Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Peter's Ad-Aware Logfile- Need Help!

Started by PKlein , May 11 2005 09:00 PM

  • This topic is locked This topic is locked

#1
PKlein
Posted 11 May 2005 - 09:00 PM

PKlein

    New Member

  • Member
  • Pip
  • 1 posts
Below please find my Ad-Aware log run on 5/11, as I need some serious help removing some spyware/malware. I followed all directions as well, ran Ad-Aware, CW Shredder, Spybot, Microsoft (beta), etc...nothing has helped.

I have eliminated some of the spyware- it seems "Aurora" keeps popping up with windows, and I recall encountering/removing search miracle, ebates, virtual bouncer, bman, elite toolbar, etc.

Here's the log, I eagerly await your help before trying a HiJack this log- thanks very much!
Peter

Ad-Aware SE Build 1.05
Logfile Created on:Wednesday, May 11, 2005 10:06:48 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ebates MoneyMaker(TAC index:4):25 total references
MRU List(TAC index:0):19 total references
Tracking Cookie(TAC index:3):8 total references
Win32.TrojanDowloader.Agent.jq(TAC index:7):1 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):112 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:24 %
Total physical memory:457712 kb
Available physical memory:106304 kb
Total page file size:1083348 kb
Available on page file:827276 kb
Total virtual memory:2097024 kb
Available virtual memory:2041404 kb
OS:Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-11-2005 10:06:48 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 516
ThreadCreationTime : 5-11-2005 10:45:32 PM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 580
ThreadCreationTime : 5-11-2005 10:45:35 PM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 604
ThreadCreationTime : 5-11-2005 10:45:37 PM
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 652
ThreadCreationTime : 5-11-2005 10:45:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 664
ThreadCreationTime : 5-11-2005 10:45:38 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
ModuleName : C:\WINDOWS\System32\Ati2evxx.exe
Command Line : C:\WINDOWS\System32\Ati2evxx.exe
ProcessID : 800
ThreadCreationTime : 5-11-2005 10:45:39 PM
BasePriority : Normal


#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 844
ThreadCreationTime : 5-11-2005 10:45:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 880
ThreadCreationTime : 5-11-2005 10:45:39 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1056
ThreadCreationTime : 5-11-2005 10:45:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1080
ThreadCreationTime : 5-11-2005 10:45:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1264
ThreadCreationTime : 5-11-2005 10:45:43 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll)

VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


#:12 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1364
ThreadCreationTime : 5-11-2005 10:45:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:13 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
ProcessID : 1424
ThreadCreationTime : 5-11-2005 10:45:44 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:14 [vzfw.exe]
ModuleName : C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
Command Line : "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe"
ProcessID : 1528
ThreadCreationTime : 5-11-2005 10:45:45 PM
BasePriority : Normal


#:15 [ati2evxx.exe]
ModuleName : C:\WINDOWS\system32\Ati2evxx.exe
Command Line : Ati2evxx.exe -Client
ProcessID : 1860
ThreadCreationTime : 5-11-2005 11:02:40 PM
BasePriority : Normal


#:16 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1996
ThreadCreationTime : 5-11-2005 11:02:40 PM
BasePriority : Normal
FileVersion : 6.00.2800.1257 (xpsp2.030808-0218)
ProductVersion : 6.00.2800.1257
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)

Warning! VX2 Object found in memory(C:\WINDOWS\System32\winup2date.dll)

VX2 Object Recognized!
Type : Process
Data : winup2date.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\



#:17 [apoint.exe]
ModuleName : C:\Program Files\Apoint\Apoint.exe
Command Line : "C:\Program Files\Apoint\Apoint.exe"
ProcessID : 440
ThreadCreationTime : 5-11-2005 11:02:44 PM
BasePriority : Normal
FileVersion : 5.5.7.136
ProductVersion : 5.5.7.136
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2003 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:18 [atiptaxx.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 1292
ThreadCreationTime : 5-11-2005 11:02:45 PM
BasePriority : Normal
FileVersion : 6.14.10.5103
ProductVersion : 6.14.10.5103
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2004 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:19 [spmgr.exe]
ModuleName : C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
Command Line : "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
ProcessID : 1400
ThreadCreationTime : 5-11-2005 11:02:45 PM
BasePriority : Normal
FileVersion : 1.1.00.11060
ProductVersion : 1.1.0
ProductName : Sony Power Management
CompanyName : Sony Corporation
FileDescription : SPM Module
LegalCopyright : © Sony Corporation. All rights reserved.

VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)

"C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"Process terminated successfully

#:20 [hkserv.exe]
ModuleName : C:\Program Files\Sony\HotKey Utility\HKserv.exe
Command Line : "C:\Program Files\Sony\HotKey Utility\HKserv.exe"
ProcessID : 1828
ThreadCreationTime : 5-11-2005 11:02:45 PM
BasePriority : Normal


VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)

"C:\Program Files\Sony\HotKey Utility\HKserv.exe"Process terminated successfully

#:21 [vaioupdt.exe]
ModuleName : C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
Command Line : "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
ProcessID : 1404
ThreadCreationTime : 5-11-2005 11:02:46 PM
BasePriority : Normal


VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)

"C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe"Process terminated successfully

#:22 [ezsp_px.exe]
ModuleName : C:\WINDOWS\System32\ezSP_Px.exe
Command Line : "C:\WINDOWS\System32\ezSP_Px.exe"
ProcessID : 484
ThreadCreationTime : 5-11-2005 11:02:46 PM
BasePriority : Normal


VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)

"C:\WINDOWS\System32\ezSP_Px.exe"Process terminated successfully

#:23 [realsched.exe]
ModuleName : C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Command Line : "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
ProcessID : 564
ThreadCreationTime : 5-11-2005 11:02:47 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)

"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"Process terminated successfully

#:24 [ituneshelper.exe]
ModuleName : C:\Program Files\iTunes\iTunesHelper.exe
Command Line : "C:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 184
ThreadCreationTime : 5-11-2005 11:02:47 PM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)

"C:\Program Files\iTunes\iTunesHelper.exe"Process terminated successfully

#:25 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 472
ThreadCreationTime : 5-11-2005 11:02:47 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)

"C:\Program Files\QuickTime\qttask.exe"Process terminated successfully

#:26 [hpwuschd.exe]
ModuleName : C:\Program Files\HP\HP Software Update\HPWuSchd.exe
Command Line : "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
ProcessID : 508
ThreadCreationTime : 5-11-2005 11:02:48 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : Hewlett-Packard hpwuSchd
CompanyName : Hewlett-Packard
FileDescription : hpwuSchd
InternalName : hpwuSchd
LegalCopyright : Copyright © 2003
OriginalFilename : hpwuSchd.exe

VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)

"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"Process terminated successfully

#:27 [hpcmpmgr.exe]
ModuleName : C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
Command Line : "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
ProcessID : 668
ThreadCreationTime : 5-11-2005 11:02:48 PM
BasePriority : Normal
FileVersion : 1.76.0
ProductVersion : 1.76.0
ProductName : hp coretech (COmponent REuse TECHnology)
CompanyName : Hewlett-Packard Company
FileDescription : HP Framework Component Manager Service
InternalName : HPComponentManagerService module
LegalCopyright : Copyright © Hewlett-Packard. 2002-2003
OriginalFilename : HPCmpMgr.exe

VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)

"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"Process terminated successfully

#:28 [apntex.exe]
ModuleName : C:\Program Files\Apoint\Apntex.exe
Command Line : "Apntex.exe"
ProcessID : 1120
ThreadCreationTime : 5-11-2005 11:02:49 PM
BasePriority : Normal
FileVersion : 5.0.1.15
ProductVersion : 5.0.1.15
ProductName : Alps Pointing-device Driver for Windows NT/2000/XP
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000/XP
InternalName : Alps Pointing-device Driver for Windows NT/2000/XP
LegalCopyright : Copyright © 1998-2003 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)

"C:\Program Files\Apoint\Apntex.exe"Process terminated successfully

#:29 [vzkpvk.exe]
ModuleName : C:\WINDOWS\System32\vzkpvk.exe
Command Line : "C:\WINDOWS\System32\vzkpvk.exe"
ProcessID : 1440
ThreadCreationTime : 5-11-2005 11:02:50 PM
BasePriority : Normal


VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)

"C:\WINDOWS\System32\vzkpvk.exe"Process terminated successfully

#:30 [msmsgs.exe]
ModuleName : C:\Program Files\Messenger\msmsgs.exe
Command Line : "C:\Program Files\Messenger\msmsgs.exe" /background
ProcessID : 1344
ThreadCreationTime : 5-11-2005 11:02:52 PM
BasePriority : Normal
FileVersion : 4.7.0041
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)


#:31 [ctfmon.exe]
ModuleName : C:\WINDOWS\System32\ctfmon.exe
Command Line : "C:\WINDOWS\System32\ctfmon.exe"
ProcessID : 144
ThreadCreationTime : 5-11-2005 11:02:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:32 [wuauclt.exe]
ModuleName : C:\WINDOWS\System32\wuauclt.exe
Command Line : "C:\WINDOWS\System32\wuauclt.exe"
ProcessID : 1632
ThreadCreationTime : 5-11-2005 11:02:52 PM
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)

"C:\WINDOWS\System32\wuauclt.exe"Process terminated successfully

#:33 [mssysmgr.exe]
ModuleName : C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
Command Line : "C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe"
ProcessID : 1020
ThreadCreationTime : 5-11-2005 11:02:56 PM
BasePriority : Normal
FileVersion : 3.0.0.0
ProductVersion : 3.0.0.0
ProductName : PhotoShow Media Manager
CompanyName : Simple Star, Inc.
FileDescription : PhotoShow Media Manager
LegalCopyright : Copyright © 2003-2004 Simple Star, Inc.
OriginalFilename : mssysmgr.exe

#:34 [ipodservice.exe]
ModuleName : C:\Program Files\iPod\bin\iPodService.exe
Command Line : "C:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 420
ThreadCreationTime : 5-11-2005 11:02:58 PM
BasePriority : Normal
FileVersion : 4.7.0.42
ProductVersion : 4.7.0.42
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:35 [hpqtra08.exe]
ModuleName : C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Command Line : "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"
ProcessID : 1968
ThreadCreationTime : 5-11-2005 11:03:01 PM
BasePriority : Normal
FileVersion : 5.31.0.147
ProductVersion : 005.031.000.147
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor (CUE)
InternalName : HPQTRA00
LegalCopyright : Copyright © Hewlett-Packard Co. 1995-2001
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor (CUE)

#:36 [hkwnd.exe]
ModuleName : C:\Program Files\Sony\HotKey Utility\HKWnd.exe
Command Line : "C:\Program Files\Sony\HotKey Utility\HKWnd.exe"
ProcessID : 2056
ThreadCreationTime : 5-11-2005 11:03:01 PM
BasePriority : Normal


VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)

"C:\Program Files\Sony\HotKey Utility\HKWnd.exe"Process terminated successfully

#:37 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k imgsvc
ProcessID : 2292
ThreadCreationTime : 5-11-2005 11:03:09 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:38 [irmtlvc.exe]
ModuleName : c:\windows\system32\irmtlvc.exe
Command Line : "c:\windows\system32\irmtlvc.exe" awyihkl
ProcessID : 4032
ThreadCreationTime : 5-11-2005 11:07:46 PM
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:39 [mskagent.exe]
ModuleName : C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
Command Line : "C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe"
ProcessID : 3076
ThreadCreationTime : 5-12-2005 12:11:58 AM
BasePriority : Normal
FileVersion : 5, 0, 0, 4
ProductVersion : 5, 0, 0, 0
ProductName : McAfee SpamKiller
CompanyName : Networks Associates Technology, Inc
FileDescription : McAfee SpamKiller Agent Interface module
InternalName : MskAgent
LegalCopyright : Copyright © 1998-2003 Networks Associates Technology, Inc
OriginalFilename : MskAgent.exe

VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)


#:40 [services.exe]
ModuleName : C:\WINDOWS\Help\Help\services.exe
Command Line : C:\WINDOWS\Help\Help\services.exe
ProcessID : 3792
ThreadCreationTime : 5-12-2005 12:28:07 AM
BasePriority : Normal


VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)

"C:\WINDOWS\Help\Help\services.exe"Process terminated successfully

#:41 [smss.exe]
ModuleName : C:\WINDOWS\Help\Help\smss.exe
Command Line : C:\WINDOWS\Help\Help\smss.exe
ProcessID : 2876
ThreadCreationTime : 5-12-2005 12:28:07 AM
BasePriority : Normal


VX2 Object Recognized!
Type : Process
Data : tyritrr.dll
Category : Malware
Comment : (CSI MATCH)
Object : C:\WINDOWS\System32\


Warning! VX2 Object found in memory(C:\WINDOWS\System32\tyritrr.dll)

"C:\WINDOWS\Help\Help\smss.exe"Process terminated successfully

#:42 [csrss.exe]
ModuleName : C:\WINDOWS\Help\Help\csrss.exe
Command Line : C:\WINDOWS\Help\Help\csrss.exe
ProcessID : 2256
ThreadCreationTime : 5-12-2005 12:28:08 AM
BasePriority : Normal


#:43 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 2792
ThreadCreationTime : 5-12-2005 1:59:46 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj.1

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj.1
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : bolgerdll.bolgerdllobj
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLI9d1OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLC9n1trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLT9o1pListSPos

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLs9t1icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLs9t1icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLs9t1icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLs9t1icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLC1o9d1eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLT9i1m4eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLD9s1tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BL9N1a4tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLP9D1om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLT9h1rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLT9h1rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLM9o1deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLI9n1ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLI9n1ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLI9n1ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLL9a1stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLL9a1stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLC9n1tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\bolger
Value : BLE9v1nt

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUI3d5OfSDist

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUS3t5atusOfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUL3a5stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\aurora
Value : AUL3a5stSSChckin

Ebates MoneyMaker Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment : "AC"
Rootkey : HKEY_USERS
Object : S-1-5-21-3975648197-2841171202-458900294-1005\software\lq
Value : AC

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 63
Objects found so far: 83


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 83

MRU List Object Recognized!
Location: : C:\Documents and Settings\Peter\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Peter\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-3975648197-2841171202-458900294-1005\software\google\navclient\1.1\history
Description : list of recently used search terms in the google toolbar


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-3975648197-2841171202-458900294-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-3975648197-2841171202-458900294-1005\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput
  • 0

Advertisements

Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP