3D50D}

0 Possible New Malware 0 Object Recognized!
Type			   : Regkey
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{645FF040-5081-101B-9F08-00AA002F954E}

0 Possible New Malware 0 Object Recognized!
Type			   : RegValue
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{645FF040-5081-101B-9F08-00AA002F954E}
Value			  : InfoTip

0 Possible New Malware 0 Object Recognized!
Type			   : RegValue
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{645FF040-5081-101B-9F08-00AA002F954E}
Value			  : SortOrderIndex

0 Possible New Malware 0 Object Recognized!
Type			   : RegValue
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{645FF040-5081-101B-9F08-00AA002F954E}
Value			  : IntroText

0 Possible New Malware 0 Object Recognized!
Type			   : RegValue
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{645FF040-5081-101B-9F08-00AA002F954E}
Value			  : LocalizedString

0 Possible New Malware 0 Object Recognized!
Type			   : Regkey
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{86F19A00-42A0-1069-A2E9-08002B30309D}

0 Possible New Malware 0 Object Recognized!
Type			   : Regkey
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{86F19A00-42A0-1069-A2EB-08002B30309D}

0 Possible New Malware 0 Object Recognized!
Type			   : Regkey
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}

0 Possible New Malware 0 Object Recognized!
Type			   : Regkey
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: C:\WINDOWS\System32\shell32.dll
Rootkey			: HKEY_CLASSES_ROOT
Object			 : CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}

0 Possible New Malware 0 Object Recognized!
Type			   : Regkey
Data			   : C:\WINDOWS\system32\SHELL32.dll
TAC Rating		 : 0
Category		   : Data Miner
Comment			: 
Rootkey			: HKEY_CLASSES_ROOT
Object			 : TYPELIB\{50A7E9B0-70EF-11D1-B75A-00A0C90564FE}

0 Possible New Malware 0 Object Recognized!
Type			   : Regkey
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: ({00021401-0000-0000-C000-000000000046})
Rootkey			: HKEY_CLASSES_ROOT
Object			 : lnkfile

0 Possible New Malware 0 Object Recognized!
Type			   : RegValue
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: ({00021401-0000-0000-C000-000000000046})
Rootkey			: HKEY_CLASSES_ROOT
Object			 : lnkfile
Value			  : EditFlags

0 Possible New Malware 0 Object Recognized!
Type			   : RegValue
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: ({00021401-0000-0000-C000-000000000046})
Rootkey			: HKEY_CLASSES_ROOT
Object			 : lnkfile
Value			  : IsShortcut

0 Possible New Malware 0 Object Recognized!
Type			   : RegValue
Data			   : 
TAC Rating		 : 0
Category		   : Data Miner
Comment			: ({00021401-0000-0000-C000-000000000046})
Rootkey			: HKEY_CLASSES_ROOT
Object			 : lnkfile
Value			  : NeverShowExt

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 26
Objects found so far: 27


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 27

4:45:48 p.m. Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:16.797
Objects scanned:86070
Objects identified:27
Objects ignored:0
New critical objects:27

 

Now when the spyware is detected, a Remote Procedure Call Service window will pop up warning the computer will shut down after 1 minute. However, I can bypass this by running the command shutdown -a and continue the scan.

Trying to delete the spyware will cause everything in the background to disappear. Adaware will freeze on "Deleting Selection" (Though the program is still responsive). The last thing I did was try removing the detected entries in the registry scan, but that caused the problems I explained before (due to shell32.dll)

Edited by HLM

Share this post


Link to post
Share on other sites

Thanks.

I've since installed Windows once again, this time using the "Repair" installation, so my files and most of my settings remained intact. Sure enough, another scan brings up the same spyware. Another oddity is Internet Explorer shows an error and closes the page when trying to view these forums. Don't know how related this is to the spyware problem.

 

I've also ran HijackThis. eSe below for log.

 

So at the moment I've cleaned any bugs out of the registry, and am left with the 1 adwaare.agent and 13 possible malware "processes". I know if I try and remove them again, the system will go all funny, so I'm just going to wait and see if anyone's got any suggestions.

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:47:03 a.m., on 22/07/2007
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 2922 bytes

Share this post


Link to post
Share on other sites

Here's HJT's log file:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 01:04:08, on 2007-07-23

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\ATKKBService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Creative\ShareDLL\CtNotify.exe

C:\PROGRA~1\NORTON~1\navapw32.exe

C:\WINDOWS\essspk.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Creative\ShareDLL\MediaDet.Exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\CTHELPER.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ASUS\Ai Booster\OverClk.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\program files\valve\steam\steam.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run

O4 - HKLM\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AsioReg] REGSVR32 /S CTASIO.DLL

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [Taskbar] C:\Program Files\Creative\SBAudigy\Taskbar\CTLTask.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [steam] "c:\program files\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe /start

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.cyberlink.com/winxp/CheckDVD.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1159157888467

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 7188 bytes

Share this post


Link to post
Share on other sites

The Shell32.dll detection was apparently a False Positive which has now been fixed.

 

Please update your Adaware to the latest reference file update and let us know if that resolves the issue?

 

See here:

shell32.dll

http://www.lavasoftsupport.com/index.php?showtopic=11200

 

Hi HLM!

Thank's for posting!

This issue should be resolved as of the release of the new definition files.

 

0010.0000 is now available, new definition file for Ad-Aware 2007.

SE1R182 23.07.2007 is now available, new definition file for Ad-Aware SE.

Regards,

Pekka

Lavasoft Research

Share this post


Link to post
Share on other sites
Sign in to follow this