Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Another Aurora Case

Started by sunshine79 , Jun 03 2005 10:07 AM

  • This topic is locked This topic is locked

#1
sunshine79
Posted 03 June 2005 - 10:07 AM

sunshine79

    New Member

  • Member
  • Pip
  • 2 posts
:tazz: Yet another case in the Aurora epidemic. This bugger has been driving me crazy for months! Here's my Ad-Aware logfile. Thanks in advance for your help!


Ad-Aware SE Build 1.05
Logfile Created on:2005”N6ŒŽ3“ú 11:51:08
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt(TAC index:3):7 total references
Tracking Cookie(TAC index:3):4 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):35 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2005-06-03 11:51:08 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 940
ThreadCreationTime : 2005-06-02 20:39:35
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1024
ThreadCreationTime : 2005-06-02 20:39:37
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1060
ThreadCreationTime : 2005-06-02 20:39:37
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1104
ThreadCreationTime : 2005-06-02 20:39:37
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1116
ThreadCreationTime : 2005-06-02 20:39:37
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1284
ThreadCreationTime : 2005-06-02 20:39:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1412
ThreadCreationTime : 2005-06-02 20:39:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1516
ThreadCreationTime : 2005-06-02 20:39:38
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1636
ThreadCreationTime : 2005-06-02 20:39:39
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1720
ThreadCreationTime : 2005-06-02 20:39:39
BasePriority : Normal
FileVersion : 1.00.37
ProductVersion : 1.00.37
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1956
ThreadCreationTime : 2005-06-02 20:39:39
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll)

VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll

"C:\WINDOWS\system32\spoolsv.exe"Process terminated successfully

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 368
ThreadCreationTime : 2005-06-02 20:39:40
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 684
ThreadCreationTime : 2005-06-02 20:41:54
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:14 [dvdramsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 712
ThreadCreationTime : 2005-06-02 20:41:54
BasePriority : Normal
FileVersion : 2, 0, 5, 0
ProductVersion : 2, 0, 5, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : Service of RAMAsst for Windows XP
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002
OriginalFilename : DVDRAMSV.EXE

#:15 [kodakccs.exe]
FilePath : C:\WINDOWS\system32\drivers\
ProcessID : 740
ThreadCreationTime : 2005-06-02 20:41:54
BasePriority : Normal
FileVersion : 1.1.4900.0
ProductVersion : 4.3.1.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2003
OriginalFilename : DcFsSvc.exe

#:16 [navapsvc.exe]
FilePath : C:\Program Files\Norton\Norton AntiVirus\
ProcessID : 764
ThreadCreationTime : 2005-06-02 20:41:55
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:17 [nprotect.exe]
FilePath : C:\Program Files\Norton\Norton Utilities\
ProcessID : 788
ThreadCreationTime : 2005-06-02 20:41:55
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:18 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 848
ThreadCreationTime : 2005-06-02 20:41:56
BasePriority : Normal
FileVersion : 6.13.10.3648
ProductVersion : 6.13.10.3648
ProductName : NVIDIA Driver Helper Service, Version 36.48
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 36.48
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:19 [scsiaccess.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1364
ThreadCreationTime : 2005-06-02 20:42:00
BasePriority : Normal


#:20 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 1468
ThreadCreationTime : 2005-06-02 20:42:00
BasePriority : Normal
FileVersion : 3, 2, 5, 0
ProductVersion : 3, 2, 5, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:21 [nopdb.exe]
FilePath : C:\PROGRA~1\Norton\SPEEDD~1\
ProcessID : 1500
ThreadCreationTime : 2005-06-02 20:42:00
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 2002
OriginalFilename : NOPDB.dll

#:22 [tmesbs32.exe]
FilePath : C:\Program Files\TOSHIBA\TME3\
ProcessID : 1576
ThreadCreationTime : 2005-06-02 20:42:01
BasePriority : Normal
FileVersion : 2, 1, 1, 14
ProductVersion : 2, 1, 0, 1
ProductName : TOSHIBA Mobile Extension Slim Select Bay Service
CompanyName : TOSHIBA Corporation
FileDescription : tmesbs32
InternalName : tmesbs3
LegalCopyright : Copyright © TOSHIBA Corp.1998-2001
OriginalFilename : tmesbs32.exe

#:23 [tmesrv31.exe]
FilePath : C:\Program Files\TOSHIBA\TME3\
ProcessID : 1664
ThreadCreationTime : 2005-06-02 20:42:01
BasePriority : Normal
FileVersion : 3, 1, 32, 0
ProductVersion : 3, 1, 32, 0
ProductName : TOSHIBA MobileExtension Service
CompanyName : TOSHIBA
FileDescription : TOSHIBA MobileExtension Service
InternalName : TMESRV3
LegalCopyright : TOSHIBA Copyright © 1999-2001
OriginalFilename : TMESRV3.exe

#:24 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 1836
ThreadCreationTime : 2005-06-02 20:42:01
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:25 [00thotkey.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1020
ThreadCreationTime : 2005-06-02 20:55:39
BasePriority : Normal
FileVersion : 1, 0, 0, 20
ProductVersion : 6, 0, 2, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999 -2003
OriginalFilename : THotkey.exe

#:26 [apoint.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 672
ThreadCreationTime : 2005-06-02 20:55:42
BasePriority : Normal
FileVersion : 6.0.1.159
ProductVersion : 6.0.1.159
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2002 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:27 [toshkcw.exe]
FilePath : C:\Program Files\TOSHIBA\Wireless Hotkey\
ProcessID : 1436
ThreadCreationTime : 2005-06-02 20:55:42
BasePriority : Normal
FileVersion : 2, 1, 0, 1
ProductVersion : 2, 1, 0, 0
ProductName : Wireless Hotkey
CompanyName : TOSHIBA CORPORATION
FileDescription : Wireless Hotkey
InternalName : Wireless Hotkey EXE
LegalCopyright : Copyright © 2001-2002 TOSHIBA CORPORATION
LegalTrademarks : Copyright © 2001-2002 TOSHIBA CORPORATION
OriginalFilename : TosHKCW.EXE
Comments : Wireless Hotkey

#:28 [tpwrtray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 236
ThreadCreationTime : 2005-06-02 20:55:43
BasePriority : Normal
FileVersion : 6.00.21
ProductVersion : 6.00.01
ProductName : TOSHIBA Power Saver
CompanyName : TOSHIBA Corporation
FileDescription : TOSHIBA Power Saver
InternalName : Tpwrtray
LegalCopyright : Copyright 1999-2002 TOSHIBA Corporation.
OriginalFilename : Tpwrtray.exe
Comments : TOSHIBA Power Saver

#:29 [tfncky.exe]
FilePath : C:\Program Files\Toshiba\TOSHIBA Controls\
ProcessID : 1748
ThreadCreationTime : 2005-06-02 20:55:47
BasePriority : Normal
FileVersion : 2.04.06
ProductVersion : 2.04.06
ProductName : TFncKy
CompanyName : TOSHIBA Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 1997-2002 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:30 [apntex.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 1608
ThreadCreationTime : 2005-06-02 20:55:48
BasePriority : Normal
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
ProductName : Alps Pointing-device Driver for Windows NT/2000
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
LegalCopyright : Copyright © 1998-2001 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:31 [tmerzctl.exe]
FilePath : C:\Program Files\TOSHIBA\TME3\
ProcessID : 1592
ThreadCreationTime : 2005-06-02 20:55:49
BasePriority : Normal
FileVersion : 1, 0, 2, 8
ProductVersion : 1, 0, 2, 8
ProductName : TOSHIBA TMERzCtl
CompanyName : TOSHIBA
FileDescription : TMERzCtl
InternalName : TMERzCtl
LegalCopyright : Copyright © 2001
OriginalFilename : TMERzCtl.exe

#:32 [tmeejme.exe]
FilePath : C:\Program Files\TOSHIBA\TME3\
ProcessID : 592
ThreadCreationTime : 2005-06-02 20:55:50
BasePriority : Normal
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 0
ProductName : TOSHIBA MobileExtension Service
CompanyName : TOSHIBA
FileDescription : TMEEJME
InternalName : TMEEJME
LegalCopyright : TOSHIBA Copyright © 2002
OriginalFilename : TMEEJME.exe

#:33 [tmesbs32.exe]
FilePath : C:\Program Files\TOSHIBA\TME3\
ProcessID : 308
ThreadCreationTime : 2005-06-02 20:55:50
BasePriority : Normal
FileVersion : 2, 1, 1, 14
ProductVersion : 2, 1, 0, 1
ProductName : TOSHIBA Mobile Extension Slim Select Bay Service
CompanyName : TOSHIBA Corporation
FileDescription : tmesbs32
InternalName : tmesbs3
LegalCopyright : Copyright © TOSHIBA Corp.1998-2001
OriginalFilename : tmesbs32.exe

#:34 [tedtray.exe]
FilePath : C:\Program Files\TOSHIBA\DualPointUtility\
ProcessID : 932
ThreadCreationTime : 2005-06-02 20:55:51
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : TOSHIBA DualPoint Utility
CompanyName : TOSHIBA
FileDescription : TOSHIBA DualPoint Utility Main Module
InternalName : TEDTray
LegalCopyright : Copyright© TOSHIBA Corp. 2002
OriginalFilename : TEDTray

#:35 [tfnf5.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 968
ThreadCreationTime : 2005-06-02 20:55:51
BasePriority : Normal
FileVersion : 1. 0. 1. 0
ProductVersion : 1. 0. 1. 0
ProductName : Toshiba Hotkey Utility for Display Devices
CompanyName : Toshiba Corp.
FileDescription : TFnF5
InternalName : TFnF5
LegalCopyright : Copyright © Toshiba Corp. 2001
OriginalFilename : TFnF5.Exe
Comments : Hotkey (Fn+F5) for Display Devices

#:36 [ezsp_px.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 276
ThreadCreationTime : 2005-06-02 20:55:51
BasePriority : Normal


#:37 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1996
ThreadCreationTime : 2005-06-02 20:55:57
BasePriority : Normal
FileVersion : 1.00.104
ProductVersion : 1.00.104
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:38 [prismsvr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2088
ThreadCreationTime : 2005-06-02 20:56:02
BasePriority : Normal
FileVersion : 1.01.16
ProductVersion : 1.01.16.0018
ProductName : PRISM Wireless LAN
CompanyName : Conexant Systems, Inc.
FileDescription : PRISM Profiles Server Module
InternalName : GlobespanVirata
LegalCopyright : Copyright © 2004, Conexant Systems, Inc.
OriginalFilename : PRISMsvr.exe
Comments : Conexant Systems, Inc. (www.conexant.com)

#:39 [2portalmon.exe]
FilePath : C:\Program Files\2Wire\
ProcessID : 2120
ThreadCreationTime : 2005-06-02 20:56:03
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : HomePortal Monitor Application
CompanyName : 2Wire, Inc.
FileDescription : HomePortal Monitor Application by 2Wire Engineering
InternalName : HomePortal Monitor
LegalCopyright : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
LegalTrademarks : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
OriginalFilename : HomePortal Monitor.EXE
Comments : HomePortal Monitor Application by 2Wire Engineering

#:40 [gcasserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 2272
ThreadCreationTime : 2005-06-02 20:56:06
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:41 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2296
ThreadCreationTime : 2005-06-02 20:56:06
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:42 [dfzfpyr.exe]
FilePath : c:\windows\system32\
ProcessID : 2376
ThreadCreationTime : 2005-06-02 20:56:08
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:43 [gcasdtserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 3040
ThreadCreationTime : 2005-06-02 20:56:12
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:44 [prismcfg.exe]
FilePath : C:\Program Files\2Wire 802.11g Wireless\
ProcessID : 3052
ThreadCreationTime : 2005-06-02 20:56:13
BasePriority : Normal
FileVersion : 1.01.17
ProductVersion : 1.01.17.0025
ProductName : Wireless Client
CompanyName : 2Wire Inc.
FileDescription : Wireless Card Utility
InternalName : PRISMCFG.exe
LegalCopyright : Copyright © 2004, 2Wire Inc.
OriginalFilename : PRISMCFG.exe
Comments : 2Wire Inc. (www.2wire.com)

#:45 [ivpsvmgr.exe]
FilePath : C:\toshiba\ivp\ism\
ProcessID : 2652
ThreadCreationTime : 2005-06-02 20:58:57
BasePriority : Normal
FileVersion : 3.5.3.1
ProductVersion : 3.5
ProductName : Software Upgrades
CompanyName : TOSHIBA Corporation
FileDescription : IVP Service Manager Application
InternalName : IVPSVMGR
LegalCopyright : © 1997-2002 TOSHIBA Corporation
OriginalFilename : IVPSVMGR.EXE

#:46 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3860
ThreadCreationTime : 2005-06-03 15:09:37
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:47 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2760
ThreadCreationTime : 2005-06-03 15:49:17
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUS3t5atusOfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUL3a5stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUL3a5stSSChckin

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 30
Objects found so far: 31


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : UninstallString

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : HelpLink

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Contact

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 38


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meghan drummond@2o7[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:meghan [email protected]/
Expires : 2010-06-02 10:35:36
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meghan drummond@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:meghan [email protected]/
Expires : 2006-07-25 3:16:40
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meghan [email protected][2].txt
Category : Data Miner
Comment : Hits:8
Value : Cookie:meghan [email protected]/
Expires : 2009-12-31 20:00:00
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meghan drummond@realmedia[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:meghan [email protected]/
Expires : 2020-12-31 20:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 42



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon
Value : Driver

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon
Value : Driver

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 47

11:56:59 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:50.982
Objects scanned:112097
Objects identified:46
Objects ignored:0
New critical objects:46
  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 03 June 2005 - 05:30 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R49 31.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#3
sunshine79
Posted 05 June 2005 - 05:19 PM

sunshine79

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Ad-Aware SE Build 1.05
Logfile Created on:2005”N6ŒŽ5“ú 18:49:05
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R49 31.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):5 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):29 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2005-06-05 18:49:05 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 772
ThreadCreationTime : 2005-06-05 22:47:49
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 844
ThreadCreationTime : 2005-06-05 22:47:50
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 2005-06-05 22:47:51
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 912
ThreadCreationTime : 2005-06-05 22:47:51
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 924
ThreadCreationTime : 2005-06-05 22:47:51
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1092
ThreadCreationTime : 2005-06-05 22:47:52
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1116
ThreadCreationTime : 2005-06-05 22:47:52
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1212
ThreadCreationTime : 2005-06-05 22:47:52
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1228
ThreadCreationTime : 2005-06-05 22:47:52
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1368
ThreadCreationTime : 2005-06-05 22:47:52
BasePriority : Normal
FileVersion : 1.00.37
ProductVersion : 1.00.37
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:11 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1592
ThreadCreationTime : 2005-06-05 22:47:53
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:12 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1692
ThreadCreationTime : 2005-06-05 22:47:53
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [00thotkey.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1792
ThreadCreationTime : 2005-06-05 22:47:54
BasePriority : Normal
FileVersion : 1, 0, 0, 20
ProductVersion : 6, 0, 2, 0
ProductName : TOSHIBA THotkey
CompanyName : TOSHIBA Corp.
FileDescription : THotkey
InternalName : THotkey
LegalCopyright : Copyright © 1999 -2003
OriginalFilename : THotkey.exe

#:14 [apoint.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 1892
ThreadCreationTime : 2005-06-05 22:47:54
BasePriority : Normal
FileVersion : 6.0.1.159
ProductVersion : 6.0.1.159
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2002 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:15 [toshkcw.exe]
FilePath : C:\Program Files\TOSHIBA\Wireless Hotkey\
ProcessID : 1912
ThreadCreationTime : 2005-06-05 22:47:54
BasePriority : Normal
FileVersion : 2, 1, 0, 1
ProductVersion : 2, 1, 0, 0
ProductName : Wireless Hotkey
CompanyName : TOSHIBA CORPORATION
FileDescription : Wireless Hotkey
InternalName : Wireless Hotkey EXE
LegalCopyright : Copyright © 2001-2002 TOSHIBA CORPORATION
LegalTrademarks : Copyright © 2001-2002 TOSHIBA CORPORATION
OriginalFilename : TosHKCW.EXE
Comments : Wireless Hotkey

#:16 [tpwrtray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1928
ThreadCreationTime : 2005-06-05 22:47:54
BasePriority : Normal
FileVersion : 6.00.21
ProductVersion : 6.00.01
ProductName : TOSHIBA Power Saver
CompanyName : TOSHIBA Corporation
FileDescription : TOSHIBA Power Saver
InternalName : Tpwrtray
LegalCopyright : Copyright 1999-2002 TOSHIBA Corporation.
OriginalFilename : Tpwrtray.exe
Comments : TOSHIBA Power Saver

#:17 [tfncky.exe]
FilePath : C:\Program Files\Toshiba\TOSHIBA Controls\
ProcessID : 1940
ThreadCreationTime : 2005-06-05 22:47:54
BasePriority : Normal
FileVersion : 2.04.06
ProductVersion : 2.04.06
ProductName : TFncKy
CompanyName : TOSHIBA Corporation
FileDescription : TFncKy
InternalName : TFncKy
LegalCopyright : Copyright 1997-2002 TOSHIBA Corporation. All rights reserved.
OriginalFilename : TFncKy.EXE

#:18 [tmerzctl.exe]
FilePath : C:\Program Files\TOSHIBA\TME3\
ProcessID : 1960
ThreadCreationTime : 2005-06-05 22:47:54
BasePriority : Normal
FileVersion : 1, 0, 2, 8
ProductVersion : 1, 0, 2, 8
ProductName : TOSHIBA TMERzCtl
CompanyName : TOSHIBA
FileDescription : TMERzCtl
InternalName : TMERzCtl
LegalCopyright : Copyright © 2001
OriginalFilename : TMERzCtl.exe

#:19 [tmeejme.exe]
FilePath : C:\Program Files\TOSHIBA\TME3\
ProcessID : 1968
ThreadCreationTime : 2005-06-05 22:47:55
BasePriority : Normal
FileVersion : 1, 0, 0, 12
ProductVersion : 1, 0, 0, 0
ProductName : TOSHIBA MobileExtension Service
CompanyName : TOSHIBA
FileDescription : TMEEJME
InternalName : TMEEJME
LegalCopyright : TOSHIBA Copyright © 2002
OriginalFilename : TMEEJME.exe

#:20 [tmesbs32.exe]
FilePath : C:\Program Files\TOSHIBA\TME3\
ProcessID : 1984
ThreadCreationTime : 2005-06-05 22:47:55
BasePriority : Normal
FileVersion : 2, 1, 1, 14
ProductVersion : 2, 1, 0, 1
ProductName : TOSHIBA Mobile Extension Slim Select Bay Service
CompanyName : TOSHIBA Corporation
FileDescription : tmesbs32
InternalName : tmesbs3
LegalCopyright : Copyright © TOSHIBA Corp.1998-2001
OriginalFilename : tmesbs32.exe

#:21 [tedtray.exe]
FilePath : C:\Program Files\TOSHIBA\DualPointUtility\
ProcessID : 1992
ThreadCreationTime : 2005-06-05 22:47:55
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : TOSHIBA DualPoint Utility
CompanyName : TOSHIBA
FileDescription : TOSHIBA DualPoint Utility Main Module
InternalName : TEDTray
LegalCopyright : Copyright© TOSHIBA Corp. 2002
OriginalFilename : TEDTray

#:22 [tfnf5.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2000
ThreadCreationTime : 2005-06-05 22:47:55
BasePriority : Normal
FileVersion : 1. 0. 1. 0
ProductVersion : 1. 0. 1. 0
ProductName : Toshiba Hotkey Utility for Display Devices
CompanyName : Toshiba Corp.
FileDescription : TFnF5
InternalName : TFnF5
LegalCopyright : Copyright © Toshiba Corp. 2001
OriginalFilename : TFnF5.Exe
Comments : Hotkey (Fn+F5) for Display Devices

#:23 [ezsp_px.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2008
ThreadCreationTime : 2005-06-05 22:47:55
BasePriority : Normal


#:24 [pinger.exe]
FilePath : C:\toshiba\ivp\ism\
ProcessID : 2024
ThreadCreationTime : 2005-06-05 22:47:55
BasePriority : Normal
FileVersion : 3.3
ProductVersion : 3.3
ProductName : Software Upgrades
CompanyName : TOSHIBA Corporation
FileDescription : TOSHIBA Pinger
InternalName : PINGER
LegalCopyright : © 1997-2002 TOSHIBA Corporation
OriginalFilename : PINGER.EXE
Comments : With TSysSMon support.

#:25 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 212
ThreadCreationTime : 2005-06-05 22:47:55
BasePriority : Normal
FileVersion : 1.00.104
ProductVersion : 1.00.104
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:26 [prismsvr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 252
ThreadCreationTime : 2005-06-05 22:47:55
BasePriority : Normal
FileVersion : 1.01.16
ProductVersion : 1.01.16.0018
ProductName : PRISM Wireless LAN
CompanyName : Conexant Systems, Inc.
FileDescription : PRISM Profiles Server Module
InternalName : GlobespanVirata
LegalCopyright : Copyright © 2004, Conexant Systems, Inc.
OriginalFilename : PRISMsvr.exe
Comments : Conexant Systems, Inc. (www.conexant.com)

#:27 [apntex.exe]
FilePath : C:\Program Files\Apoint2K\
ProcessID : 276
ThreadCreationTime : 2005-06-05 22:47:55
BasePriority : Normal
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
ProductName : Alps Pointing-device Driver for Windows NT/2000
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
LegalCopyright : Copyright © 1998-2001 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:28 [2portalmon.exe]
FilePath : C:\Program Files\2Wire\
ProcessID : 284
ThreadCreationTime : 2005-06-05 22:47:55
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : HomePortal Monitor Application
CompanyName : 2Wire, Inc.
FileDescription : HomePortal Monitor Application by 2Wire Engineering
InternalName : HomePortal Monitor
LegalCopyright : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
LegalTrademarks : Copyright © 1999, 2000, 2001, 2wire, Inc. All Rights Reserved
OriginalFilename : HomePortal Monitor.EXE
Comments : HomePortal Monitor Application by 2Wire Engineering

#:29 [usrprmpt.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 316
ThreadCreationTime : 2005-06-05 22:47:55
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Helper
InternalName : UsrPrmpt.dll
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : UsrPrmpt.dll

#:30 [gcasserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 328
ThreadCreationTime : 2005-06-05 22:47:55
BasePriority : Idle
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Service
InternalName : gcasServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasServ.exe

#:31 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 420
ThreadCreationTime : 2005-06-05 22:47:56
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:32 [rkeere.exe]
FilePath : c:\windows\system32\
ProcessID : 496
ThreadCreationTime : 2005-06-05 22:47:56
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:33 [prismcfg.exe]
FilePath : C:\Program Files\2Wire 802.11g Wireless\
ProcessID : 636
ThreadCreationTime : 2005-06-05 22:47:57
BasePriority : Normal
FileVersion : 1.01.17
ProductVersion : 1.01.17.0025
ProductName : Wireless Client
CompanyName : 2Wire Inc.
FileDescription : Wireless Card Utility
InternalName : PRISMCFG.exe
LegalCopyright : Copyright © 2004, 2Wire Inc.
OriginalFilename : PRISMCFG.exe
Comments : 2Wire Inc. (www.2wire.com)

#:34 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 644
ThreadCreationTime : 2005-06-05 22:47:57
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:35 [dvdramsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 672
ThreadCreationTime : 2005-06-05 22:47:57
BasePriority : Normal
FileVersion : 2, 0, 5, 0
ProductVersion : 2, 0, 5, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : Service of RAMAsst for Windows XP
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002
OriginalFilename : DVDRAMSV.EXE

#:36 [kodakccs.exe]
FilePath : C:\WINDOWS\system32\drivers\
ProcessID : 728
ThreadCreationTime : 2005-06-05 22:47:57
BasePriority : Normal
FileVersion : 1.1.4900.0
ProductVersion : 4.3.1.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2003
OriginalFilename : DcFsSvc.exe

#:37 [navapsvc.exe]
FilePath : C:\Program Files\Norton\Norton AntiVirus\
ProcessID : 484
ThreadCreationTime : 2005-06-05 22:47:57
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:38 [nprotect.exe]
FilePath : C:\Program Files\Norton\Norton Utilities\
ProcessID : 800
ThreadCreationTime : 2005-06-05 22:47:57
BasePriority : Normal
FileVersion : 16.00.0.22
ProductVersion : 16.00.0.22
ProductName : Norton Utilities
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
LegalCopyright : Copyright © 2003 Symantec Corporation
LegalTrademarks : Norton Utilities
OriginalFilename : NPROTECT.EXE

#:39 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 836
ThreadCreationTime : 2005-06-05 22:47:57
BasePriority : Normal
FileVersion : 6.13.10.3648
ProductVersion : 6.13.10.3648
ProductName : NVIDIA Driver Helper Service, Version 36.48
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 36.48
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:40 [scsiaccess.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1400
ThreadCreationTime : 2005-06-05 22:47:57
BasePriority : Normal


#:41 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 1440
ThreadCreationTime : 2005-06-05 22:47:57
BasePriority : Normal
FileVersion : 3, 2, 5, 0
ProductVersion : 3, 2, 5, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe

#:42 [nopdb.exe]
FilePath : C:\PROGRA~1\Norton\SPEEDD~1\
ProcessID : 1556
ThreadCreationTime : 2005-06-05 22:47:57
BasePriority : Normal
FileVersion : 7.00.0.24
ProductVersion : 7.00.0.24
ProductName : Norton Speed Disk
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
LegalCopyright : Copyright © 2002
OriginalFilename : NOPDB.dll

#:43 [tmesbs32.exe]
FilePath : C:\Program Files\TOSHIBA\TME3\
ProcessID : 1720
ThreadCreationTime : 2005-06-05 22:47:57
BasePriority : Normal
FileVersion : 2, 1, 1, 14
ProductVersion : 2, 1, 0, 1
ProductName : TOSHIBA Mobile Extension Slim Select Bay Service
CompanyName : TOSHIBA Corporation
FileDescription : tmesbs32
InternalName : tmesbs3
LegalCopyright : Copyright © TOSHIBA Corp.1998-2001
OriginalFilename : tmesbs32.exe

#:44 [tmesrv31.exe]
FilePath : C:\Program Files\TOSHIBA\TME3\
ProcessID : 1860
ThreadCreationTime : 2005-06-05 22:47:57
BasePriority : Normal
FileVersion : 3, 1, 32, 0
ProductVersion : 3, 1, 32, 0
ProductName : TOSHIBA MobileExtension Service
CompanyName : TOSHIBA
FileDescription : TOSHIBA MobileExtension Service
InternalName : TMESRV3
LegalCopyright : TOSHIBA Copyright © 1999-2001
OriginalFilename : TMESRV3.exe

#:45 [wanmpsvc.exe]
FilePath : C:\WINDOWS\
ProcessID : 2060
ThreadCreationTime : 2005-06-05 22:47:57
BasePriority : Normal
FileVersion : 7, 0, 0, 2
ProductVersion : 7, 0, 0, 2
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:46 [gcasdtserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 2384
ThreadCreationTime : 2005-06-05 22:47:58
BasePriority : Normal
FileVersion : 1.00.0509
ProductVersion : 1.00.0509
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:47 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3000
ThreadCreationTime : 2005-06-05 22:48:43
BasePriority : Normal
FileVersion : 5.4.3790.2182 built by: srv03_rtm(ntvbl04)
ProductVersion : 5.4.3790.2182
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:48 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3088
ThreadCreationTime : 2005-06-05 22:48:55
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUS3t5atusOfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUL3a5stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3282767201-3518808694-855454437-1004\software\aurora
Value : AUL3a5stSSChckin

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 30
Objects found so far: 30


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 30


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meghan drummond@trafficmp[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:meghan [email protected]/
Expires : 2006-06-03 13:04:52
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meghan drummond@2o7[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:meghan [email protected]/
Expires : 2010-06-02 10:35:36
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meghan drummond@questionmarket[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:meghan [email protected]/
Expires : 2006-07-25 4:18:52
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meghan [email protected][1].txt
Category : Data Miner
Comment : Hits:18
Value : Cookie:meghan [email protected]/
Expires : 2009-12-31 20:00:00
LastSync : Hits:18
UseCount : 0
Hits : 18

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : meghan drummond@realmedia[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:meghan [email protected]/
Expires : 2020-12-31 20:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 35



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35

18:56:32 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:26.582
Objects scanned:110933
Objects identified:35
Objects ignored:0
New critical objects:35
  • 0

#4
yuyiboy
Posted 05 June 2005 - 06:02 PM

yuyiboy

    New Member

  • Member
  • Pip
  • 2 posts
Link removed,
Please don't post this tool it is not approved by this forum,

Thanks
Don

Edited by don77, 05 June 2005 - 06:27 PM.

  • 0

#5
Guest_Andy_veal_*
Posted 06 June 2005 - 04:21 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R49 31.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please just select VX2 first

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP