Logfile created: 7/31/2011 03:19:28 Ad-Aware version: 9.0.7 Extended engine: 3 Extended engine version: 3.1.2770 User performing scan: NEVILLE *********************** Definitions database information *********************** Lavasoft definition file: 1.0 Genotype definition file version: Unknown ******************************** Scan results: ********************************* Scan profile name: Full Scan (ID: full) Objects scanned: 89183 Objects detected: 3 Type Detected ========================== Processes.......: 0 Registry entries: 0 Hostfile entries: 0 Files...........: 3 Folders.........: 0 LSPs............: 0 Cookies.........: 0 Browser hijacks.: 0 MRU objects.....: 0 Quarantined items: Description: c:\recycler\s-1-5-21-1757981266-861567501-1606980848-1003\dc15.tmp\installerhelperplugin.dll Family Name: Zango[780] Engine: 1 Clean status: Success Item ID: 0 Family ID: 0 MD5: 52a442935d96e94c780ca616feed71f3 Description: c:\system volume information\_restore{6e2ee949-2f9a-493d-a6e3-0983d9ef1984}\rp82\a0046763.dll Family Name: Zango[780] Engine: 1 Clean status: Success Item ID: 0 Family ID: 0 MD5: 76c78a88d548d4aa734e814b909cb6ab Description: c:\system volume information\_restore{6e2ee949-2f9a-493d-a6e3-0983d9ef1984}\rp82\a0046767.dll Family Name: Zango[780] Engine: 1 Clean status: Success Item ID: 0 Family ID: 0 MD5: f570e59880aef53c0bc05b2ff404e9b0 Scan and cleaning complete: Finished correctly after 1664 seconds *********************************** Settings *********************************** Scan profile: ID: full, enabled:1, value: Full Scan ID: folderstoscan, enabled:1, value: C:\,D:\ ID: useantivirus, enabled:1, value: true ID: sections, enabled:1 ID: scancriticalareas, enabled:1, value: true ID: scanrunningapps, enabled:1, value: true ID: scanregistry, enabled:1, value: true ID: scanlsp, enabled:1, value: true ID: scanads, enabled:1, value: true ID: scanhostsfile, enabled:1, value: true ID: scanmru, enabled:1, value: true ID: scanbrowserhijacks, enabled:1, value: true ID: scantrackingcookies, enabled:1, value: true ID: closebrowsers, enabled:1, value: false ID: filescanningoptions, enabled:1 ID: archives, enabled:1, value: true ID: onlyexecutables, enabled:1, value: false ID: skiplargerthan, enabled:1, value: 20480 ID: scanrootkits, enabled:1, value: true ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict ID: usespywareheuristics, enabled:1, value: true Scan global: ID: global, enabled:1 ID: addtocontextmenu, enabled:1, value: true ID: playsoundoninfection, enabled:1, value: false ID: soundfile, enabled:0, value: N/A Scheduled scan settings: Update settings: ID: updates, enabled:1 ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall ID: schedules, enabled:1, value: true ID: updatedaily1, enabled:1, value: Daily 1 ID: time, enabled:1, value: Sun Jul 31 03:18:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily2, enabled:1, value: Daily 2 ID: time, enabled:1, value: Sun Jul 31 09:18:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily3, enabled:1, value: Daily 3 ID: time, enabled:1, value: Sun Jul 31 15:18:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updatedaily4, enabled:1, value: Daily 4 ID: time, enabled:1, value: Sun Jul 31 21:18:00 2011 ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: false ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: false ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false ID: updateweekly1, enabled:1, value: Weekly ID: time, enabled:1, value: Sun Jul 31 03:18:00 2011 ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly ID: weekdays, enabled:1 ID: monday, enabled:1, value: false ID: tuesday, enabled:1, value: false ID: wednesday, enabled:1, value: true ID: thursday, enabled:1, value: false ID: friday, enabled:1, value: false ID: saturday, enabled:1, value: false ID: sunday, enabled:1, value: true ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31 ID: scanprofile, enabled:1, value: ID: auto_deal_with_infections, enabled:1, value: false Appearance settings: ID: appearance, enabled:1 ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource ID: showtrayicon, enabled:1, value: true ID: autoentertainmentmode, enabled:1, value: true ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language Realtime protection settings: ID: realtime, enabled:1 ID: layers, enabled:1 ID: useantivirus, enabled:1, value: true ID: usespywareheuristics, enabled:1, value: true ID: maintainbackup, enabled:1, value: true ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant ID: modules, enabled:1 ID: processprotection, enabled:1, value: true ID: onaccessprotection, enabled:1, value: true ID: registryprotection, enabled:1, value: true ID: networkprotection, enabled:1, value: true ****************************** System information ****************************** Computer name: NEVILLE-F5FFDC7 Processor name: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz Processor identifier: x86 Family 6 Model 23 Stepping 6 Processor speed: ~2533MHZ Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 5894, number of processors 2, processor features: [MMX,SSE,SSE2] Physical memory available: 980365312 bytes Physical memory total: 2012393472 bytes Virtual memory available: 2016071680 bytes Virtual memory total: 2147352576 bytes Memory load: 51% Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Windows startup mode: Running processes: PID: 880 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY PID: 944 name: C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY PID: 968 name: C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY PID: 1012 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY PID: 1024 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY PID: 1200 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1248 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1372 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1488 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY PID: 1624 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 1768 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY PID: 2044 name: C:\WINDOWS\Explorer.EXE owner: NEVILLE domain: NEVILLE-F5FFDC7 PID: 204 name: C:\Program Files\AVG\AVG10\avgtray.exe owner: domain: PID: 212 name: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe owner: NEVILLE domain: NEVILLE-F5FFDC7 PID: 220 name: C:\Program Files\RamBooster 2.0\Rambooster.exe owner: NEVILLE domain: NEVILLE-F5FFDC7 PID: 228 name: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe owner: NEVILLE domain: NEVILLE-F5FFDC7 PID: 276 name: C:\Program Files\PowerMenu\PowerMenu.exe owner: NEVILLE domain: NEVILLE-F5FFDC7 PID: 396 name: C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe owner: NEVILLE domain: NEVILLE-F5FFDC7 PID: 576 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 612 name: C:\Program Files\AVG\AVG10\avgfws.exe owner: domain: PID: 636 name: C:\Program Files\AVG\AVG10\avgwdsvc.exe owner: domain: PID: 1336 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY PID: 1928 name: C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe owner: domain: PID: 2428 name: C:\Program Files\AVG\AVG10\avgam.exe owner: domain: PID: 2484 name: C:\Program Files\AVG\AVG10\avgnsx.exe owner: SYSTEM domain: NT AUTHORITY PID: 2888 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY PID: 2996 name: C:\Program Files\AVG\AVG10\avgemcx.exe owner: SYSTEM domain: NT AUTHORITY PID: 1956 name: C:\Program Files\AVG\AVG10\avgrsx.exe owner: SYSTEM domain: NT AUTHORITY PID: 200 name: C:\Program Files\AVG\AVG10\avgchsvx.exe owner: SYSTEM domain: NT AUTHORITY PID: 2452 name: C:\Program Files\AVG\AVG10\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY PID: 3248 name: C:\Program Files\AVG\AVG10\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY PID: 3716 name: C:\Program Files\internet explorer\iexplore.exe owner: NEVILLE domain: NEVILLE-F5FFDC7 PID: 1360 name: C:\Program Files\internet explorer\iexplore.exe owner: NEVILLE domain: NEVILLE-F5FFDC7 PID: 468 name: C:\Program Files\AVG\AVG10\avgui.exe owner: NEVILLE domain: NEVILLE-F5FFDC7 PID: 2908 name: C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe owner: NEVILLE domain: NEVILLE-F5FFDC7 PID: 788 name: C:\WINDOWS\system32\msiexec.exe owner: SYSTEM domain: NT AUTHORITY PID: 1916 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY PID: 1796 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: NEVILLE domain: NEVILLE-F5FFDC7 PID: 4076 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: NEVILLE domain: NEVILLE-F5FFDC7 PID: 2708 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY PID: 2312 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY Startup items: Name: SpybotDeletingA3624 imagepath: command.com /c del "C:\Documents and Settings\NEVILLE\Application Data\ShoppingReport2\cs\Config.xml" Name: SpybotDeletingC8101 imagepath: cmd.exe /c del "C:\Documents and Settings\NEVILLE\Application Data\ShoppingReport2\cs\Config.xml" Name: AVG_TRAY imagepath: C:\Program Files\AVG\AVG10\avgtray.exe Name: WinPatrol imagepath: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot Name: WPDShServiceObj imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5} Name: PostBootReminder imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9} Name: CDBurn imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9} Name: WebCheck imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED} Name: SysTray imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153} Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1} imagepath: Browseui preloader Name: {8C7461EF-2B13-11d2-BE35-3078302C2030} imagepath: Component Categories cache daemon Name: imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Name: imagepath: C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini Bootexecute items: Name: imagepath: autocheck autochk * Running services: Name: ALG displayname: Application Layer Gateway Service Name: AudioSrv displayname: Windows Audio Name: avgfws displayname: AVG Firewall Name: AVGIDSAgent displayname: AVGIDSAgent Name: avgwd displayname: AVG WatchDog Name: BITS displayname: Background Intelligent Transfer Service Name: Browser displayname: Computer Browser Name: CryptSvc displayname: CryptSvc Name: DcomLaunch displayname: DCOM Server Process Launcher Name: Dhcp displayname: DHCP Client Name: dmserver displayname: Logical Disk Manager Name: Dnscache displayname: DNS Client Name: ERSvc displayname: Error Reporting Service Name: Eventlog displayname: Event Log Name: EventSystem displayname: COM+ Event System Name: FastUserSwitchingCompatibility displayname: Fast User Switching Compatibility Name: helpsvc displayname: Help and Support Name: LanmanServer displayname: Server Name: lanmanworkstation displayname: Workstation Name: LmHosts displayname: TCP/IP NetBIOS Helper Name: MSIServer displayname: Windows Installer Name: Netman displayname: Network Connections Name: Nla displayname: Network Location Awareness (NLA) Name: PlugPlay displayname: Plug and Play Name: PolicyAgent displayname: IPSEC Services Name: ProtectedStorage displayname: Protected Storage Name: RasMan displayname: Remote Access Connection Manager Name: RemoteRegistry displayname: Remote Registry Name: RpcSs displayname: Remote Procedure Call (RPC) Name: SamSs displayname: Security Accounts Manager Name: Schedule displayname: Task Scheduler Name: seclogon displayname: Secondary Logon Name: SENS displayname: System Event Notification Name: SharedAccess displayname: Windows Firewall/Internet Connection Sharing (ICS) Name: ShellHWDetection displayname: Shell Hardware Detection Name: Spooler displayname: Print Spooler Name: srservice displayname: System Restore Service Name: SSDPSRV displayname: SSDP Discovery Service Name: stisvc displayname: Windows Image Acquisition (WIA) Name: TapiSrv displayname: Telephony Name: TermService displayname: Terminal Services Name: Themes displayname: Themes Name: TrkWks displayname: Distributed Link Tracking Client Name: W32Time displayname: Windows Time Name: WebClient displayname: WebClient Name: winmgmt displayname: Windows Management Instrumentation Name: wscsvc displayname: Security Center Name: wuauserv displayname: Automatic Updates Name: WZCSVC displayname: Wireless Zero Configuration Name: Lavasoft Ad-Aware Service displayname: Lavasoft Ad-Aware Service