Logfile created: 5/1/2011 19:03:48 Ad-Aware version: 9.0.5 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: admin *********************** Definitions database information *********************** Lavasoft definition file: 150.383 Genotype definition file version: 2011/04/20 08:08:09 Extended engine definition file: 9139.0 ******************************** Scan results: ********************************* Scan profile name: Full Scan (ID: full) Objects scanned: 82557 Objects detected: 2 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 0 Folders.........: 0 LSPs............: 0 Cookies.........: 2 Browser hijacks.: 0 MRU objects.....: 0 Removed items: Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0 Description: *overture* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408834 Family ID: 0 Scan and cleaning complete: Finished correctly after 5826 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Full Scan ID: folderstoscan, enabled:1, value: C:\,D:\,E:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: N/A Scheduled scan settings: Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Thu Apr 28 04:54:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Thu Apr 28 10:54:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Thu Apr 28 16:54:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Thu Apr 28 22:54:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Thu Apr 28 04:54:00 2011 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: true ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: true ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: true ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: maintainbackup, enabled:1, value: true ****************************** System information ****************************** Computer name: JOHN Processor name: Intel(R) Core(TM)2 Duo CPU T7250 @ 2.00GHz Processor identifier: x86 Family 6 Model 15 Stepping 13 Processor speed: ~1995MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3853, number of processors 2, processor features: [MMX,SSE,SSE2] Physical memory available: 885465088 bytes Physical memory total: 2136965120 bytes Virtual memory available: 1905532928 bytes Virtual memory total: 2147352576 bytes Memory load: 58% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 708 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 772 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 796 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 840 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 852 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 1004 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1084 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1124 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1148 name: C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe owner: SYSTEM domain: NT AUTHORITY PID: 1216 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1268 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1400 name: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe owner: domain: PID: 1464 name: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe owner: domain: PID: 1556 name: C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe owner: domain: PID: 1568 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 1752 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 1848 name: C:\WINDOWS\Explorer.EXE owner: admin domain: JOHN PID: 1928 name: C:\WINDOWS\system32\svchost.exe owner: admin domain: JOHN PID: 164 name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe owner: SYSTEM domain: NT AUTHORITY PID: 172 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY PID: 184 name: C:\WINDOWS\system32\bgsvcgen.exe owner: SYSTEM domain: NT AUTHORITY PID: 248 name: C:\Program Files\Symantec AntiVirus\DefWatch.exe owner: domain: PID: 348 name: C:\WINDOWS\system32\inetsrv\inetinfo.exe owner: SYSTEM domain: NT AUTHORITY PID: 484 name: C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe owner: SYSTEM domain: NT AUTHORITY PID: 516 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY PID: 1160 name: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe owner: admin domain: JOHN PID: 1212 name: C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe owner: admin domain: JOHN PID: 1236 name: C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe owner: admin domain: JOHN PID: 1196 name: C:\Program Files\Nero\Nero 7\InCD\InCD.exe owner: admin domain: JOHN PID: 1328 name: C:\PROGRA~1\SYMANT~1\VPTray.exe owner: domain: PID: 1424 name: C:\WINDOWS\OEM02Mon.exe owner: admin domain: JOHN PID: 896 name: C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe owner: admin domain: JOHN PID: 1596 name: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe owner: admin domain: JOHN PID: 2120 name: C:\WINDOWS\system32\STacSV.exe owner: SYSTEM domain: NT AUTHORITY PID: 2196 name: C:\Program Files\Google\Google Talk\googletalk.exe owner: admin domain: JOHN PID: 2288 name: C:\Program Files\gAlwaysIdle\gidle.exe owner: admin domain: JOHN PID: 2312 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 2392 name: C:\Program Files\iTunes\iTunesHelper.exe owner: admin domain: JOHN PID: 2508 name: C:\Program Files\Common Files\Java\Java Update\jusched.exe owner: admin domain: JOHN PID: 2592 name: C:\WINDOWS\system32\ctfmon.exe owner: admin domain: JOHN PID: 2620 name: C:\Program Files\Symantec AntiVirus\Rtvscan.exe owner: domain: PID: 2680 name: C:\DOCUME~1\admin\LOCALS~1\Temp\AutoDetect.exe owner: admin domain: JOHN PID: 2804 name: C:\Program Files\ZTE Wireless Terminal\bin\MonServiceUDisk.exe owner: SYSTEM domain: NT AUTHORITY PID: 2880 name: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe owner: admin domain: JOHN PID: 2896 name: C:\Program Files\Panasonic\PHOTOfunSTUDIO 4.0 HD\AutoStartupService.exe owner: admin domain: JOHN PID: 2904 name: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE owner: admin domain: JOHN PID: 3332 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY PID: 3500 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY PID: 3544 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 3704 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 3940 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: admin domain: JOHN PID: 1984 name: C:\Program Files\Giganology\Gigaget\Gigaget.exe owner: admin domain: JOHN PID: 1444 name: C:\Program Files\Tata Photon+\Huawei\Tata Photon+.exe owner: admin domain: JOHN PID: 1996 name: C:\Program Files\Internet Explorer\IEXPLORE.EXE owner: admin domain: JOHN PID: 676 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: admin domain: JOHN PID: 3720 name: C:\Program Files\Mozilla Firefox\plugin-container.exe owner: admin domain: JOHN PID: 576 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: admin domain: JOHN Startup items: Name: nltide_2 imagepath: regsvr32 /s /n /i:U shell32 Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: GrooveMonitor imagepath: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" Name: Adobe Reader Speed Launcher imagepath: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" Name: RemoteControl imagepath: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" Name: NeroFilterCheck imagepath: C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe Name: SecurDisc imagepath: C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe Name: InCD imagepath: C:\Program Files\Nero\Nero 7\InCD\InCD.exe Name: vptray imagepath: C:\PROGRA~1\SYMANT~1\VPTray.exe Name: OEM02Mon.exe imagepath: C:\WINDOWS\OEM02Mon.exe Name: SigmatelSysTrayApp imagepath: %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe Name: ArcSoft Connection Service imagepath: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe Name: Gigaget imagepath: "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s Name: googletalk imagepath: C:\Program Files\Google\Google Talk\googletalk.exe /autostart Name: gidle imagepath: "C:\Program Files\gAlwaysIdle\gidle.exe" Name: iTunesHelper imagepath: "C:\Program Files\iTunes\iTunesHelper.exe" Name: SunJavaUpdateSched imagepath: "C:\Program Files\Common Files\Java\Java Update\jusched.exe" Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk imagepath: C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe Name: imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Name: location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO 4.0 HD Edition.lnk imagepath: C:\Program Files\Panasonic\PHOTOfunSTUDIO 4.0 HD\AutoStartupService.exe Name: imagepath: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Name: imagepath: lsdelete Running services: Name: ACDaemon displayname: ArcSoft Connect Daemon Name: ALG displayname: Application Layer Gateway Service Name: Apple Mobile Device displayname: Apple Mobile Device Name: AudioSrv displayname: Windows Audio Name: bgsvcgen displayname: B's Recorder GOLD Library General Service Name: BITS displayname: Background Intelligent Transfer Service Name: Browser displayname: Computer Browser Name: btwdins displayname: Bluetooth Service Name: ccEvtMgr displayname: Symantec Event Manager Name: ccSetMgr displayname: Symantec Settings Manager Name: CryptSvc displayname: Cryptographic Services Name: DcomLaunch displayname: DCOM Server Process Launcher Name: DefWatch displayname: Symantec AntiVirus Definition Watcher Name: Dhcp displayname: DHCP Client Name: dmserver displayname: Logical Disk Manager Name: Dnscache displayname: DNS Client Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: helpsvc displayname: Help and Support Name: HidServ displayname: HID Input Service Name: IISADMIN displayname: IIS Admin Name: InCDsrv displayname: InCD Helper Name: iPod Service displayname: iPod Service Name: JavaQuickStarterService displayname: Java Quick Starter Name: LanmanServer displayname: Server Name: lanmanworkstation displayname: Workstation Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: MSFtpsvc displayname: FTP Publishing Name: Netman displayname: Network Connections Name: Nla displayname: Network Location Awareness (NLA) Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPSEC Services Name: ProtectedStorage displayname: Protected Storage Name: RasMan displayname: Remote Access Connection Manager Name: RemoteRegistry displayname: Remote Registry Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: ShellHWDetection displayname: Shell Hardware Detection Name: SMTPSVC displayname: Simple Mail Transfer Protocol (SMTP) Name: SPBBCSvc displayname: Symantec SPBBCSvc Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: STacSV displayname: SigmaTel Audio Service Name: stisvc displayname: Windows Image Acquisition (WIA) Name: Symantec AntiVirus displayname: Symantec AntiVirus Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: UDisk Monitor displayname: UDisk Monitor Name: W32Time displayname: Windows Time Name: W3SVC displayname: World Wide Web Publishing Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows Management Instrumentation Name: wscsvc displayname: Security Center Name: wuauserv displayname: Automatic Updates Name: WZCSVC displayname: Wireless Zero Configuration