I'm in need of help! I want to remove the evilness that is Aurora! I completed an Ad-Aware SE scan and Aurora is still here! Here is the log:




Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, June 27, 2005 12:48:09 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R51 21.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):10 total references
Tracking Cookie(TAC index:3):26 total references
VX2(TAC index:10):25 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


6-27-2005 12:48:09 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-3569660965-793999233-381150471-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-3569660965-793999233-381150471-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-3569660965-793999233-381150471-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-3569660965-793999233-381150471-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-3569660965-793999233-381150471-1003\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-3569660965-793999233-381150471-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 432
ThreadCreationTime : 6-27-2005 6:10:42 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 484
ThreadCreationTime : 6-27-2005 6:10:49 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 508
ThreadCreationTime : 6-27-2005 6:10:50 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 552
ThreadCreationTime : 6-27-2005 6:10:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 564
ThreadCreationTime : 6-27-2005 6:10:50 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 728
ThreadCreationTime : 6-27-2005 6:10:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 752
ThreadCreationTime : 6-27-2005 6:10:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 916
ThreadCreationTime : 6-27-2005 6:10:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 988
ThreadCreationTime : 6-27-2005 6:10:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1064
ThreadCreationTime : 6-27-2005 6:10:54 PM
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 1144
ThreadCreationTime : 6-27-2005 6:10:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [svchost.exe]
FilePath : C:\WINNT\
ProcessID : 1224
ThreadCreationTime : 6-27-2005 6:10:54 PM
BasePriority : Normal


#:13 [aolacsd.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\ACS\
ProcessID : 1240
ThreadCreationTime : 6-27-2005 6:10:54 PM
BasePriority : Normal


#:14 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1280
ThreadCreationTime : 6-27-2005 6:10:54 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 12
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine

#:15 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1296
ThreadCreationTime : 6-27-2005 6:10:54 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:16 [nmssvc.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1308
ThreadCreationTime : 6-27-2005 6:10:54 PM
BasePriority : Normal
FileVersion : 2.2.9.0
ProductVersion : 2.2.9.0
ProductName : NMS
CompanyName : Intel Corporation
FileDescription : NMS Module
InternalName : NMS Module
LegalCopyright : Copyright © 2000-2002 Intel Corp. All Rights Reserved

#:17 [nvsvc32.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1324
ThreadCreationTime : 6-27-2005 6:10:54 PM
BasePriority : Normal
FileVersion : 6.13.10.3082
ProductVersion : 6.13.10.3082
ProductName : NVIDIA Driver Helper Service, Version 30.82
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 30.82
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:18 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1568
ThreadCreationTime : 6-27-2005 6:10:56 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [sk9910dm.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1736
ThreadCreationTime : 6-27-2005 6:26:27 PM
BasePriority : Normal
FileVersion : 1, 0, 9, 0
CompanyName : Silitek Corporation
FileDescription : Daemon
LegalCopyright : Copyright © Silitek Corp. 1999, 2000

#:20 [gwmdmmsg.exe]
FilePath : C:\WINNT\
ProcessID : 1032
ThreadCreationTime : 6-27-2005 6:26:31 PM
BasePriority : Normal
FileVersion : 3.4.16 05/06/2002 19:12:44
ProductVersion : 3.4.16 05/06/2002 19:12:44
ProductName : GTW Modem Messaging Applet
CompanyName : GTW
FileDescription : Modem Messaging Applet
InternalName : smdmstat.exe
LegalCopyright : Copyright © GTW 1998-2000
OriginalFilename : smdmstat.exe

#:21 [promon.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1984
ThreadCreationTime : 6-27-2005 6:26:33 PM
BasePriority : Normal
FileVersion : 5.3.42.0
ProductVersion : 5.3.42.0
ProductName : Intel® PROMonitor
CompanyName : Intel Corporation
FileDescription : Intel® PROSet Tray Icon
InternalName : Intel® PROMonitor
LegalCopyright : Copyright © 1998-2002 Intel Corporation.
OriginalFilename : PROMon.exe
Comments : Configures and tests Intel® PRO family of adapters.

#:22 [cthelper.exe]
FilePath : C:\WINNT\System32\
ProcessID : 2004
ThreadCreationTime : 6-27-2005 6:26:34 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : CtHelper Application
CompanyName : Creative Technology Ltd
FileDescription : CtHelper Application
InternalName : CtHelper
LegalCopyright : Copyright © 2002
OriginalFilename : CtHelper.EXE

#:23 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ProcessID : 1356
ThreadCreationTime : 6-27-2005 6:26:38 PM
BasePriority : Normal
FileVersion : 5.3.0.105
ProductVersion : 5.3.0.105
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:24 [navapw32.exe]
FilePath : C:\PROGRA~1\NORTON~1\
ProcessID : 2044
ThreadCreationTime : 6-27-2005 6:26:41 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPW32.EXE

#:25 [e_s0bic1.exe]
FilePath : C:\WINNT\System32\spool\DRIVERS\W32X86\3\
ProcessID : 168
ThreadCreationTime : 6-27-2005 6:26:41 PM
BasePriority : Normal
FileVersion : 3.00
ProductVersion : 3.00
ProductName : EPSON Status Monitor 3
CompanyName : SEIKO EPSON CORPORATION
FileDescription : EPSON Status Monitor 3
InternalName : E_S0BIC1
LegalCopyright : Copyright © SEIKO EPSON CORP. 2002
OriginalFilename : E_S0BIC1.EXE

#:26 [p2p networking.exe]
FilePath : C:\WINNT\System32\P2P Networking\
ProcessID : 1600
ThreadCreationTime : 6-27-2005 6:26:44 PM
BasePriority : Normal
FileVersion : 1, 22, 10, 20
ProductVersion : 1, 22, 10, 20
ProductName : P2P Networking
CompanyName : Joltid Ltd.
FileDescription : P2P Networking
InternalName : P2P Networking
LegalCopyright : Copyright © 2003 Joltid Ltd. All Rights Reserved.
LegalTrademarks : Joltid is a registered trademark of Joltid Ltd.
OriginalFilename : P2P Networking.exe

#:27 [mmtask.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 160
ThreadCreationTime : 6-27-2005 6:26:46 PM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : mmtask.exe

#:28 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 636
ThreadCreationTime : 6-27-2005 6:26:49 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:29 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1072
ThreadCreationTime : 6-27-2005 6:26:55 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:30 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 888
ThreadCreationTime : 6-27-2005 6:26:58 PM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:31 [mm_server.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 796
ThreadCreationTime : 6-27-2005 6:27:01 PM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : MusicServer.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : MusicServer.exe

#:32 [uuppnp.exe]
FilePath : C:\WINNT\System32\
ProcessID : 456
ThreadCreationTime : 6-27-2005 6:27:14 PM
BasePriority : Normal


#:33 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 164
ThreadCreationTime : 6-27-2005 6:27:14 PM
BasePriority : Normal
FileVersion : 2.0.20.1.US.1
ProductVersion : 2.0.20.1.US.1
ProductName : AOL Connectivity Service
CompanyName : America Online, Inc
FileDescription : AOL Connectivity Service Dialer
LegalCopyright : Copyright © 2003 America Online, Inc.
OriginalFilename : AOLDial.exe

#:34 [aolsp scheduler.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\
ProcessID : 1128
ThreadCreationTime : 6-27-2005 6:27:18 PM
BasePriority : Normal
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:35 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 680
ThreadCreationTime : 6-27-2005 6:27:18 PM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:36 [mmdiag.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 556
ThreadCreationTime : 6-27-2005 6:27:31 PM
BasePriority : Normal
FileVersion : 8.20.0081
ProductVersion : 8.20.0081
ProductName : MUSICMATCH JUKEBOX
CompanyName : MUSICMATCH, Inc.
FileDescription : Logging and tracing manager
InternalName : MMTraceExe
LegalCopyright : Copyright © MUSICMATCH 1998-2003
LegalTrademarks :
OriginalFilename : MMTraceExe.EXE

#:37 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ProcessID : 860
ThreadCreationTime : 6-27-2005 6:27:39 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 15
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource

#:38 [mcagent.exe]
FilePath : C:\PROGRA~1\mcafee.com\agent\
ProcessID : 1904
ThreadCreationTime : 6-27-2005 6:27:41 PM
BasePriority : Normal
FileVersion : 4, 3, 0, 10
ProductVersion : 4, 3, 0, 0
ProductName : McAfee SecurityCenter
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee SecurityCenter Agent
InternalName : mcagent
LegalCopyright : Copyright © 1998-2002 Networks Associates Technology, Inc.
OriginalFilename : mcagent.exe

#:39 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 896
ThreadCreationTime : 6-27-2005 6:27:42 PM
BasePriority : Normal
FileVersion : 8, 0, 0, 30
ProductVersion : 8, 0, 0, 0
ProductName : McAfee VirusScan
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module

#:40 [scrsvc.exe]
FilePath : C:\WINNT\System32\
ProcessID : 2036
ThreadCreationTime : 6-27-2005 6:27:44 PM
BasePriority : Normal


#:41 [bootpd.exe]
FilePath : C:\Program Files\Common Files\System\
ProcessID : 2056
ThreadCreationTime : 6-27-2005 6:27:46 PM
BasePriority : Normal


#:42 [pngaw.exe]
FilePath : C:\WINNT\System32\
ProcessID : 2072
ThreadCreationTime : 6-27-2005 6:27:50 PM
BasePriority : Normal


#:43 [bootpd.exe]
FilePath : C:\Program Files\Common Files\System\
ProcessID : 2108
ThreadCreationTime : 6-27-2005 6:27:55 PM
BasePriority : Normal


#:44 [piaml3.exe]
FilePath : C:\WINNT\System32\
ProcessID : 2128
ThreadCreationTime : 6-27-2005 6:27:55 PM
BasePriority : Normal


#:45 [exec.exe]
FilePath : C:\WINNT\
ProcessID : 2160
ThreadCreationTime : 6-27-2005 6:28:01 PM
BasePriority : Normal
FileVersion : 4, 3, 0, 0
ProductVersion : 4, 3, 0, 0
CompanyName : NetZero
FileDescription : ZCast
InternalName : ZCOM_exec
LegalCopyright : Copyright © 2002 United Online, Inc.

#:46 [companion.exe]
FilePath : C:\Program Files\AOL Companion\
ProcessID : 2208
ThreadCreationTime : 6-27-2005 6:28:05 PM
BasePriority : Normal
FileVersion : 1, 6, 2, 0
ProductVersion : 1, 6, 2, 0
ProductName : AOL Companion
FileDescription : AOL Companion
InternalName : Companion
LegalCopyright : Copyright 2004
OriginalFilename : Companion.EXE

#:47 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 2704
ThreadCreationTime : 6-27-2005 6:28:44 PM
BasePriority : Normal


#:48 [wmiprvse.exe]
FilePath : C:\WINNT\System32\wbem\
ProcessID : 2728
ThreadCreationTime : 6-27-2005 6:28:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:49 [waol.exe]
FilePath : C:\Program Files\America Online 9.0\
ProcessID : 3584
ThreadCreationTime : 6-27-2005 6:34:06 PM
BasePriority : Normal


#:50 [shellmon.exe]
FilePath : C:\Program Files\America Online 9.0\
ProcessID : 3704
ThreadCreationTime : 6-27-2005 6:34:15 PM
BasePriority : Normal


#:51 [aoltpspd.exe]
FilePath : C:\Program Files\Common Files\Aol\
ProcessID : 3788
ThreadCreationTime : 6-27-2005 6:34:16 PM
BasePriority : Normal
FileVersion : 1, 1, 0, 0
ProductVersion : [v1.1-4] On Tue 03/16/2004 21:24:09.18
ProductName : AOL TopSpeed™
CompanyName : America Online Inc
FileDescription : AOL TopSpeed™
InternalName : AOL TopSpeed™
LegalCopyright : Copyright © America Online 2003
LegalTrademarks : AOL TopSpeed™
OriginalFilename : aoltpspd.exe

#:52 [limewire.exe]
FilePath : C:\Program Files\LimeWire\
ProcessID : 2300
ThreadCreationTime : 6-27-2005 7:01:29 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : LimeWire
CompanyName : Lime Wire, LLC
FileDescription : LimeWire
InternalName : LimeWire
LegalCopyright : Copyright © 2004
OriginalFilename : LimeWire.exe
Comments : The most advanced file sharing program on the planet.

#:53 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3348
ThreadCreationTime : 6-27-2005 7:42:03 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUL3a5stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUL3a5stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3569660965-793999233-381150471-1003\software\aurora
Value : AUT3i5m7eOfSFinalAd

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 23
Objects found so far: 33


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 33


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@servedby.advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:owner@servedby.advertising.com/
Expires : 7-27-2005 12:35:42 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:owner@advertising.com/
Expires : 6-26-2010 12:35:42 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@valueclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:owner@valueclick.com/
Expires : 6-21-2030 12:31:20 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:owner@realmedia.com/
Expires : 12-31-2020 5:00:00 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@statcounter.com/
Expires : 6-26-2010 11:51:24 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:owner@2o7.net/
Expires : 6-26-2010 12:24:38 PM
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:owner@z1.adserver.com/
Expires : 6-27-2006 12:30:44 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:owner@fastclick.net/
Expires : 6-27-2007 12:30:42 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:owner@atdmt.com/
Expires : 6-25-2010 5:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@okcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@okcounter.com/
Expires : 6-27-2005 1:37:52 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:owner@trafficmp.com/
Expires : 6-27-2006 11:54:58 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:owner@mediaplex.com/
Expires : 6-21-2009 5:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:owner@doubleclick.net/
Expires : 6-26-2008 12:34:54 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 13
Objects found so far: 46



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@atdmt[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@doubleclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@okcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@okcounter[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@realmedia[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@servedby.advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@statcounter[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@valueclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@valueclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt

VX2 Object Recognized!
Type : File
Data : A0280889.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP144\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0280890.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP144\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 61


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
232 entries scanned.
New critical objects:0
Objects found so far: 61




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 61

1:02:07 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:58.78
Objects scanned:111946
Objects identified:51
Objects ignored:0
New critical objects:51

Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R51 21.06.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy