Ad-Aware SE Build 1.06r1
Logfile Created on:Thursday, June 30, 2005 6:09:56 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R52 30.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2(TAC index:10):19 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
6/30/2005 6:09:56 PM - Scan started. (Smart mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 540
ThreadCreationTime : 6/30/2005 9:06:25 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 596
ThreadCreationTime : 6/30/2005 9:06:28 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 620
ThreadCreationTime : 6/30/2005 9:06:29 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 664
ThreadCreationTime : 6/30/2005 9:06:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 6/30/2005 9:06:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 852
ThreadCreationTime : 6/30/2005 9:06:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 920
ThreadCreationTime : 6/30/2005 9:06:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 960
ThreadCreationTime : 6/30/2005 9:06:31 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [acs.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1032
ThreadCreationTime : 6/30/2005 9:06:32 PM
BasePriority : Normal
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1144
ThreadCreationTime : 6/30/2005 9:06:32 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1216
ThreadCreationTime : 6/30/2005 9:06:33 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:12 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1528
ThreadCreationTime : 6/30/2005 9:06:35 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe
#:13 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1560
ThreadCreationTime : 6/30/2005 9:06:35 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe
#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1740
ThreadCreationTime : 6/30/2005 9:06:36 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll
#:15 [ceepwrsvc.exe]
FilePath : C:\Program Files\Toshiba\Power Management\
ProcessID : 1836
ThreadCreationTime : 6/30/2005 9:06:36 PM
BasePriority : Normal
FileVersion : 1, 1, 0, 1
ProductVersion : 1, 1, 0, 1
ProductName : CeEPwrSvc Module
CompanyName : COMPAL ELECTRONIC INC.
FileDescription : CeEPwrSvc Module
InternalName : CeEPwrSvc
LegalCopyright : Copyright 2002-2004 Compal Electronic Inc.
OriginalFilename : CeEPwrSvc.EXE
Comments : James Kang
#:16 [cfsvcs.exe]
FilePath : C:\Program Files\TOSHIBA\ConfigFree\
ProcessID : 1848
ThreadCreationTime : 6/30/2005 9:06:36 PM
BasePriority : Normal
FileVersion : 5, 0, 0, 7
ProductVersion : 5, 0, 0, 0
ProductName : ConfigFree
CompanyName : TOSHIBA CORPORATION
FileDescription : Service of ConfigFree.
InternalName : CFSvcs.exe
LegalCopyright : Copyright © 2003 TOSHIBA CORPORATION. All rights reserved.
LegalTrademarks : ConfigFree
OriginalFilename : CFSvcs.exe
Comments : Service of ConfigFree.
#:17 [dvdramsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1872
ThreadCreationTime : 6/30/2005 9:06:36 PM
BasePriority : Normal
FileVersion : 2, 0, 7, 0
ProductVersion : 2, 0, 7, 0
CompanyName : Matsushita Electric Industrial Co., Ltd.
FileDescription : Service of RAMAsst for Windows XP
LegalCopyright : Copyright © Matsushita Electric Industrial Co., Ltd. 2002 - 2003
OriginalFilename : DVDRAMSV.EXE
#:18 [apache.exe]
FilePath : C:\EMU\apache\
ProcessID : 1892
ThreadCreationTime : 6/30/2005 9:06:36 PM
BasePriority : Normal
#:19 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1928
ThreadCreationTime : 6/30/2005 9:06:37 PM
BasePriority : Normal
FileVersion : 10.00.3
ProductVersion : 10.00.3
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE
#:20 [savscan.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1976
ThreadCreationTime : 6/30/2005 9:06:37 PM
BasePriority : Normal
FileVersion : 9.2.1.14
ProductVersion : 9.2
ProductName : Symantec AntiVirus AutoProtect
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus Scanner
InternalName : SAVSCAN
LegalCopyright : Copyright © 2003 Symantec Corporation
OriginalFilename : SAVSCAN.EXE
#:21 [swupdtmr.exe]
FilePath : c:\TOSHIBA\Ivp\Swupdate\
ProcessID : 200
ThreadCreationTime : 6/30/2005 9:06:37 PM
BasePriority : Normal
#:22 [apache.exe]
FilePath : C:\EMU\apache\
ProcessID : 232
ThreadCreationTime : 6/30/2005 9:06:38 PM
BasePriority : Normal
#:23 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 500
ThreadCreationTime : 6/30/2005 9:06:43 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe
#:24 [perl.exe]
FilePath : C:\EMU\perl\bin\
ProcessID : 1248
ThreadCreationTime : 6/30/2005 9:06:43 PM
BasePriority : Normal
FileVersion : 5,6,1,633
ProductVersion : Build 633
ProductName : ActivePerl
CompanyName : ActiveState Tool Corp.
FileDescription : Perl Command Line Interpreter
InternalName : Perl.exe
LegalCopyright : Copyright 1987-2001, Larry Wall, Binary build by ActiveState Tool Corp., http://www.ActiveState.com
OriginalFilename : Perl.exe
#:25 [perl.exe]
FilePath : C:\EMU\perl\bin\
ProcessID : 1304
ThreadCreationTime : 6/30/2005 9:06:44 PM
BasePriority : Normal
FileVersion : 5,6,1,633
ProductVersion : Build 633
ProductName : ActivePerl
CompanyName : ActiveState Tool Corp.
FileDescription : Perl Command Line Interpreter
InternalName : Perl.exe
LegalCopyright : Copyright 1987-2001, Larry Wall, Binary build by ActiveState Tool Corp., http://www.ActiveState.com
OriginalFilename : Perl.exe
#:26 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 2264
ThreadCreationTime : 6/30/2005 9:06:50 PM
BasePriority : Normal
FileVersion : 1.04.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions
#:27 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 2456
ThreadCreationTime : 6/30/2005 9:06:53 PM
BasePriority : Normal
FileVersion : 2.1.6.3
ProductVersion : 2.1.6.3
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe
#:28 [connectionmanager.exe]
FilePath : C:\Program Files\SBC Yahoo!\Connection Manager\
ProcessID : 2540
ThreadCreationTime : 6/30/2005 9:06:54 PM
BasePriority : Normal
FileVersion : 2.0.1.3131
ProductVersion : 2.0.1.3131
ProductName : SBC Yahoo! Dial
CompanyName : SBC Yahoo!
FileDescription : SBC Yahoo! Connection Manager
InternalName : CONNECTIONMANAGER
LegalCopyright : Copyright © 2002 SBC Yahoo!
LegalTrademarks : Copyright © 2002 SBC Yahoo!
OriginalFilename : CONNECTIONMANAGER.EXE
#:29 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3568
ThreadCreationTime : 6/30/2005 9:07:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:30 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 3608
ThreadCreationTime : 6/30/2005 9:07:07 PM
BasePriority : Normal
FileVersion : 5.9.3797
ProductVersion : 5.9.3797
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE
#:31 [weather.exe]
FilePath : C:\PROGRA~1\AWS\WEATHE~1\
ProcessID : 3616
ThreadCreationTime : 6/30/2005 9:07:07 PM
BasePriority : Normal
FileVersion : 6, 4, 0, 9
ProductVersion : 6, 4, 0, 9
ProductName : WeatherBug
CompanyName : AWS Convergence Technologies, Inc.
FileDescription : WeatherBug
InternalName : Desktop Weather
LegalCopyright : Copyright © 2001-2004
LegalTrademarks : WeatherBug
OriginalFilename : Weather.exe
Comments : World Largest Weather Network
#:32 [actalert.exe]
FilePath : C:\Program Files\Internet Optimizer\
ProcessID : 3648
ThreadCreationTime : 6/30/2005 9:07:07 PM
BasePriority : Normal
#:33 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 3700
ThreadCreationTime : 6/30/2005 9:07:08 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright © Microsoft Corporation 2004
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe
#:34 [ypager.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 3116
ThreadCreationTime : 6/30/2005 9:08:27 PM
BasePriority : Normal
FileVersion : 6,0,0,1750
ProductVersion : 6,0,0,1750
ProductName : Yahoo! Messenger
CompanyName : Yahoo! Inc.
FileDescription : Yahoo! Messenger
InternalName : Yahoo! Messengerr
LegalCopyright : Copyright 1998-2004
OriginalFilename : YPager.exe
#:35 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2984
ThreadCreationTime : 6/30/2005 9:11:54 PM
BasePriority : Normal
#:36 [nmain.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 3944
ThreadCreationTime : 6/30/2005 9:34:14 PM
BasePriority : Normal
FileVersion : 6.5.610
ProductVersion : 6.5.610
ProductName : Symantec Integrator
CompanyName : Symantec Corporation
FileDescription : Symantec Integrator
InternalName : Symantec Integrator
LegalCopyright : Copyright © 1997-2003 Symantec Corporation
OriginalFilename : NMAIN.EXE
#:37 [navw32.exe]
FilePath : C:\PROGRA~1\NORTON~1\
ProcessID : 3412
ThreadCreationTime : 6/30/2005 9:34:32 PM
BasePriority : Normal
FileVersion : 10.00.3
ProductVersion : 10.00.3
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Scanner Module
InternalName : Navw32
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : Navw32.exe
#:38 [navw32.exe]
FilePath : C:\PROGRA~1\NORTON~1\
ProcessID : 1980
ThreadCreationTime : 6/30/2005 9:35:29 PM
BasePriority : Normal
FileVersion : 10.00.3
ProductVersion : 10.00.3
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Scanner Module
InternalName : Navw32
LegalCopyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright © 2003 Symantec Corporation. All rights reserved.
OriginalFilename : Navw32.exe
#:39 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 2668
ThreadCreationTime : 6/30/2005 9:54:08 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:40 [kkeegqq.exe]
FilePath : c:\windows\system32\
ProcessID : 2228
ThreadCreationTime : 6/30/2005 9:59:37 PM
BasePriority : Normal
FileVersion : 1, 1, 0, 3
ProductVersion : 0, 0, 7, 0
#:41 [wnmps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 384
ThreadCreationTime : 6/30/2005 10:01:47 PM
BasePriority : Normal
#:42 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 484
ThreadCreationTime : 6/30/2005 10:09:19 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:43 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 3280
ThreadCreationTime : 6/30/2005 10:09:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUC3n5trMsgSDisp
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUs3t5icky1S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUs3t5icky2S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUs3t5icky3S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUs3t5icky4S
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUC1o3d5eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUT3i5m7eOfSFinalAd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUD3s5tSSEnd
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AU3N5a7tionSCode
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUP3D5om
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUT3h5rshSCheckSIn
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUT3h5rshSMots
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUM3o5deSSync
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUI3n5ProgSCab
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUI3n5ProgSEx
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUI3n5ProgSLstest
VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-3590224246-2872811469-4186359548-1006\software\aurora
Value : AUC3n5tFyl
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 18
Objects found so far: 19
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
<STOP>
6:10:16 PM Scan stopped by user
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:00:20.265
Objects scanned:51490
Objects identified:18
Objects ignored:0
New critical objects:18
thank you so much for helping in advance!!!