Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

[Referred]computer illiterate. need help

Started by marissa523k , Jun 30 2005 04:53 PM

  • Please log in to reply

#1
marissa523k
Posted 30 June 2005 - 04:53 PM

marissa523k

    New Member

  • Member
  • Pip
  • 1 posts
my laptop is completely trashed with adware stuff, a friend had me scan twice and he told me to post them in here, so here's the results.

Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, June 30, 2005 6:09:56 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R52 30.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2(TAC index:10):19 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


6/30/2005 6:09:56 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 540
ThreadCreationTime : 6/30/2005 9:06:25 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 596
ThreadCreationTime : 6/30/2005 9:06:28 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 620
ThreadCreationTime : 6/30/2005 9:06:29 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 664
ThreadCreationTime : 6/30/2005 9:06:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 6/30/2005 9:06:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 852
ThreadCreationTime : 6/30/2005 9:06:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 6/30/2005 9:06:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 960
ThreadCreationTime : 6/30/2005 9:06:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [acs.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1032
ThreadCreationTime : 6/30/2005 9:06:32 PM
BasePriority : Normal


#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1144
ThreadCreationTime : 6/30/2005 9:06:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1216
ThreadCreationTime : 6/30/2005 9:06:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1528
ThreadCreationTime : 6/30/2005 9:06:35 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:13 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1560
ThreadCreationTime : 6/30/2005 9:06:35 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1740
ThreadCreationTime : 6/30/2005 9:06:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


#:15 [ceepwrsvc.exe]
FilePath : C:\Program Files\Toshiba\Power Management\
ProcessID : 1836
ThreadCreationTime : 6/30/2005 9:06:36 PM
BasePriority : Normal
FileVersion : 1, 1, 0, 1
ProductVersion : 1, 1, 0, 1
ProductName : CeEPwrSvc Module
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : CeEPwrSvc Module
InternalName : CeEPwrSvc
LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.
OriginalFilename : CeEPwrSvc.EXE
Comments : James Kang

#:16 [cfsvcs.exe]
FilePath : C:\Program Files\TOSHIBA\ConfigFree\
ProcessID : 1848
ThreadCreationTime : 6/30/2005 9:06:36 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 7
ProductVersion : 5, 0, 0, 0
ProductName : ConfigFree™
CompanyName : TOSHIBA CORPORATION
FileDescription : Service of ConfigFree.
InternalName : CFSvcs.exe
LegalCopyright : Copyright © 2003 TOSHIBA CORPORATION. All rights reserved.
LegalTrademarks : ConfigFree™
OriginalFilename : CFSvcs.exe
Comments : Service of ConfigFree.

#:17 [dvdramsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1872
ThreadCreationTime : 6/30/2005 9:06:36 PM
BasePriority : Normal
FileVersion : 2, 0, 7, 0
ProductVersion : 2, 0, 7, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : Service of RAMAsst for Windows XP
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003
OriginalFilename : DVDRAMSV.EXE

#:18 [apache.exe]
FilePath : C:\EMU\apache\
ProcessID : 1892
ThreadCreationTime : 6/30/2005 9:06:36 PM
BasePriority : Normal


#:19 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1928
ThreadCreationTime : 6/30/2005 9:06:37 PM
BasePriority : Normal
FileVersion : 10.00.3
ProductVersion : 10.00.3
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:20 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1976
ThreadCreationTime : 6/30/2005 9:06:37 PM
BasePriority : Normal
FileVersion : 9.2.1.14
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2003 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:21 [swupdtmr.exe]
FilePath : c:\TOSHIBA\Ivp\Swupdate\
ProcessID : 200
ThreadCreationTime : 6/30/2005 9:06:37 PM
BasePriority : Normal


#:22 [apache.exe]
FilePath : C:\EMU\apache\
ProcessID : 232
ThreadCreationTime : 6/30/2005 9:06:38 PM
BasePriority : Normal


#:23 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 500
ThreadCreationTime : 6/30/2005 9:06:43 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:24 [perl.exe]
FilePath : C:\EMU\perl\bin\
ProcessID : 1248
ThreadCreationTime : 6/30/2005 9:06:43 PM
BasePriority : Normal
FileVersion : 5,6,1,633
ProductVersion : Build 633
ProductName : ActivePerl
CompanyName : ActiveState Tool Corp.
FileDescription : Perl Command Line Interpreter
InternalName : Perl.exe
LegalCopyright : Copyright 1987-2001, Larry Wall, Binary build by ActiveState Tool Corp., http://www.ActiveState.com
OriginalFilename : Perl.exe

#:25 [perl.exe]
FilePath : C:\EMU\perl\bin\
ProcessID : 1304
ThreadCreationTime : 6/30/2005 9:06:44 PM
BasePriority : Normal
FileVersion : 5,6,1,633
ProductVersion : Build 633
ProductName : ActivePerl
CompanyName : ActiveState Tool Corp.
FileDescription : Perl Command Line Interpreter
InternalName : Perl.exe
LegalCopyright : Copyright 1987-2001, Larry Wall, Binary build by ActiveState Tool Corp., http://www.ActiveState.com
OriginalFilename : Perl.exe

#:26 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 2264
ThreadCreationTime : 6/30/2005 9:06:50 PM
BasePriority : Normal
FileVersion : 1.04.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:27 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2456
ThreadCreationTime : 6/30/2005 9:06:53 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:28 [connectionmanager.exe]
FilePath : C:\Program Files\SBC Yahoo!\Connection Manager\
ProcessID : 2540
ThreadCreationTime : 6/30/2005 9:06:54 PM
BasePriority : Normal
FileVersion : 2.0.1.3131
ProductVersion : 2.0.1.3131
ProductName : SBC Yahoo! Dial
CompanyName : SBC Yahoo!
FileDescription : SBC Yahoo! Connection Manager
InternalName : CONNECTIONMANAGER
LegalCopyright : Copyright © 2002 SBC Yahoo!
LegalTrademarks : Copyright © 2002 SBC Yahoo!
OriginalFilename : CONNECTIONMANAGER.EXE

#:29 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3568
ThreadCreationTime : 6/30/2005 9:07:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:30 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 3608
ThreadCreationTime : 6/30/2005 9:07:07 PM
BasePriority : Normal
FileVersion : 5.9.3797
ProductVersion : 5.9.3797
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:31 [weather.exe]
FilePath : C:\PROGRA~1\AWS\WEATHE~1\
ProcessID : 3616
ThreadCreationTime : 6/30/2005 9:07:07 PM
BasePriority : Normal
FileVersion : 6, 4, 0, 9
ProductVersion : 6, 4, 0, 9
ProductName : WeatherBug
CompanyName : AWS Convergence Technologies, Inc.
FileDescription : WeatherBug
InternalName : Desktop Weather
LegalCopyright : Copyright © 2001-2004
LegalTrademarks : WeatherBug
OriginalFilename : Weather.exe
Comments : World Largest Weather Network

#:32 [actalert.exe]
FilePath : C:\Program Files\Internet Optimizer\
ProcessID : 3648
ThreadCreationTime : 6/30/2005 9:07:07 PM
BasePriority : Normal


#:33 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3700
ThreadCreationTime : 6/30/2005 9:07:08 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:34 [ypager.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 3116
ThreadCreationTime : 6/30/2005 9:08:27 PM
BasePriority : Normal
FileVersion : 6,0,0,1750
ProductVersion : 6,0,0,1750
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
LegalCopyright : Copyright 1998-2004
OriginalFilename : YPager.exe

#:35 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2984
ThreadCreationTime : 6/30/2005 9:11:54 PM
BasePriority : Normal


#:36 [nmain.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 3944
ThreadCreationTime : 6/30/2005 9:34:14 PM
BasePriority : Normal
FileVersion : 6.5.610
ProductVersion : 6.5.610
ProductName : Symantec Integrator
CompanyName : Symantec Corporation
FileDescription : Symantec Integrator
InternalName : Symantec Integrator
LegalCopyright : Copyright © 1997-2003 Symantec Corporation
OriginalFilename : NMAIN.EXE

#:37 [navw32.exe]
FilePath : C:\PROGRA~1\NORTON~1\
ProcessID : 3412
ThreadCreationTime : 6/30/2005 9:34:32 PM
BasePriority : Normal
FileVersion : 10.00.3
ProductVersion : 10.00.3
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Scanner Module
InternalName : Navw32
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : Navw32.exe

#:38 [navw32.exe]
FilePath : C:\PROGRA~1\NORTON~1\
ProcessID : 1980
ThreadCreationTime : 6/30/2005 9:35:29 PM
BasePriority : Normal
FileVersion : 10.00.3
ProductVersion : 10.00.3
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Scanner Module
InternalName : Navw32
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : Navw32.exe

#:39 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 2668
ThreadCreationTime : 6/30/2005 9:54:08 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:40 [kkeegqq.exe]
FilePath : c:\windows\system32\
ProcessID : 2228
ThreadCreationTime : 6/30/2005 9:59:37 PM
BasePriority : Normal
FileVersion : 1, 1, 0, 3
ProductVersion : 0, 0, 7, 0

#:41 [wnmps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 384
ThreadCreationTime : 6/30/2005 10:01:47 PM
BasePriority : Normal


#:42 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 484
ThreadCreationTime : 6/30/2005 10:09:19 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:43 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 3280
ThreadCreationTime : 6/30/2005 10:09:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUC3n5tFyl

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 18
Objects found so far: 19


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>
6:10:16 PM Scan stopped by user

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:20.265
Objects scanned:51490
Objects identified:18
Objects ignored:0
New critical objects:18


thank you so much for helping in advance!!!
  • 0

Advertisements

#2
don77
Posted 30 June 2005 - 07:41 PM

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP