Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ad Aware detected win32 Rootkit Agent

Started by toruser , Mar 02 2008 02:36 PM

  • Please log in to reply

#1
toruser
Posted 02 March 2008 - 02:36 PM

toruser

    New Member

  • Member
  • Pip
  • 2 posts
I did a full system scan this morning with Ad Aware 2007 Free Edition and found a file called win32 Rootkit Agent. It was the only one displayed on the infections list, but below it said 5 infections detected. I use XP Pro. How do I get rid of this root kit? Strange though, last night I was doing my Friday scans and I did check for Rootkits with AVG Anit Rootkit Free Edition. I did a deep scan with AVG Anit Rootkit last night and found no root kits then. I didn't since go online till today.

So I told Ad Aware to remove this win32 Rootkit Agent. I did a second full scan to see if it was still there. It no longer displays on the infections list, but Ad Aware still says that there are 5 objects detected like it did with the previous scan, but yet none of them are displayed in the infections list. Aren't rootkits used by hackers? Am I being watched or something? How do I make sure I don't have this root kit on my computer. And if I do have it how do I get rid of it?

Update I've edited the settings in Ad Aware so that it will detect infections higher than 0 TAI. This was in the Auto Scan tab. So now instead of it only detecting 5 infections it now has detected 9 infections. Still no objects display in the list to remove the items after the scan. And no nothing is quarentined or set to ignore. Below is a HJT logfile along with the Ad Aware Event and logfile logs. Sorry the post is so long. It's due to the logs which display all I can find. I hope the fact I have this root kit and other files I can't see doesn't mean I'm being tagged or spied on by hackers.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:23 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/flash/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AH IE BHO - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 9.0\AHOI\ah_ie_bho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .mdz: C:\Program Files\Internet Explorer\Plugins\npmod32.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://utilities.pcp...a/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {34A44FCF-50E3-63A5-A8DA-7835752B9571} - http://www.captainco...ccbar/ccbar.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150...ip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1132684394921
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} - http://www.zuvio.com/UCSearch.CAB
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files\Vidalia Bundle\Tor\tor.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

--
End of file - 9784 bytes

Ad Aware 2007 Logs:
<?xml version="1.0" encoding="UTF-8" ?>
- <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/19...XSL/Transform">
- <xsl:template match="/log">
- <html xmlns="http://www.w3.org/1999/xhtml">
- <head>
<title>Scan Results from Ad-Aware 2007</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
- <!-- <link rel="stylesheet" type="text/css" href="style.css" media="screen" />
-->
- <style type="text/css">
- <![CDATA[ html, body {
font-family: arial, verdana, sans-serif;
font-size: 0.85em;
background: #fff;
color: #335;
}

dt {
clear: both;
float: left;
margin-right: 0.5em;
}

dd {

margin: 0;
padding: 0;
font-weight: bold;
}

h2 {
clear: both;
margin: 2em 0 0 0;
}

th, td {
}

.center {
text-align: center;
}

/* Internal links */
.bookmarkLink {
color: blue;
}
.bookmarkLink.toTop {
}

#scanCompleted {
font-size: 1.2em;
font-weight: bold;
}

#scanCompleted.completed {
color: green;
}
#scanCompleted.failed {
color: red;
}

#nav {
margin: 2em;
}

ul#nav {
padding: 0;
}

ul#nav li {
}

ul#nav a {

}

ul#extendedSettings {
padding: 0;
margin: 0;
list-style: none;
}

table.prettyTable, table.prettyTable td, table.prettyTable th {
border-collapse: collapse;
border-spacing: 0;
border: 2px solid #aaa;
border-width: 0 2px 2px 0;
}

table.prettyTable td {
padding: 0 1em;
}

table.prettyTable th {
background: #ddd;
}

table.prettyTable {
border: 2px solid #aaa;
border-width: 2px 0 0 2px;
}

li.runningProcess {
padding-bottom: 0.5em;
}


]]>
</style>
</head>
- <body>
- <h1>
<a name="top">Scan Results</a>
</h1>
- <div id="head">
- <span id="applicationName">
Ad-Aware 2007
<xsl:value-of select="header/progamRelease" />
</span>
- <dl>
<dt>Log File Created on:</dt>
- <dd>
- <span id="created" class="date">
<xsl:value-of select="header/@logDate" />
<xsl:value-of select="header/@logTime" />
</span>
</dd>
<dt>Using Definitions File:</dt>
- <dd>
<xsl:value-of select="header/defFile" />
</dd>
- <xsl:if test="applicationSettings/setting[@name='User And Comp Name']/@value = 'True'">
<dt>Computer name:</dt>
- <dd>
<xsl:value-of select="header/userAndComputer/@computerName" />
</dd>
<dt>Name of user performing scan:</dt>
- <dd>
<xsl:value-of select="header/userAndComputer/@scanUser" />
</dd>
<dt>Name of user ordering scan:</dt>
- <dd>
<xsl:value-of select="header/userAndComputer/@guiUser" />
</dd>
</xsl:if>
- <xsl:choose>
- <xsl:when test="header/@scanCompleted = 'True'">
<p id="scanCompleted" class="completed">Scan completed successfully</p>
</xsl:when>
- <xsl:otherwise>
<p id="scanCompleted" class="failed">Scan was not completed</p>
</xsl:otherwise>
</xsl:choose>
</dl>
</div>
- <ul id="nav">
- <xsl:if test="applicationSettings/setting[@name='Environment']/@value = 'True'">
- <li>
<a href="#SystemInformation" class="bookmarkLink">System Information</a>
</li>
</xsl:if>
- <li>
<a href="#FileVersion" class="bookmarkLink">File Version Information</a>
</li>
- <xsl:if test="applicationSettings/setting[@name='Basic Settings']/@value = 'True'">
- <li>
<a href="#Settings" class="bookmarkLink">Ad-Aware 2007 Settings</a>
</li>
</xsl:if>
- <xsl:if test="applicationSettings/setting[@name='Advanced Settings']/@value = 'True'">
- <li>
<a href="#ExtendedSettings" class="bookmarkLink">Extended Ad-Aware 2007 Settings</a>
</li>
</xsl:if>
- <li>
<a href="#Database" class="bookmarkLink">Database Information</a>
</li>
- <li>
<a href="#Statistics" class="bookmarkLink">Scan Statistics</a>
</li>
- <li>
<a href="#DetailedStatistics" class="bookmarkLink">Scan Detailed Statistics</a>
</li>
- <li>
<a href="#InfectionsFound" class="bookmarkLink">Infections Found</a>
</li>
- <xsl:if test="applicationSettings/setting[@name='Log Running Processes']/@value = 'True'">
- <li>
<a href="#RunningProcesses" class="bookmarkLink">Listing of running processes</a>
</li>
- <!-- Will be needed in here:
-->
<xsl:if test="applicationSettings/setting[@name='Log Running Process Modules']/@value = 'True'" />
</xsl:if>
</ul>
- <div id="content">
- <xsl:if test="applicationSettings/setting[@name='Environment']/@value = 'True'">
- <h2>
<a name="SystemInformation">System Information</a>
</h2>
- <dl>
<dt>Number of processors:</dt>
- <dd>
<xsl:value-of select="systemInformation/processor/@noOfProcessors" />
</dd>
<dt>Processor type:</dt>
- <dd>
<xsl:value-of select="systemInformation/processor" />
</dd>
<dt>Memory Available:</dt>
- <dd>
<xsl:value-of select="systemInformation/memory/@availablePct" />
%
</dd>
<dt>Total Physical Memory:</dt>
- <dd>
<xsl:value-of select="systemInformation/memory/@totalPhysical" />
Bytes
</dd>
<dt>Available Physical Memory:</dt>
- <dd>
<xsl:value-of select="systemInformation/memory/@availablePhysical" />
Bytes
</dd>
<dt>Total Page File Size:</dt>
- <dd>
<xsl:value-of select="systemInformation/memory/@totalPageFileSize" />
Bytes
</dd>
<dt>Available On Page File:</dt>
- <dd>
<xsl:value-of select="systemInformation/memory/@availablePageFileSize" />
Bytes
</dd>
<dt>Total Virtual Memory:</dt>
- <dd>
<xsl:value-of select="systemInformation/memory/@totalVirtual" />
Bytes
</dd>
<dt>Available Virtual Memory:</dt>
- <dd>
<xsl:value-of select="systemInformation/memory/@availableVirtual" />
Bytes
</dd>
<dt>OS:</dt>
- <dd>
<xsl:value-of select="systemInformation/operatingSystem" />
<xsl:value-of select="systemInformation/operatingSystem/@majorVersion" />
.
<xsl:value-of select="systemInformation/operatingSystem/@minorVersion" />
(Build
<xsl:value-of select="systemInformation/operatingSystem/@build" />
)
</dd>
</dl>
<a href="#top" class="bookmarkLink toTop">[to top]</a>
</xsl:if>
- <h2>
<a name="FileVersion">File Verion Information</a>
</h2>
- <table class="prettyTable">
- <tr>
<th>File</th>
<th>Version</th>
</tr>
- <xsl:for-each select="header/fileVersion">
- <tr>
- <td>
<xsl:value-of select="." />
</td>
- <td>
<xsl:value-of select="@version" />
</td>
</tr>
</xsl:for-each>
</table>
<a href="#top" class="bookmarkLink toTop">[to top]</a>
- <xsl:if test="applicationSettings/setting[@name='Basic Settings']/@value = 'True'">
- <h2>
<a name="Settings">Ad-Aware 2007 Settings</a>
</h2>
- <dl>
<dt>Skipping files larger than:</dt>
- <dd>
<xsl:value-of select="applicationSettings/setting[@name='Skip Files Large Than']/@value" />
Bytes
</dd>
<dt>Ignoring infections with lower TAI than:</dt>
- <dd>
<xsl:value-of select="applicationSettings/setting[@name='Scan TAI Level']/@value" />
</dd>
<dt>Safe Mode:</dt>
- <dd>
<xsl:value-of select="applicationSettings/setting[@name='Safe Mode']/@value" />
</dd>
</dl>
<a href="#top" class="bookmarkLink toTop">[to top]</a>
</xsl:if>
- <xsl:if test="applicationSettings/setting[@name='Advanced Settings']/@value = 'True'">
- <h2>
<a name="ExtendedSettings">Extended Ad-Aware 2007 Settings</a>
</h2>
- <ul id="extendedSettings">
- <xsl:for-each select="applicationSettings/setting[@value='True']/.">
- <li>
<xsl:value-of select="." />
</li>
</xsl:for-each>
</ul>
<a href="#top" class="bookmarkLink toTop">[to top]</a>
</xsl:if>
- <h2>
<a name="Database">Database Info</a>
</h2>
- <dl>
<dt>Version number:</dt>
- <dd>
<xsl:value-of select="definitionsFile/@version" />
</dd>
<dt>Build Number:</dt>
- <dd>
<xsl:value-of select="definitionsFile/@build" />
</dd>
<dt>Build Date and Time:</dt>
- <dd>
<xsl:value-of select="definitionsFile/@buildDate" />
<xsl:value-of select="definitionsFile/@buildTime" />
</dd>
</dl>
<a href="#top" class="bookmarkLink toTop">[to top]</a>
- <h2>
<a name="Statistics">Scan Statistics</a>
</h2>
- <dl>
<dt>Method:</dt>
- <dd>
<xsl:value-of select="scanSection/scanSettings/setting[@name='Method']/@value" />
</dd>
</dl>
- <table class="prettyTable">
- <xsl:for-each select="scanSection/scanSettings/scanObjects/setting">
- <tr>
- <td>
<xsl:value-of select="@name" />
</td>
- <td>
- <xsl:choose>
<xsl:when test="@value = 'True'">On</xsl:when>
<xsl:otherwise>Off</xsl:otherwise>
</xsl:choose>
</td>
</tr>
</xsl:for-each>
</table>
- <dl>
<dt>Items Scanned:</dt>
- <dd>
<xsl:value-of select="scanSection/scanStatistics/items/@scanned" />
</dd>
<dt>Infections Detected:</dt>
- <dd>
<xsl:value-of select="scanSection/scanStatistics/infections/@detected" />
</dd>
<dt>Infections Removed:</dt>
- <dd>
<xsl:value-of select="scanSection/scanStatistics/infections/@removedDuringScan" />
</dd>
<dt>Infections Quarantined:</dt>
- <dd>
<xsl:value-of select="scanSection/scanStatistics/infections/@quarantinedDuringScan" />
</dd>
<dt>Infections Ignored:</dt>
- <dd>
<xsl:value-of select="scanSection/scanStatistics/infections/@ignored" />
</dd>
</dl>
<a href="#top" class="bookmarkLink toTop">[to top]</a>
- <h2>
<a name="DetailedStatistics">Scan Detailed Statistics</a>
</h2>
- <table class="prettyTable">
- <tr>
<th>Type</th>
<th>Critical</th>
<th>Total</th>
</tr>
- <xsl:for-each select="scanSection/scanDetailedStatistics/scanType">
- <tr>
- <td>
<xsl:value-of select="@name" />
</td>
- <td class="center">
<xsl:value-of select="@critical" />
</td>
- <td class="center">
<xsl:value-of select="@total" />
</td>
</tr>
</xsl:for-each>
</table>
<a href="#top" class="bookmarkLink toTop">[to top]</a>
- <h2>
<a name="InfectionsFound">Infections Found</a>
</h2>
- <table class="prettyTable">
- <tr>
<th>Family Id</th>
<th>Name</th>
<th>Category</th>
<th>TAI</th>
</tr>
- <xsl:for-each select="scanSection/foundInfections/family">
- <tr>
- <td>
<xsl:value-of select="@id" />
</td>
- <td>
<xsl:value-of select="@name" />
</td>
- <td>
<xsl:value-of select="@category" />
</td>
- <td>
<xsl:value-of select="@tai" />
</td>
</tr>
- <tr>
- <td colspan="4">
- <ul>
- <xsl:for-each select="item">
- <li>
[
<xsl:value-of select="@id" />
]
<xsl:value-of select="@value" />
</li>
</xsl:for-each>
</ul>
</td>
</tr>
</xsl:for-each>
</table>
<h3>Quarantined Objects</h3>
- <table class="prettyTable">
- <tr>
<th>Family Id</th>
<th>Name</th>
<th>Category</th>
<th>TAI</th>
</tr>
- <xsl:for-each select="quarantinedObjects/family">
- <tr>
- <td>
<xsl:value-of select="@id" />
</td>
- <td>
<xsl:value-of select="@name" />
</td>
- <td>
<xsl:value-of select="@category" />
</td>
- <td>
<xsl:value-of select="@tai" />
</td>
</tr>
- <tr>
- <td colspan="4">
- <ul>
- <xsl:for-each select="item">
- <li>
[
<xsl:value-of select="@id" />
]
<xsl:value-of select="@value" />
</li>
</xsl:for-each>
</ul>
</td>
</tr>
</xsl:for-each>
</table>
<h3>Removed Objects</h3>
- <table class="prettyTable">
- <tr>
<th>Family Id</th>
<th>Name</th>
<th>Category</th>
<th>TAI</th>
</tr>
- <xsl:for-each select="removedObjects/family">
- <tr>
- <td>
<xsl:value-of select="@id" />
</td>
- <td>
<xsl:value-of select="@name" />
</td>
- <td>
<xsl:value-of select="@category" />
</td>
- <td>
<xsl:value-of select="@tai" />
</td>
</tr>
- <tr>
- <td colspan="4">
- <ul>
- <xsl:for-each select="item">
- <li>
[
<xsl:value-of select="@id" />
]
<xsl:value-of select="@value" />
</li>
</xsl:for-each>
</ul>
</td>
</tr>
</xsl:for-each>
</table>
<a href="#top" class="bookmarkLink toTop">[to top]</a>
- <xsl:if test="applicationSettings/setting[@name='Log Running Processes']/@value = 'True'">
- <h2>
<a name="RunningProcesses">Listing of Running Processes</a>
</h2>
- <ul id="runningProcesses">
- <xsl:for-each select="scanSection/runningProcesses/process">
- <li class="runningProcess">
- <strong>
<xsl:value-of select="@name" />
</strong>
- <xsl:if test="/log/applicationSettings/setting[@name='Log Running Process Modules']/@value = 'True'">
- <ul>
- <xsl:for-each select="module">
- <li>
<xsl:value-of select="@name" />
</li>
</xsl:for-each>
</ul>
</xsl:if>
</li>
</xsl:for-each>
</ul>
<a href="#top" class="bookmarkLink toTop">[to top]</a>
</xsl:if>
</div>
</body>
</html>
</xsl:template>
- <xsl:template match="scanItems">
scanItems:
<xsl:value-of select="." />
;
<br />
</xsl:template>
</xsl:stylesheet>

Ad Aware Event Log
20080204 16-16-52 : Checking for updates.
20080204 16-16-56 : Checking for updates succeeded.
20080204 16-17-11 : Started downloading updates.
20080204 16-17-37 : Installing updates.
20080204 16-22-06 : Checking for updates.
20080204 16-22-08 : Checking for updates succeeded.
20080303 09-29-20 : Full scan started.
20080303 10-18-28 : Full scan ended.

[2 other log files also in the log folder[/b]
Ad-Aware 2007 Build
Log File Created on: 2008-03-03 10:18:28
Using Definitions File: C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name: JEFFREY-QL8X3Z1
Name of user performing scan: SYSTEM

System information
===========================
Number of processors: 1
Processor type: Intel® Pentium® 4 CPU 2.66GHz
Memory Available: 43%
Total Physical Memory: 1072697344 Bytes
Available Physical Memory: 456048640 Bytes
Total Page File Size: 1775902720 Bytes
Available On Page File: 1198686208 Bytes
Total Virtual Memory: 2147352576 Bytes
Available Virtual Memory: 1914916864 Bytes
OS: Microsoft Windows XP Service Pack 2 (Build 2600)

Ad-Aware 2007 Settings
===========================
Skipping files larger than 1048576 kB
Ignoring infections with lower TAI than: 3


Extended Ad-Aware 2007 Settings
===========================
Unloading known modules during scan
Ignoring spanned files when scanning cab archives
Reanalyzing results after scanning before displaying results
Trying to unload modules prior to removal
Let Windows remove files currently in use at next reboot
Removing quarantined objects after restore
Deactivating Ad-Watch during scans
Writeprotecting system files after repairs
Include info about ignored objects in log file
Including basic settings in log file
Including advanced settings in log file
Including user and computer name in log file
Notify when Definitions File is outdated
Create and save WebUpdate log file

Databaseinfo
===========================
Version number: 56
Build Number: 0
Build Date and Time: 2008/03/03 02:15:44

Scan Statistics
===========================
Method: Full
Scan tracking cookies.............................: On
Scan ADS filestreams..............................: On

Item Scanned: 305638
Infections Detected: 9
Infections Ignored: 0

Scan detailed statistics
===========================
Type Critical Total
Process Scan....: 0 0
Registry Scan...: 0 0
Registry PE Scan: 0 0
Hosts File Scan.: 0 0
File Scan.......: 0 0
Folder Scan.....: 0 0
LSP Scan........: 0 0
ADS Scan........: 0 0
Cookie Scan.....: 9 9
File Hash Scan..: 0 0

Infections Found
===========================
Family Id: 725 Name: Tracking Cookie Category: DataMiner TAI:3
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeff Franks\Cookies\index.dat real.com RNsites /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeff Franks\Cookies\index.dat realsearch.real.com __utma /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeff Franks\Cookies\index.dat realsearch.real.com __utmb /
Item Id: 600000083 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeff Franks\Cookies\index.dat realsearch.real.com __utmz /
Item Id: 600000112 Value: Browser: Internet Explorer Cookie: C:\Documents and Settings\Jeff Franks\Cookies\index.dat live365.com SaneID /
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jeff Franks\Application Data\Mozilla\Firefox\Profiles/ke1aac16.Default User\cookies.txt revsci.net NETSEGS_K05540 /
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jeff Franks\Application Data\Mozilla\Firefox\Profiles/ke1aac16.Default User\cookies.txt revsci.net rsi_segs_1000000 /
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jeff Franks\Application Data\Mozilla\Firefox\Profiles/ke1aac16.Default User\cookies.txt revsci.net rsi_cls_1000000 /
Item Id: 600000415 Value: Browser: Firefox Cookie: C:\Documents and Settings\Jeff Franks\Application Data\Mozilla\Firefox\Profiles/ke1aac16.Default User\cookies.txt revsci.net NETID01 /

Items Ignored During Scan
===========================


Listing of running processes
===========================
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe

c:\windows\system32\ntdll.dll

C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\csrsrv.dll

c:\windows\system32\basesrv.dll

c:\windows\system32\winsrv.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\authz.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\nddeapi.dll

c:\windows\system32\profmap.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\regapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\version.dll

c:\windows\system32\winsta.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\imm32.dll

c:\windows\system32\msgina.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\odbc32.dll

c:\windows\system32\comdlg32.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\odbcint.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\sfc.dll

c:\windows\system32\sfc_os.dll

c:\windows\system32\ole32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\winscard.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\sxs.dll

c:\windows\system32\winmm.dll

c:\windows\system32\serwvdrv.dll

c:\windows\system32\umdmxfrm.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\ati2evxx.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\cscdll.dll

c:\windows\system32\wlnotify.dll

c:\windows\system32\winspool.drv

c:\windows\system32\mpr.dll

c:\windows\system32\wgalogon.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\cscui.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\atl.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\wdmaud.drv

c:\windows\system32\msacm32.drv

c:\windows\system32\msacm32.dll

c:\windows\system32\midimap.dll

C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\scesrv.dll

c:\windows\system32\authz.dll

c:\windows\system32\umpnpmgr.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ncobjapi.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acadproc.dll

c:\windows\system32\imm32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\version.dll

c:\windows\system32\eventlog.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\psapi.dll

c:\windows\system32\wtsapi32.dll

C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\lsasrv.dll

c:\windows\system32\mpr.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\samsrv.dll

c:\windows\system32\cryptdll.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\serwvdrv.dll

c:\windows\system32\umdmxfrm.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\msprivs.dll

c:\windows\system32\kerberos.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\netlogon.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\schannel.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\wdigest.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\scecli.dll

c:\windows\system32\ipsecsvc.dll

c:\windows\system32\authz.dll

c:\windows\system32\oakley.dll

c:\windows\system32\winipsec.dll

c:\windows\system32\pstorsvc.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\psbase.dll

c:\windows\system32\dssenh.dll

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
c:\windows\system32\ati2evxx.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\ole32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\userenv.dll

c:\windows\system32\psapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\imm32.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\cfgmgr32.dll

c:\windows\system32\secur32.dll

c:\windows\system32\msctfime.ime

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\ati2edxx.dll

c:\windows\system32\atipdlxx.dll

c:\windows\system32\uxtheme.dll

C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\serwvdrv.dll

c:\windows\system32\umdmxfrm.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\termsrv.dll

c:\windows\system32\icaapi.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\authz.dll

c:\windows\system32\mstlsapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\atl.dll

c:\windows\system32\regapi.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\apphelp.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\winsta.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\serwvdrv.dll

c:\windows\system32\umdmxfrm.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\rpcss.dll

c:\windows\system32\secur32.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\winrnr.dll

c:\windows\system32\wldap32.dll

c:\program files\bonjour\mdnsnsp.dll

c:\windows\system32\rasadhlp.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\svchost.exe

c:\windows\system32\ntdll.dll

c:\windows\system32\kernel32.dll

c:\windows\system32\advapi32.dll

c:\windows\system32\rpcrt4.dll

c:\windows\system32\shimeng.dll

c:\windows\apppatch\acgenral.dll

c:\windows\system32\user32.dll

c:\windows\system32\gdi32.dll

c:\windows\system32\winmm.dll

c:\windows\system32\ole32.dll

c:\windows\system32\msvcrt.dll

c:\windows\system32\oleaut32.dll

c:\windows\system32\msacm32.dll

c:\windows\system32\version.dll

c:\windows\system32\shell32.dll

c:\windows\system32\shlwapi.dll

c:\windows\system32\userenv.dll

c:\windows\system32\uxtheme.dll

c:\windows\system32\imm32.dll

c:\windows\system32\serwvdrv.dll

c:\windows\system32\umdmxfrm.dll

c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\comctl32.dll

c:\windows\system32\ntmarta.dll

c:\windows\system32\wldap32.dll

c:\windows\system32\samlib.dll

c:\windows\system32\xpsp2res.dll

c:\windows\system32\shsvcs.dll

c:\windows\system32\winsta.dll

c:\windows\system32\netapi32.dll

c:\windows\system32\dhcpcsvc.dll

c:\windows\system32\dnsapi.dll

c:\windows\system32\ws2_32.dll

c:\windows\system32\ws2help.dll

c:\windows\system32\iphlpapi.dll

c:\windows\system32\secur32.dll

c:\windows\system32\rsaenh.dll

c:\windows\system32\mswsock.dll

c:\windows\system32\hnetcfg.dll

c:\windows\system32\wshtcpip.dll

c:\windows\system32\wzcsvc.dll

c:\windows\system32\rtutils.dll

c:\windows\system32\wmi.dll

c:\windows\system32\crypt32.dll

c:\windows\system32\msasn1.dll

c:\windows\system32\wtsapi32.dll

c:\windows\system32\esent.dll

c:\windows\system32\atl.dll

c:\windows\system32\cryptsvc.dll

c:\windows\system32\wintrust.dll

c:\windows\system32\imagehlp.dll

c:\windows\system32\certcli.dll

c:\windows\system32\cryptui.dll

c:\windows\system32\wininet.dll

c:\windows\system32\normaliz.dll

c:\windows\system32\iertutil.dll

c:\windows\system32\rastls.dll

c:\windows\system32\mprapi.dll

c:\windows\system32\activeds.dll

c:\windows\system32\adsldpc.dll

c:\windows\system32\setupapi.dll

c:\windows\system32\rasapi32.dll

c:\windows\system32\rasman.dll

c:\windows\system32\tapi32.dll

c:\windows\system32\schannel.dll

c:\windows\system32\winscard.dll

c:\windows\system32\raschap.dll

c:\windows\system32\msv1_0.dll

c:\windows\system32\clbcatq.dll

c:\windows\system32\comres.dll

c:\windows\system32\schedsvc.dll

c:\windows\system32\ntdsapi.dll

c:\windows\system32\msidle.dll

c:\windows\system32\audiosrv.dll

c:\windows\system32\wkssvc.dll

c:\windows\system32\dmserver.dll

c:\windows\system32\srvsvc.dll

c:\windows\pchealth\helpctr\binaries\pchsvc.dll

c:\windows\system32\es.dll

c:\windows\system32\ersvc.dll

c:\windows\system32\netman.dll

c:\windows\system32\netshell.dll

c:\windows\system32\credui.dll

c:\windows\system32\wzcsapi.dll

c:\windows\system32\sens.dll

c:\windows\system32\seclogon.dll

c:\windows\system32\srsvc.dll

c:\windows\system32\powrprof.dll

c:\windows\system32\sxs.dll

c:\windows\system32\trkwks.dll

c:\windows\system32\wbem\wmisvc.dll

c:\windows\system32\vssapi.dll

c:\windows\system32\w32time.dll

c:\windows\system32\msvcp60.dll

c:\windows\system32\browser.dll

Edited by toruser, 03 March 2008 - 10:15 AM.

  • 0

Advertisements

#2
toruser
Posted 05 March 2008 - 08:24 AM

toruser

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Anyone there? Well just an update. I could tell the number of these infectins detected by Ad Aware were and still are growing it got to 15. At that point my computer automatically restarted. Luckly I set the comptuer already to when it restarted next time to run scandisk. Windows comes back up saying that windows has recovered from a serious error and recommended I send an error report. After this I installed WinASO Registry Optomizer to get rid of registry errors. I found a ton. Since it was an evaluation copy I could only correct 10 errors at a time. So I did. Now no errors except 4 that keep poping up each morning. After the scandisk the infections detected by Ad Aware were 5. Before scandisk they got to 15. Later that day (yesterday) it went from 5 to 11. Today it';s 13 when I turned the computer on. Look I just cloned the hard drive recently onto a new harddrive that's bigger. Back then it wasn't having trouble. This increasing each morning is disturbng. Here is the error report windows generated after the scandisk. Oh and before all of this I was occassionally getting an error message pop up that said that their was a generic host win32 system error. Maybe it was caused by the rootkit I don't know. Anyway here's the error report:

C:\DOCUME~1\JEFFFR~1\LOCALS~1\Temp\WERe4c5.dir00\Mini030408-01.dmp
C:\DOCUME~1\JEFFFR~1\LOCALS~1\Temp\WERe4c5.dir00\sysdata.xml

Also this link poped up as well after it said windows recovered: http://wer.microsoft...fe-402f4c89a85d
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP