Adaware log file.
Logfile created: 7/18/2009 1:1:35
Lavasoft Ad-Aware version: 8.0.7
Extended engine version: 8.1
User performing scan: Torrie
*********************** Definitions database information ***********************
Lavasoft definition file: 149.7
Extended engine definition file: 8.1
******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 150199
Objects detected: 6
Type Detected
==========================
Processes.......: 1
Registry entries: 0
Hostfile entries: 0
Files...........: 5
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0
Removed items:
Description: C:\WINDOWS\CouponPrinter.ocx Family Name: Win32.Adware.BHO Clean status: Success Item ID: 766344 Family ID: 61
Description: C:\Program Files\Conference\Conference.key Family Name: Win32.TrojanPWS.OnlineGames Clean status: Success Item ID: 436448 Family ID: 1053
Quarantined items:
Description: \\?\globalroot\systemroot\system32\uacuenxsjeahrwrdxisc.dll Family Name: Win32.Trojan.Tdss Clean status: Reboot required Item ID: 942777 Family ID: 5401
Description: C:\WINDOWS\system32\UACuenxsjeahrwrdxisc.dll Family Name: Win32.Trojan.Tdss Clean status: Reboot required Item ID: 942777 Family ID: 5401
Description: C:\i386\mfc70u.dll Family Name: Win32.TrojanDropper.Delf Clean status: Success Item ID: 1238256 Family ID: 1385
Description: C:\WINDOWS\system32\mfc70u.dll Family Name: Win32.TrojanDropper.Delf Clean status: Success Item ID: 1238256 Family ID: 1385
Scan and cleaning complete: Finished correctly after 1779 seconds
*********************************** Settings ***********************************
Scan profile:
ID: full, enabled:1, value: Full Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value: C:\
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: scanrootkits, enabled:1, value: true
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480
Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav
Scheduled scan settings:
Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Sat Jul 18 00:10:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Sat Jul 18 00:10:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: true
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language
Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: true
ID: networkprotection, enabled:0, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: strict, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
****************************** System information ******************************
Computer name: D78TPXC1
Processor name: Genuine Intel(R) CPU T2080 @ 1.73GHz
Processor identifier: x86 Family 6 Model 14 Stepping 12
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3596, number of processors 2
Physical memory available: 570388480 bytes
Physical memory total: 1072029696 bytes
Virtual memory available: 2054230016 bytes
Virtual memory total: 2147352576 bytes
Memory load: 46%
Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Windows startup mode:
Running processes:
PID: 776 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 840 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 864 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 912 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 924 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1124 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1236 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1308 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1436 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1464 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1584 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1720 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1808 name: C:\Program Files\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1856 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1920 name: C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1988 name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT AUTHORITY
PID: 244 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 276 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 332 name: C:\WINDOWS\Explorer.EXE owner: Torrie domain: D78TPXC1
PID: 408 name: C:\WINDOWS\system32\nvsvc32.exe owner: SYSTEM domain: NT AUTHORITY
PID: 544 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 596 name: C:\WINDOWS\System32\WLTRYSVC.EXE owner: SYSTEM domain: NT AUTHORITY
PID: 668 name: C:\WINDOWS\System32\bcmwltry.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1560 name: C:\WINDOWS\system32\rundll32.exe owner: Torrie domain: D78TPXC1
PID: 1568 name: C:\WINDOWS\system32\WLTRAY.exe owner: Torrie domain: D78TPXC1
PID: 1620 name: C:\Program Files\Dell\QuickSet\quickset.exe owner: Torrie domain: D78TPXC1
PID: 1624 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: Torrie domain: D78TPXC1
PID: 1684 name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe owner: Torrie domain: D78TPXC1
PID: 1792 name: C:\Program Files\NetWaiting\netWaiting.exe owner: Torrie domain: D78TPXC1
PID: 968 name: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe owner: Torrie domain: D78TPXC1
PID: 1764 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Torrie domain: D78TPXC1
PID: 400 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1504 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2076 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3488 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3720 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Torrie domain: D78TPXC1
PID: 2700 name: C:\WINDOWS\system32\wuauclt.exe owner: Torrie domain: D78TPXC1
PID: 4084 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Torrie domain: D78TPXC1
Startup items:
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: {D76AB2A1-00F3-42BD-F434-00BBC39C8953}
imagepath: rtasgvfu76ew8ndkfno94
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: NvCplDaemon
imagepath: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
Name: nwiz
imagepath: nwiz.exe /installquiet
Name: NVHotkey
imagepath: rundll32.exe nvHotkey.dll,Start
Name: Broadcom Wireless Manager UI
imagepath: C:\WINDOWS\system32\WLTRAY.exe
Name: Dell QuickSet
imagepath: C:\Program Files\Dell\QuickSet\quickset.exe
Name: SynTPEnh
imagepath: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Name: avgnt
imagepath: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Name: Malwarebytes Anti-Malware (reboot)
imagepath: "C:\Program Files\Malwarebytes' Anti-Malware\winlogin.exe" /runcleanupscript
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Name:
imagepath: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete
Running services:
Name: AdobeActiveFileMonitor4.0
displayname: Adobe Active File Monitor V4
Name: ALG
displayname: Application Layer Gateway Service
Name: AntiVirSchedulerService
displayname: Avira AntiVir Scheduler
Name: AntiVirService
displayname: Avira AntiVir Guard
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioSrv
displayname: Windows Audio
Name: Bonjour Service
displayname: Bonjour Service
Name: Browser
displayname: Computer Browser
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: helpsvc
displayname: Help and Support
Name: HidServ
displayname: Human Interface Device Access
Name: HTTPFilter
displayname: HTTP SSL
Name: lanmanserver
displayname: Server
Name: lanmanworkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: NVSvc
displayname: NVIDIA Display Driver Service
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: w32time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: winmgmt
displayname: Windows Management Instrumentation
Name: wltrysvc
displayname: Dell Wireless WLAN Tray Service
Name: wuauserv
displayname: Automatic Updates