Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora help


  • This topic is locked This topic is locked

#1
idel

idel

    New Member

  • Member
  • Pip
  • 2 posts
Thanks so much for your help! My family and I really appreciate it.

Here is my ad-aware log first, then my hijakthis log:

Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, June 20, 2005 2:40:40 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):19 total references
Possible Browser Hijack attempt(TAC index:3):6 total references
Tracking Cookie(TAC index:3):1 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):31 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : D:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
CSI Fingerprints total : 886
CSI data size : 30371 Bytes
Target categories : 15
Target families : 679

6-20-2005 2:38:35 PM Performing WebUpdate...

Installing Update...

6-20-2005 2:39:40 PM Failed
No updates installed.

6-20-2005 2:39:40 PM <RESTORE BCKP>
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : D:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
CSI Fingerprints total : 886
CSI data size : 30371 Bytes
Target categories : 15
Target families : 679

6-20-2005 2:39:46 PM <OK>


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:19 %
Total physical memory:383980 kb
Available physical memory:70072 kb
Total page file size:927248 kb
Available on page file:691852 kb
Total virtual memory:2097024 kb
Available virtual memory:2047208 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


6-20-2005 2:40:40 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 468
ThreadCreationTime : 6-20-2005 11:44:05 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\D:\WINDOWS\system32\csrss.exe
Command Line : D:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 524
ThreadCreationTime : 6-20-2005 11:44:06 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\D:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 548
ThreadCreationTime : 6-20-2005 11:44:07 AM
BasePriority : High


#:4 [services.exe]
ModuleName : D:\WINDOWS\system32\services.exe
Command Line : D:\WINDOWS\system32\services.exe
ProcessID : 592
ThreadCreationTime : 6-20-2005 11:44:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : D:\WINDOWS\system32\lsass.exe
Command Line : D:\WINDOWS\system32\lsass.exe
ProcessID : 604
ThreadCreationTime : 6-20-2005 11:44:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : D:\WINDOWS\system32\svchost.exe
Command Line : D:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 760
ThreadCreationTime : 6-20-2005 11:44:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : D:\WINDOWS\system32\svchost.exe
Command Line : D:\WINDOWS\system32\svchost -k rpcss
ProcessID : 816
ThreadCreationTime : 6-20-2005 11:44:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : D:\WINDOWS\System32\svchost.exe
Command Line : D:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 912
ThreadCreationTime : 6-20-2005 11:44:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : D:\WINDOWS\system32\svchost.exe
Command Line : D:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 988
ThreadCreationTime : 6-20-2005 11:44:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : D:\WINDOWS\system32\svchost.exe
Command Line : D:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1096
ThreadCreationTime : 6-20-2005 11:44:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [brsvc01a.exe]
ModuleName : D:\WINDOWS\system32\brsvc01a.exe
Command Line : D:\WINDOWS\system32\brsvc01a.exe
ProcessID : 1364
ThreadCreationTime : 6-20-2005 11:44:14 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : brother Industries Ltd brsvc01a
CompanyName : brother Industries Ltd
FileDescription : brsvc01a
InternalName : brsvc01a
LegalCopyright : Copyright © Brother Industries, Ltd 2003
OriginalFilename : brsvc01a.exe

#:12 [spoolsv.exe]
ModuleName : D:\WINDOWS\system32\spoolsv.exe
Command Line : D:\WINDOWS\system32\spoolsv.exe
ProcessID : 1380
ThreadCreationTime : 6-20-2005 11:44:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [brss01a.exe]
ModuleName : D:\WINDOWS\system32\brss01a.exe
Command Line : brss01a.exe
ProcessID : 1392
ThreadCreationTime : 6-20-2005 11:44:14 AM
BasePriority : Normal
FileVersion : 1.004
ProductVersion : 1, 0, 0, 4
ProductName : brother Industries Ltd brss01a.exe
CompanyName : brother Industries Ltd
FileDescription : brss01a.exe
InternalName : brss01a.exe
LegalCopyright : Copyright ? 2001
OriginalFilename : brss01a.exe
Comments : Brsplproc XP wrapper

#:14 [aspnet_admin.exe]
ModuleName : D:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
Command Line : D:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
ProcessID : 224
ThreadCreationTime : 6-20-2005 11:44:24 AM
BasePriority : Normal
FileVersion : 2.0.40607.16 (beta1.040607-1600)
ProductVersion : 2.0.40607.16
ProductName : Microsoft® .NET Framework
CompanyName : Microsoft Corporation
FileDescription : Microsoft ASP.NET Admin Service
InternalName : aspnet_admin.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : aspnet_admin.exe
Comments : Flavor=Retail

#:15 [svchost.exe]
ModuleName : D:\WINDOWS\system32\svchost.exe
Command Line : D:\WINDOWS\system32\svchost.exe -k imgsvc
ProcessID : 424
ThreadCreationTime : 6-20-2005 11:44:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:16 [wdfmgr.exe]
ModuleName : D:\WINDOWS\system32\wdfmgr.exe
Command Line : D:\WINDOWS\system32\wdfmgr.exe
ProcessID : 508
ThreadCreationTime : 6-20-2005 11:44:29 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:17 [dlbxcoms.exe]
ModuleName : D:\WINDOWS\system32\dlbxcoms.exe
Command Line : D:\WINDOWS\system32\dlbxcoms.exe -service
ProcessID : 1456
ThreadCreationTime : 6-20-2005 11:44:34 AM
BasePriority : High
FileVersion : 1.101.37.0
ProductVersion : 1.101.37.0
ProductName : Dell Communication System
CompanyName : Dell
FileDescription : Dell Communication System
InternalName : DLBXcoms.exe
OriginalFilename : DLBXcoms.exe

#:18 [alg.exe]
ModuleName : D:\WINDOWS\System32\alg.exe
Command Line : D:\WINDOWS\System32\alg.exe
ProcessID : 2052
ThreadCreationTime : 6-20-2005 11:44:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:19 [explorer.exe]
ModuleName : D:\WINDOWS\Explorer.exe
Command Line : Explorer.exe D:\WINDOWS\Nail.exe
ProcessID : 4064
ThreadCreationTime : 6-20-2005 12:35:35 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [qttask.exe]
ModuleName : D:\Program Files\QuickTime\qttask.exe
Command Line : "D:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1612
ThreadCreationTime : 6-20-2005 12:35:50 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:21 [ppcontrol.exe]
ModuleName : D:\PROGRA~1\PESTPA~1\PPControl.exe
Command Line : "D:\PROGRA~1\PESTPA~1\PPControl.exe"
ProcessID : 3532
ThreadCreationTime : 6-20-2005 12:35:51 PM
BasePriority : Normal
FileVersion : 4, 4, 4, 73
ProductVersion : 4.4
ProductName : PestPatrol
CompanyName : Computer Associates International
FileDescription : PestPatrol tray application
InternalName : ppcontrol
LegalCopyright : Copyright © 2004 Computer Associates International
OriginalFilename : ppcontrol.exe

#:22 [ituneshelper.exe]
ModuleName : D:\Program Files\iTunes\iTunesHelper.exe
Command Line : "D:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 2584
ThreadCreationTime : 6-20-2005 12:35:53 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:23 [igfxtray.exe]
ModuleName : D:\WINDOWS\system32\igfxtray.exe
Command Line : "D:\WINDOWS\system32\igfxtray.exe"
ProcessID : 2196
ThreadCreationTime : 6-20-2005 12:35:54 PM
BasePriority : Normal
FileVersion : 3.0.0.3889
ProductVersion : 7.0.0.3889
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : IGFXTRAY.EXE

#:24 [hkcmd.exe]
ModuleName : D:\WINDOWS\system32\hkcmd.exe
Command Line : "D:\WINDOWS\system32\hkcmd.exe"
ProcessID : 1668
ThreadCreationTime : 6-20-2005 12:35:55 PM
BasePriority : Normal
FileVersion : 3.0.0.3889
ProductVersion : 7.0.0.3889
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:25 [dlbxmon.exe]
ModuleName : D:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
Command Line : "D:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
ProcessID : 3056
ThreadCreationTime : 6-20-2005 12:35:55 PM
BasePriority : Normal
FileVersion : 1.196.0.0
ProductVersion : 1.196.0.0
ProductName : DellPhoto AIO Printer 962 Device Monitor
CompanyName : Dell
FileDescription : DellPhoto AIO Printer 962 Device Monitor
InternalName : dlbxmon.exe
LegalCopyright : © 2002 Dell
OriginalFilename : dlbxmon.exe

#:26 [daemon.exe]
ModuleName : D:\Program Files\D-Tools\daemon.exe
Command Line : "D:\Program Files\D-Tools\daemon.exe" -lang 1033
ProcessID : 2908
ThreadCreationTime : 6-20-2005 12:35:57 PM
BasePriority : Normal


#:27 [ipodservice.exe]
ModuleName : D:\Program Files\iPod\bin\iPodService.exe
Command Line : "D:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 3468
ThreadCreationTime : 6-20-2005 12:36:02 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:28 [ppmemcheck.exe]
ModuleName : D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
Command Line : "D:\PROGRA~1\PESTPA~1\PPMemCheck.exe"
ProcessID : 3232
ThreadCreationTime : 6-20-2005 12:36:02 PM
BasePriority : Normal


#:29 [cookiepatrol.exe]
ModuleName : D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
Command Line : "D:\PROGRA~1\PESTPA~1\CookiePatrol.exe"
ProcessID : 3612
ThreadCreationTime : 6-20-2005 12:36:03 PM
BasePriority : Normal
FileVersion : 4, 4, 4, 82
ProductVersion : 4, 4, 4, 0
ProductName : PestPatrol
CompanyName : Computer Associates International
FileDescription : CookiePatrol Application
InternalName : CookiePatrol
LegalCopyright : Copyright © 2005 Computer Associates International, Inc.
OriginalFilename : CookiePatrol.exe

#:30 [msnmsgr.exe]
ModuleName : D:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
ProcessID : 2556
ThreadCreationTime : 6-20-2005 12:36:04 PM
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:31 [quickdcf.exe]
ModuleName : D:\Program Files\FinePixViewer\QuickDCF.exe
Command Line : "D:\Program Files\FinePixViewer\QuickDCF.exe"
ProcessID : 2116
ThreadCreationTime : 6-20-2005 12:36:14 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 0
ProductVersion : 3, 0, 0, 0
ProductName : FinePixViewer
CompanyName : FUJI PHOTO FILM CO., LTD.
FileDescription : Exif Launcher
InternalName : QuickDCF
LegalCopyright : Copyright 2000-2002 FUJI PHOTO FILM CO.,LTD.
OriginalFilename : QuickDCF.exe

#:32 [iexplore.exe]
ModuleName : D:\Program Files\Internet Explorer\iexplore.exe
Command Line : "D:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 2144
ThreadCreationTime : 6-20-2005 12:37:08 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:33 [ad-aware.exe]
ModuleName : D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3344
ThreadCreationTime : 6-20-2005 12:38:18 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUL3a5stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUL3a5stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUS3t5atusOfSInst

Windows Object Recognized!
Type : RegData
Data : explorer.exe d:\windows\nail.exe
TAC Rating : 3
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe d:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 29
Objects found so far: 29


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : HelpLink

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Contact

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 35

MRU List Object Recognized!
Location: : D:\Documents and Settings\Administrator\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\adobe\photoshop\7.0\visiteddirs
Description : adobe photoshop 7 recent work folders


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\office\11.0\word\recent templates
Description : list of recent templates used by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:administrator@trafficmp.com/
Expires : 6-21-2006 2:47:02 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 55



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 55


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : A0047623.exe
TAC Rating : 10
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{9529ED4F-E55F-4F3F-A9A4-9E8CFD865374}\RP12\
FileVersion : 1.0.2.4
ProductVersion : 1.0.2.4
ProductName : Buddy Window
CompanyName : Direct Revenue
FileDescription : Buddy
InternalName : Buddy.exe
LegalCopyright : © Direct Revenue. All rights reserved.
OriginalFilename : Buddy.exe
Comments : Browser window for Direct Revenue


Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56


Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\.Trashes\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\_Restore\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\Application Data\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\autorun\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\Computer back up 1-20-2005\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\dingbats\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\Favorites\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\Hotel Mngmt\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\JP Stuff\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\programs\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\Recycled\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\System Volume Information\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56


Scanning Hosts file......
Hosts file location:"D:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 56




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : File
Data : BIT500.tmp
TAC Rating : 10
Category : Malware
Comment :
Object : D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
FileVersion : 6.00.2494.0000 (Lab03_N.010615-2109)
ProductVersion : 6.00.2494.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Cabinet Self-Extractor
InternalName : Wextract
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WEXTRACT.EXE


Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 58

3:04:12 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:23:31.843
Objects scanned:201659
Objects identified:39
Objects ignored:0
New critical objects:39




Logfile of HijackThis v1.99.1
Scan saved at 1:17:56 AM, on 6/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\brsvc01a.exe
D:\WINDOWS\system32\brss01a.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\PESTPA~1\PPControl.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
D:\Program Files\D-Tools\daemon.exe
D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\FinePixViewer\QuickDCF.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\dlbxcoms.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\skihgafbs.exe
H:\JP Stuff\COMPUTER CLEAN UP\HijackThis.exe
D:\WINDOWS\skihgafbs.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\skihgafbs.exe
D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MDDPRXFC\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - D:\WINDOWS\system32\vbrundll.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - D:\WINDOWS\system32\nsm7.dll
O4 - HKLM\..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] D:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dlbxmon.exe] "D:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [Device Detector] "D:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = D:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109178739437
O16 - DPF: {712D42CD-3513-473E-96E8-019C9AD78F1A} (MSN Money QuickList) - http://moneycentral....s/pmupdate2.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - D:\WINDOWS\system32\brsvc01a.exe
O23 - Service: dlbx_device - Dell - D:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
  • 0

Advertisements


#2
idel

idel

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I followed your insructions, but I still am getting Aurora Popups. Please help me I don't know what else to try. I ran virus scans, but no luck.

Here is my ad-aware log first, then my hijakthis log:

Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, June 20, 2005 2:40:40 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):19 total references
Possible Browser Hijack attempt(TAC index:3):6 total references
Tracking Cookie(TAC index:3):1 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):31 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : D:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
CSI Fingerprints total : 886
CSI data size : 30371 Bytes
Target categories : 15
Target families : 679

6-20-2005 2:38:35 PM Performing WebUpdate...

Installing Update...

6-20-2005 2:39:40 PM Failed
No updates installed.

6-20-2005 2:39:40 PM <RESTORE BCKP>
Definitions File Loaded:
Reference Number : SE1R47 24.05.2005
Internal build : 55
File location : D:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 476246 Bytes
Total size : 1439523 Bytes
Signature data size : 1408291 Bytes
Reference data size : 30720 Bytes
Signatures total : 40174
CSI Fingerprints total : 886
CSI data size : 30371 Bytes
Target categories : 15
Target families : 679

6-20-2005 2:39:46 PM <OK>


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:19 %
Total physical memory:383980 kb
Available physical memory:70072 kb
Total page file size:927248 kb
Available on page file:691852 kb
Total virtual memory:2097024 kb
Available virtual memory:2047208 kb
OS:Microsoft Windows XP Professional Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


6-20-2005 2:40:40 PM - Scan started. (Custom mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 468
ThreadCreationTime : 6-20-2005 11:44:05 AM
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\D:\WINDOWS\system32\csrss.exe
Command Line : D:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 524
ThreadCreationTime : 6-20-2005 11:44:06 AM
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\D:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 548
ThreadCreationTime : 6-20-2005 11:44:07 AM
BasePriority : High


#:4 [services.exe]
ModuleName : D:\WINDOWS\system32\services.exe
Command Line : D:\WINDOWS\system32\services.exe
ProcessID : 592
ThreadCreationTime : 6-20-2005 11:44:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : D:\WINDOWS\system32\lsass.exe
Command Line : D:\WINDOWS\system32\lsass.exe
ProcessID : 604
ThreadCreationTime : 6-20-2005 11:44:08 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : D:\WINDOWS\system32\svchost.exe
Command Line : D:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 760
ThreadCreationTime : 6-20-2005 11:44:09 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : D:\WINDOWS\system32\svchost.exe
Command Line : D:\WINDOWS\system32\svchost -k rpcss
ProcessID : 816
ThreadCreationTime : 6-20-2005 11:44:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : D:\WINDOWS\System32\svchost.exe
Command Line : D:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 912
ThreadCreationTime : 6-20-2005 11:44:10 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : D:\WINDOWS\system32\svchost.exe
Command Line : D:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 988
ThreadCreationTime : 6-20-2005 11:44:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : D:\WINDOWS\system32\svchost.exe
Command Line : D:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1096
ThreadCreationTime : 6-20-2005 11:44:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [brsvc01a.exe]
ModuleName : D:\WINDOWS\system32\brsvc01a.exe
Command Line : D:\WINDOWS\system32\brsvc01a.exe
ProcessID : 1364
ThreadCreationTime : 6-20-2005 11:44:14 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 4
ProductVersion : 1, 0, 0, 4
ProductName : brother Industries Ltd brsvc01a
CompanyName : brother Industries Ltd
FileDescription : brsvc01a
InternalName : brsvc01a
LegalCopyright : Copyright © Brother Industries, Ltd 2003
OriginalFilename : brsvc01a.exe

#:12 [spoolsv.exe]
ModuleName : D:\WINDOWS\system32\spoolsv.exe
Command Line : D:\WINDOWS\system32\spoolsv.exe
ProcessID : 1380
ThreadCreationTime : 6-20-2005 11:44:14 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:13 [brss01a.exe]
ModuleName : D:\WINDOWS\system32\brss01a.exe
Command Line : brss01a.exe
ProcessID : 1392
ThreadCreationTime : 6-20-2005 11:44:14 AM
BasePriority : Normal
FileVersion : 1.004
ProductVersion : 1, 0, 0, 4
ProductName : brother Industries Ltd brss01a.exe
CompanyName : brother Industries Ltd
FileDescription : brss01a.exe
InternalName : brss01a.exe
LegalCopyright : Copyright ? 2001
OriginalFilename : brss01a.exe
Comments : Brsplproc XP wrapper

#:14 [aspnet_admin.exe]
ModuleName : D:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
Command Line : D:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
ProcessID : 224
ThreadCreationTime : 6-20-2005 11:44:24 AM
BasePriority : Normal
FileVersion : 2.0.40607.16 (beta1.040607-1600)
ProductVersion : 2.0.40607.16
ProductName : Microsoft® .NET Framework
CompanyName : Microsoft Corporation
FileDescription : Microsoft ASP.NET Admin Service
InternalName : aspnet_admin.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : aspnet_admin.exe
Comments : Flavor=Retail

#:15 [svchost.exe]
ModuleName : D:\WINDOWS\system32\svchost.exe
Command Line : D:\WINDOWS\system32\svchost.exe -k imgsvc
ProcessID : 424
ThreadCreationTime : 6-20-2005 11:44:26 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:16 [wdfmgr.exe]
ModuleName : D:\WINDOWS\system32\wdfmgr.exe
Command Line : D:\WINDOWS\system32\wdfmgr.exe
ProcessID : 508
ThreadCreationTime : 6-20-2005 11:44:29 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:17 [dlbxcoms.exe]
ModuleName : D:\WINDOWS\system32\dlbxcoms.exe
Command Line : D:\WINDOWS\system32\dlbxcoms.exe -service
ProcessID : 1456
ThreadCreationTime : 6-20-2005 11:44:34 AM
BasePriority : High
FileVersion : 1.101.37.0
ProductVersion : 1.101.37.0
ProductName : Dell Communication System
CompanyName : Dell
FileDescription : Dell Communication System
InternalName : DLBXcoms.exe
OriginalFilename : DLBXcoms.exe

#:18 [alg.exe]
ModuleName : D:\WINDOWS\System32\alg.exe
Command Line : D:\WINDOWS\System32\alg.exe
ProcessID : 2052
ThreadCreationTime : 6-20-2005 11:44:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:19 [explorer.exe]
ModuleName : D:\WINDOWS\Explorer.exe
Command Line : Explorer.exe D:\WINDOWS\Nail.exe
ProcessID : 4064
ThreadCreationTime : 6-20-2005 12:35:35 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [qttask.exe]
ModuleName : D:\Program Files\QuickTime\qttask.exe
Command Line : "D:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1612
ThreadCreationTime : 6-20-2005 12:35:50 PM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:21 [ppcontrol.exe]
ModuleName : D:\PROGRA~1\PESTPA~1\PPControl.exe
Command Line : "D:\PROGRA~1\PESTPA~1\PPControl.exe"
ProcessID : 3532
ThreadCreationTime : 6-20-2005 12:35:51 PM
BasePriority : Normal
FileVersion : 4, 4, 4, 73
ProductVersion : 4.4
ProductName : PestPatrol
CompanyName : Computer Associates International
FileDescription : PestPatrol tray application
InternalName : ppcontrol
LegalCopyright : Copyright © 2004 Computer Associates International
OriginalFilename : ppcontrol.exe

#:22 [ituneshelper.exe]
ModuleName : D:\Program Files\iTunes\iTunesHelper.exe
Command Line : "D:\Program Files\iTunes\iTunesHelper.exe"
ProcessID : 2584
ThreadCreationTime : 6-20-2005 12:35:53 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:23 [igfxtray.exe]
ModuleName : D:\WINDOWS\system32\igfxtray.exe
Command Line : "D:\WINDOWS\system32\igfxtray.exe"
ProcessID : 2196
ThreadCreationTime : 6-20-2005 12:35:54 PM
BasePriority : Normal
FileVersion : 3.0.0.3889
ProductVersion : 7.0.0.3889
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : igfxTray Module
InternalName : IGFXTRAY
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : IGFXTRAY.EXE

#:24 [hkcmd.exe]
ModuleName : D:\WINDOWS\system32\hkcmd.exe
Command Line : "D:\WINDOWS\system32\hkcmd.exe"
ProcessID : 1668
ThreadCreationTime : 6-20-2005 12:35:55 PM
BasePriority : Normal
FileVersion : 3.0.0.3889
ProductVersion : 7.0.0.3889
ProductName : Intel® Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2002, Intel Corporation
OriginalFilename : HKCMD.EXE

#:25 [dlbxmon.exe]
ModuleName : D:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
Command Line : "D:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
ProcessID : 3056
ThreadCreationTime : 6-20-2005 12:35:55 PM
BasePriority : Normal
FileVersion : 1.196.0.0
ProductVersion : 1.196.0.0
ProductName : DellPhoto AIO Printer 962 Device Monitor
CompanyName : Dell
FileDescription : DellPhoto AIO Printer 962 Device Monitor
InternalName : dlbxmon.exe
LegalCopyright : © 2002 Dell
OriginalFilename : dlbxmon.exe

#:26 [daemon.exe]
ModuleName : D:\Program Files\D-Tools\daemon.exe
Command Line : "D:\Program Files\D-Tools\daemon.exe" -lang 1033
ProcessID : 2908
ThreadCreationTime : 6-20-2005 12:35:57 PM
BasePriority : Normal


#:27 [ipodservice.exe]
ModuleName : D:\Program Files\iPod\bin\iPodService.exe
Command Line : "D:\Program Files\iPod\bin\iPodService.exe"
ProcessID : 3468
ThreadCreationTime : 6-20-2005 12:36:02 PM
BasePriority : Normal
FileVersion : 4.7.1.30
ProductVersion : 4.7.1.30
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:28 [ppmemcheck.exe]
ModuleName : D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
Command Line : "D:\PROGRA~1\PESTPA~1\PPMemCheck.exe"
ProcessID : 3232
ThreadCreationTime : 6-20-2005 12:36:02 PM
BasePriority : Normal


#:29 [cookiepatrol.exe]
ModuleName : D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
Command Line : "D:\PROGRA~1\PESTPA~1\CookiePatrol.exe"
ProcessID : 3612
ThreadCreationTime : 6-20-2005 12:36:03 PM
BasePriority : Normal
FileVersion : 4, 4, 4, 82
ProductVersion : 4, 4, 4, 0
ProductName : PestPatrol
CompanyName : Computer Associates International
FileDescription : CookiePatrol Application
InternalName : CookiePatrol
LegalCopyright : Copyright © 2005 Computer Associates International, Inc.
OriginalFilename : CookiePatrol.exe

#:30 [msnmsgr.exe]
ModuleName : D:\Program Files\MSN Messenger\msnmsgr.exe
Command Line : "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
ProcessID : 2556
ThreadCreationTime : 6-20-2005 12:36:04 PM
BasePriority : Normal
FileVersion : 6.2.0205
ProductVersion : Version 6.2
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright © Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:31 [quickdcf.exe]
ModuleName : D:\Program Files\FinePixViewer\QuickDCF.exe
Command Line : "D:\Program Files\FinePixViewer\QuickDCF.exe"
ProcessID : 2116
ThreadCreationTime : 6-20-2005 12:36:14 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 0
ProductVersion : 3, 0, 0, 0
ProductName : FinePixViewer
CompanyName : FUJI PHOTO FILM CO., LTD.
FileDescription : Exif Launcher
InternalName : QuickDCF
LegalCopyright : Copyright 2000-2002 FUJI PHOTO FILM CO.,LTD.
OriginalFilename : QuickDCF.exe

#:32 [iexplore.exe]
ModuleName : D:\Program Files\Internet Explorer\iexplore.exe
Command Line : "D:\Program Files\Internet Explorer\iexplore.exe"
ProcessID : 2144
ThreadCreationTime : 6-20-2005 12:37:08 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:33 [ad-aware.exe]
ModuleName : D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "D:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3344
ThreadCreationTime : 6-20-2005 12:38:18 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUL3a5stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUL3a5stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1644491937-776561741-725345543-500\software\aurora
Value : AUS3t5atusOfSInst

Windows Object Recognized!
Type : RegData
Data : explorer.exe d:\windows\nail.exe
TAC Rating : 3
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe d:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 29
Objects found so far: 29


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : DisplayName

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : URLInfoAbout

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Publisher

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : HelpLink

Possible Browser Hijack attempt Object Recognized!
Type : RegValue
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1 "http://www.abetterinternet.com"
TAC Rating : 3
Category : Vulnerability
Comment : (http://www.abetterinternet.com)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\abi-1
Value : Contact

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 6
Objects found so far: 35

MRU List Object Recognized!
Location: : D:\Documents and Settings\Administrator\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\adobe\photoshop\7.0\visiteddirs
Description : adobe photoshop 7 recent work folders


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\office\11.0\word\recent templates
Description : list of recent templates used by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1644491937-776561741-725345543-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@trafficmp[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:administrator@trafficmp.com/
Expires : 6-21-2006 2:47:02 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 55



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 55


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : A0047623.exe
TAC Rating : 10
Category : Malware
Comment :
Object : D:\System Volume Information\_restore{9529ED4F-E55F-4F3F-A9A4-9E8CFD865374}\RP12\
FileVersion : 1.0.2.4
ProductVersion : 1.0.2.4
ProductName : Buddy Window
CompanyName : Direct Revenue
FileDescription : Buddy
InternalName : Buddy.exe
LegalCopyright : © Direct Revenue. All rights reserved.
OriginalFilename : Buddy.exe
Comments : Browser window for Direct Revenue


Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56


Deep scanning and examining files (H:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for H:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\.Trashes\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\_Restore\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\Application Data\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\autorun\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\Computer back up 1-20-2005\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\dingbats\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\Favorites\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\Hotel Mngmt\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\JP Stuff\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\programs\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\Recycled\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56

Disk Scan Result for H:\System Volume Information\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 56


Scanning Hosts file......
Hosts file location:"D:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 56




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : File
Data : BIT500.tmp
TAC Rating : 10
Category : Malware
Comment :
Object : D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\
FileVersion : 6.00.2494.0000 (Lab03_N.010615-2109)
ProductVersion : 6.00.2494.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Win32 Cabinet Self-Extractor
InternalName : Wextract
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WEXTRACT.EXE


Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 58

3:04:12 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:23:31.843
Objects scanned:201659
Objects identified:39
Objects ignored:0
New critical objects:39




Logfile of HijackThis v1.99.1
Scan saved at 1:17:56 AM, on 6/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\brsvc01a.exe
D:\WINDOWS\system32\brss01a.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\PESTPA~1\PPControl.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
D:\Program Files\D-Tools\daemon.exe
D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\FinePixViewer\QuickDCF.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\system32\dlbxcoms.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\skihgafbs.exe
H:\JP Stuff\COMPUTER CLEAN UP\HijackThis.exe
D:\WINDOWS\skihgafbs.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\system32\NOTEPAD.EXE
D:\WINDOWS\skihgafbs.exe
D:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MDDPRXFC\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe
O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - D:\WINDOWS\system32\vbrundll.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - D:\Program Files\Ipswitch\WS_FTP Home\wsbho2k0.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - D:\WINDOWS\system32\nsm7.dll
O4 - HKLM\..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PestPatrol Control Center] D:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KAVPersonal50] D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [iTunesHelper] D:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [dlbxmon.exe] "D:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [Device Detector] "D:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PPMemCheck] D:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] D:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = D:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1109178739437
O16 - DPF: {712D42CD-3513-473E-96E8-019C9AD78F1A} (MSN Money QuickList) - http://moneycentral....s/pmupdate2.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - D:\WINDOWS\system32\brsvc01a.exe
O23 - Service: dlbx_device - Dell - D:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - D:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe





« Next Oldest · Malware Removal - HiJackThis Logs Go Here · Next Newest »



1 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
1 Members: idel


Fast Reply


Show Smilies Pop Up Window
Enable email notification of replies | Enable Smilies | Enable Signature






Close Topic Options
Track this topic
Receive email notification when a reply has been made to this topic and you are not active on the board.

Subscribe to this forum
Receive email notification when a new topic is posted in this forum and you are not active on the board.

Download / Print this Topic
Download this topic in different formats or view a printer friendly version.
Forum Home Search Help Operating Systems |-- Windows XP, 2000, 2003, NT |-- Windows 95, 98, ME |-- All Other Operating Systems Internet |-- Malware Removal - HiJackThis Logs Go Here |-- Lavasoft Support (Ad-aware) |-- Web Design & Web Hosting |-- Internet and Browsers Hardware |-- Hardware, Components and Peripherals |-- System Building and Overclocking |-- Networking Software |-- Applications |-- Games |-- Microsoft Office |-- Programming (C#, C++, JAVA, VB, .NET etc...) |-- Software Updates |---- Security Updates Community |-- Off-Topic |-- Hot Deals |-- Geek News |-- Comments and Suggestions |-- News and Updates |-- Recycle Bin

English Lo-Fi Version 0.0938sec 0.37 9 queries GZIP Enabled
Time is now: 23rd June 2005 - 02:35 AM
The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk.

Geeks to Go is recommended by the Alliance of Security Analysis Professionals (ASAP)

GTG Partner Sites: GreenFlagAuto | SpywareAid | WildersSecurity


©2003-2005 Geeks To Go | All Rights Reserved | -> Link to Us

Invision Power Board v2.0.3 © 2005 IPS, Inc.
  • 0

#3
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome idel to Geeks to Go!

HijackThis is being run from a temporary folder; this means that any backups it creates as a result of fixes made with it will be lost. Please create a new folder for it and place the program into that new folder.

***

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

***

Download the Killbox.
Unzip it to the desktop but do NOT run it yet.

***

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8 (maybe F5 on Dell).
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

***

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe

O2 - BHO: VBRunDLL Class - {197B8CA4-E215-46DD-8F33-E0544A80E5C4} - D:\WINDOWS\system32\vbrundll.dll

O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - D:\WINDOWS\system32\nsm7.dll

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Close all open windows except for HijackThis and click Fix Checked.

Please double-click Killbox.exe to run it.

Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
D:\WINDOWS\skihgafbs.exe
Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
Make sure to reboot back to save mode.

Run a scan using Ewido, save the log.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.


P.S.:
You need to update AdAware, it is outdated.



EDIT:
As there has been no reply from the original poster for more than two weeks this topic is now closed.

If you are the original poster and still need assistance, please send me a PM.

Edited by g2i2r4, 09 July 2005 - 11:29 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP