|
Re: Drivecleaner.com pop up No virus or trojan found.
I just ran Ad Aware and it found the notepad.exe %1 problem with my registry. When I try to have Ad Aware remove it the program just locks up. Here is the log from that scan:
Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, August 20, 2007 11:01:23 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R188 20.08.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):10 total references
Windows(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
8-20-2007 11:01:23 PM - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [taskeng.exe]
FilePath : C:\Windows\system32\
ProcessID : 3832
ThreadCreationTime : 8-19-2007 11:40:48 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskEng
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : taskeng.exe.mui
#:2 [dwm.exe]
FilePath : C:\Windows\system32\
ProcessID : 3880
ThreadCreationTime : 8-19-2007 11:40:48 AM
BasePriority : High
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Desktop Window Manager
InternalName : dwm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : dwm.exe.mui
#:3 [explorer.exe]
FilePath : C:\Windows\
ProcessID : 3960
ThreadCreationTime : 8-19-2007 11:40:48 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE.MUI
#:4 [msascui.exe]
FilePath : C:\Program Files\Windows Defender\
ProcessID : 2604
ThreadCreationTime : 8-19-2007 11:40:51 AM
BasePriority : Normal
FileVersion : 1.1.1505.0
ProductVersion : 1.1.1505.0
ProductName : Windows Defender
CompanyName : Microsoft Corporation
FileDescription : Windows Defender User Interface
InternalName : MSASCUI
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : MSASCUI.exe
#:5 [syntpenh.exe]
FilePath : C:\Program Files\Synaptics\SynTP\
ProcessID : 2628
ThreadCreationTime : 8-19-2007 11:40:51 AM
BasePriority : Normal
FileVersion : 9.0.1.3 06Nov06
ProductVersion : 9.0.1.3 06Nov06
ProductName : Synaptics Pointing Device Driver
CompanyName : Synaptics, Inc.
FileDescription : Synaptics TouchPad Enhancements
InternalName : Synaptics Enhancements Application
LegalCopyright : Copyright (C) Synaptics, Inc. 1996-2006
OriginalFilename : SynTPEnh.exe
#:6 [wltray.exe]
FilePath : C:\Windows\System32\
ProcessID : 2644
ThreadCreationTime : 8-19-2007 11:40:51 AM
BasePriority : Normal
FileVersion : 4.102.15.57
ProductVersion : 4.102.15.57
ProductName : Dell Wireless WLAN Card Wireless Network Tray Applet
CompanyName : Dell Inc.
FileDescription : Dell Wireless WLAN Card Wireless Network Tray Applet
InternalName : wltray.exe
LegalCopyright : 1998-2006, Dell Inc. All Rights Reserved.
OriginalFilename : wltray.exe
#:7 [wpcumi.exe]
FilePath : C:\Windows\System32\
ProcessID : 2664
ThreadCreationTime : 8-19-2007 11:40:51 AM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : Windows
CompanyName : Microsoft Corporation
FileDescription : Windows Parental Control Notifications
InternalName : WPCUMI.exe
LegalCopyright : (c) Microsoft Corporation. All rights reserved.
OriginalFilename : WPCUMI.exe.mui
#:8 [systemguardalerter.exe]
FilePath : C:\Program Files\iolo\System Mechanic Professional 7\
ProcessID : 536
ThreadCreationTime : 8-19-2007 11:40:56 AM
BasePriority : Normal
#:9 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1288
ThreadCreationTime : 8-19-2007 11:40:56 AM
BasePriority : Normal
FileVersion : 7.3.1.3
ProductVersion : 7.3.1.3
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2007 Apple Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:10 [rundll32.exe]
FilePath : C:\Windows\System32\
ProcessID : 2920
ThreadCreationTime : 8-19-2007 11:40:57 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows host process (Rundll32)
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL32.EXE.MUI
#:11 [avgas.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 2896
ThreadCreationTime : 8-19-2007 11:40:57 AM
BasePriority : Normal
FileVersion : 7, 5, 1, 43
ProductVersion : 7, 5, 1, 43
ProductName : AVG Anti-Spyware
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Anti-Spyware
InternalName : AVG Anti-Spyware
LegalCopyright : Copyright © 2007 GRISOFT s.r.o.
OriginalFilename : avgas.exe
#:12 [sidebar.exe]
FilePath : C:\Program Files\Windows Sidebar\
ProcessID : 2844
ThreadCreationTime : 8-19-2007 11:40:57 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 1.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Sidebar
InternalName : Windows Sidebar
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : sidebar.EXE.MUI
#:13 [ehtray.exe]
FilePath : C:\Windows\ehome\
ProcessID : 2884
ThreadCreationTime : 8-19-2007 11:40:57 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Tray Applet
InternalName : ehtray.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehtray.exe
#:14 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\
ProcessID : 976
ThreadCreationTime : 8-19-2007 11:40:57 AM
BasePriority : Normal
FileVersion : 2, 0, 301, 1654
ProductVersion : 2, 0, 301, 1654
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2007
OriginalFilename : GoogleToolbarNotifier.exe
#:15 [wmpnscfg.exe]
FilePath : C:\Program Files\Windows Media Player\
ProcessID : 2948
ThreadCreationTime : 8-19-2007 11:40:57 AM
BasePriority : Normal
FileVersion : 11.0.6000.6324 (vista_rtm.061101-2205)
ProductVersion : 11.0.6000.6324
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Media Player Network Sharing Service Configuration Application
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WMPNSCFG.EXE.MUI
#:16 [dlg.exe]
FilePath : C:\Program Files\Digital Line Detect\
ProcessID : 2996
ThreadCreationTime : 8-19-2007 11:40:57 AM
BasePriority : Normal
#:17 [ehmsas.exe]
FilePath : C:\Windows\ehome\
ProcessID : 2768
ThreadCreationTime : 8-19-2007 11:40:58 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Media Status Aggregator Service
InternalName : eHMSAS.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehMSAS.exe.mui
#:18 [rundll32.exe]
FilePath : C:\Windows\System32\
ProcessID : 3368
ThreadCreationTime : 8-19-2007 11:40:58 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows host process (Rundll32)
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL32.EXE.MUI
#:19 [unsecapp.exe]
FilePath : C:\Windows\system32\wbem\
ProcessID : 3400
ThreadCreationTime : 8-19-2007 11:40:58 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 6.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Sink to receive asynchronous callbacks for WMI client application
InternalName : unsecapp.dll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : unsecapp.dll
#:20 [sidebar.exe]
FilePath : C:\Program Files\Windows Sidebar\
ProcessID : 1332
ThreadCreationTime : 8-19-2007 11:41:01 AM
BasePriority : Normal
FileVersion : 6.0.6000.16386 (vista_rtm.061101-2205)
ProductVersion : 1.0.6000.16386
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Sidebar
InternalName : Windows Sidebar
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : sidebar.EXE.MUI
#:21 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1320
ThreadCreationTime : 8-21-2007 3:00:13 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows Object Recognized!
Type : RegData
Data : notepad.exe %1
TAC Rating : 3
Category : Vulnerability
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : regfile\shell\open\command
Value :
Data : notepad.exe %1
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Disk Scan Result for C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Disk Scan Result for C:\Users\XXX\AppData\Local\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : S-1-5-21-200259346-2994707844-1273529672-1000\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : S-1-5-21-200259346-2994707844-1273529672-1000\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-200259346-2994707844-1273529672-1000\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer
MRU List Object Recognized!
Location: : S-1-5-21-200259346-2994707844-1273529672-1000\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor
MRU List Object Recognized!
Location: : S-1-5-21-200259346-2994707844-1273529672-1000\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 11
11:02:32 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:01:08.757
Objects scanned:104887
Objects identified:1
Objects ignored:0
New critical objects:1
|