Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Problems with Aurora Popups! PLZ HELP

Started by Askyahgurrrlboutme , May 12 2005 01:53 PM

  • This topic is locked This topic is locked

#1
Askyahgurrrlboutme
Posted 12 May 2005 - 01:53 PM

Askyahgurrrlboutme

    New Member

  • Member
  • Pip
  • 6 posts
:tazz: MY LOG FILE

Ad-Aware SE Build 1.05
Logfile Created on:12 May 2005 20:29:43
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Other(TAC index:5):1 total references
Tracking Cookie(TAC index:3):21 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):46 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:26 %
Total physical memory:195568 kb
Available physical memory:50436 kb
Total page file size:870688 kb
Available on page file:649512 kb
Total virtual memory:2097024 kb
Available virtual memory:2046660 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


12/05/2005 20:29:43 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 576
ThreadCreationTime : 12/05/2005 18:56:26
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 632
ThreadCreationTime : 12/05/2005 18:56:28
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 664
ThreadCreationTime : 12/05/2005 18:56:29
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 708
ThreadCreationTime : 12/05/2005 18:56:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 720
ThreadCreationTime : 12/05/2005 18:56:29
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 868
ThreadCreationTime : 12/05/2005 18:56:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 924
ThreadCreationTime : 12/05/2005 18:56:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1012
ThreadCreationTime : 12/05/2005 18:56:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 1072
ThreadCreationTime : 12/05/2005 18:56:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1268
ThreadCreationTime : 12/05/2005 18:56:31
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1488
ThreadCreationTime : 12/05/2005 18:56:32
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
Warning! VX2 Object found in memory(C:\WINDOWS\system32\DrPMon.dll)

VX2 Object Recognized!
Type : Process
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


#:12 [defwatch.exe]
ModuleName : C:\Program Files\NavNT\defwatch.exe
Command Line : "C:\Program Files\NavNT\defwatch.exe"
ProcessID : 1600
ThreadCreationTime : 12/05/2005 18:56:34
BasePriority : Normal
FileVersion : 7.61.00.935
ProductVersion : 7.61.00.935
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:13 [hpconfig.exe]
ModuleName : C:\WINDOWS\system32\HPConfig.exe
Command Line : C:\WINDOWS\system32\HPConfig.exe
ProcessID : 1636
ThreadCreationTime : 12/05/2005 18:56:34
BasePriority : Normal
FileVersion : 3, 0, 1, 8
ProductVersion : 3, 0, 1, 8
ProductName : HPConfig Module
CompanyName : Hewlett-Packard
FileDescription : HPConfig Module
InternalName : HPConfig
LegalCopyright : Hewlett-Packard Copyright © 1999-2002
OriginalFilename : HPConfig.EXE
Comments : HP Configuration Interface Service

#:14 [hpwirelessmgr.exe]
ModuleName : C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
Command Line : "C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe"
ProcessID : 1648
ThreadCreationTime : 12/05/2005 18:56:34
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : HPWirelessMgr Module
CompanyName : Hewlett-Packard Co.
FileDescription : HPWirelessMgr Module
InternalName : HPWirelessMgr
LegalCopyright : Hewlett-Packard Copyright 2002
OriginalFilename : HPWirelessMgr.EXE
Comments : HP Wireless On/Off Button Service

#:15 [logwatnt.exe]
ModuleName : C:\WINDOWS\LogWatNT.exe
Command Line : C:\WINDOWS\LogWatNT.exe
ProcessID : 1676
ThreadCreationTime : 12/05/2005 18:56:34
BasePriority : Normal


#:16 [rtvscan.exe]
ModuleName : C:\Program Files\NavNT\rtvscan.exe
Command Line : "C:\Program Files\NavNT\rtvscan.exe"
ProcessID : 1708
ThreadCreationTime : 12/05/2005 18:56:34
BasePriority : Normal
FileVersion : 7.61.00.935
ProductVersion : 7.61.00.935
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2001

#:17 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1948
ThreadCreationTime : 12/05/2005 18:56:35
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:18 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 404
ThreadCreationTime : 12/05/2005 18:56:38
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:19 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 208
ThreadCreationTime : 12/05/2005 19:00:47
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [atiptaxx.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 520
ThreadCreationTime : 12/05/2005 19:01:01
BasePriority : Normal
FileVersion : 6.14.10.4000
ProductVersion : 6.14.10.4000
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:21 [carpserv.exe]
ModuleName : C:\WINDOWS\system32\carpserv.exe
Command Line : "C:\WINDOWS\system32\carpserv.exe"
ProcessID : 260
ThreadCreationTime : 12/05/2005 19:01:03
BasePriority : Normal
FileVersion : 6.02.05
ProductVersion : 6.02.05
ProductName : SoftK56 Modem Driver
CompanyName : Conexant Systems, Inc.
FileDescription : carpserv
InternalName : carpserv
LegalCopyright : Copyright© Conexant Systems, Inc. 2003
OriginalFilename : carpserv.exe

#:22 [onetouch.exe]
ModuleName : C:\Program Files\HPQ\One-Touch\OneTouch.EXE
Command Line : "C:\Program Files\HPQ\One-Touch\OneTouch.EXE"
ProcessID : 1764
ThreadCreationTime : 12/05/2005 19:01:07
BasePriority : Normal
FileVersion : 1.6.8.0
ProductVersion : 1.6.8.0
ProductName : Dritek System Inc. OneTouch 01.30.2003 ( VC60 )
CompanyName : Dritek System Inc.
FileDescription : One-Touch
InternalName : OneTouch
LegalCopyright : Copyright © 2003 Dritek System Inc.
OriginalFilename : OneTouch.exe

#:23 [vptray.exe]
ModuleName : C:\Program Files\NavNT\vptray.exe
Command Line : "C:\Program Files\NavNT\vptray.exe"
ProcessID : 1396
ThreadCreationTime : 12/05/2005 19:01:07
BasePriority : Normal
FileVersion : 7.61.00.935
ProductVersion : 7.61.00.935
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2001

#:24 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\Rundll32.exe
Command Line : "C:\WINDOWS\system32\Rundll32.exe" C:\WINDOWS\DOWNLO~1\AxFilter.dll,Rundll32
ProcessID : 1132
ThreadCreationTime : 12/05/2005 19:01:08
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:25 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 1572
ThreadCreationTime : 12/05/2005 19:01:10
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:26 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
ProcessID : 1756
ThreadCreationTime : 12/05/2005 19:01:11
BasePriority : Normal


#:27 [datala~1.exe]
ModuleName : C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
Command Line : "C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE"
ProcessID : 1228
ThreadCreationTime : 12/05/2005 19:01:16
BasePriority : Normal
FileVersion : 5, 0, 2, 56
ProductVersion : 5, 0
ProductName : Nokia PC Suite
CompanyName : Nokia Mobile Phones Ltd.
FileDescription : DataLayer 2.0 Module
InternalName : DataLayer 2.0
LegalCopyright : Copyright © 2004. Nokia. All rights reserved.
OriginalFilename : DataLayer.exe

#:28 [trayap~1.exe]
ModuleName : C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
Command Line : "C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE"
ProcessID : 2156
ThreadCreationTime : 12/05/2005 19:01:20
BasePriority : Normal
FileVersion : 1, 0, 0, 22
ProductVersion : 1, 0, 0, 0
ProductName : Nokia Tray Application
FileDescription : Nokia Tray Application
InternalName : Nokia Tray Application
LegalCopyright : Copyright © 2001 - 2004 Nokia. All Rights Reserved.
OriginalFilename : TrayApplication.EXE

#:29 [devdet~1.exe]
ModuleName : C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
Command Line : "C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE" -autorun
ProcessID : 2232
ThreadCreationTime : 12/05/2005 19:01:24
BasePriority : Normal
FileVersion : 1, 3, 2, 1
ProductVersion : 1, 3, 2, 1
ProductName : Device Detector
CompanyName : ACD Systems, Ltd.
FileDescription : Device Detector
InternalName : DevDetect
LegalCopyright : Copyright © 2002
OriginalFilename : DevDetect.exe

#:30 [servic~1.exe]
ModuleName : C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
Command Line : C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE -Embedding
ProcessID : 2376
ThreadCreationTime : 12/05/2005 19:01:27
BasePriority : Normal
FileVersion : 6, 0, 1, 7
ProductVersion : 6.0
ProductName : Nokia Connectivity Library
CompanyName : Nokia.
FileDescription : ServiceLayer Module
InternalName : ServiceLayer
LegalCopyright : Copyright © 2002-2004 Nokia. All Rights Reserved.
OriginalFilename : ServiceLayer.exe

#:31 [winampa.exe]
ModuleName : C:\Program Files\Winamp\winampa.exe
Command Line : "C:\Program Files\Winamp\winampa.exe"
ProcessID : 2404
ThreadCreationTime : 12/05/2005 19:01:29
BasePriority : Normal


#:32 [viewmgr.exe]
ModuleName : C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Command Line : "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
ProcessID : 2424
ThreadCreationTime : 12/05/2005 19:01:30
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager

#:33 [winpatrol.exe]
ModuleName : C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
Command Line : "C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe"
ProcessID : 2616
ThreadCreationTime : 12/05/2005 19:01:38
BasePriority : Normal
FileVersion : 9, 1, 0, 0
ProductVersion : 9.1.0.0
ProductName : WinPatrol Monitor
CompanyName : BillP Studios
FileDescription : WinPatrol System Monitor
InternalName : WinPatrol Monitor
LegalCopyright : Copyright © 1997- 2005 BillP Studios
OriginalFilename : Scotty
Comments : Let Scotty the Windows Watchdog patrol your system.

#:34 [uffned.exe]
ModuleName : c:\windows\system32\uffned.exe
Command Line : "c:\windows\system32\uffned.exe" siiesxd
ProcessID : 2696
ThreadCreationTime : 12/05/2005 19:01:42
BasePriority : Normal
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.

#:35 [minimavis.exe]
ModuleName : C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\MiniMavis.exe
Command Line : "C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\MiniMavis.exe" Main
ProcessID : 556
ThreadCreationTime : 12/05/2005 19:02:35
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : Mavis Beacon Personal Coach v 2.0
CompanyName : TLC Education Properties LLC
FileDescription : Mavis Beacon Personal Coach v 2.0
InternalName : MINIMAVIS
LegalCopyright : Copyright © 2001 TLC Education Properties LLC
OriginalFilename : MiniMavis.exe

#:36 [ymsgr_tray.exe]
ModuleName : C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
Command Line : "C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe" -ymsgr
ProcessID : 1140
ThreadCreationTime : 12/05/2005 19:02:38
BasePriority : Normal


#:37 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3052
ThreadCreationTime : 12/05/2005 19:20:38
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUL3a5stMotsSDay

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUL3a5stSSChckin

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUS3t5atusOfSInst

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 30
Objects found so far: 31


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 31


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@valueclick[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:monty [email protected]/
Expires : 05/05/2030 22:37:22
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty [email protected][2].txt
Category : Data Miner
Comment : Hits:31
Value : Cookie:monty [email protected]/
Expires : 11/06/2005 19:15:48
LastSync : Hits:31
UseCount : 0
Hits : 31

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@trafficmp[2].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:monty [email protected]/
Expires : 12/05/2006 04:06:38
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@zedo[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:monty [email protected]/
Expires : 11/06/2005 15:45:50
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@doubleclick[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:monty [email protected]/
Expires : 12/05/2005 18:51:46
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@statcounter[1].txt
Category : Data Miner
Comment : Hits:9
Value : Cookie:monty [email protected]/
Expires : 11/05/2010 02:20:36
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@2o7[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:monty [email protected]/
Expires : 11/05/2010 15:36:50
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@0[2].txt
Category : Data Miner
Comment : Hits:26
Value : Cookie:monty [email protected]/HTM/454/0
Expires : 12/05/2006 16:55:44
LastSync : Hits:26
UseCount : 0
Hits : 26

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@0[1].txt
Category : Data Miner
Comment : Hits:14
Value : Cookie:monty [email protected]/HTM/454/0
Expires : 12/05/2006 16:55:42
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@realmedia[2].txt
Category : Data Miner
Comment : Hits:33
Value : Cookie:monty [email protected]/
Expires : 01/01/2021 01:00:00
LastSync : Hits:33
UseCount : 0
Hits : 33

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@pro-market[2].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:monty [email protected]/
Expires : 01/06/2030 01:00:00
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@fastclick[2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:monty [email protected]/
Expires : 12/05/2007 17:10:22
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty [email protected][1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:monty [email protected]/
Expires : 10/06/2005 17:00:36
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@advertising[1].txt
Category : Data Miner
Comment : Hits:46
Value : Cookie:monty [email protected]/
Expires : 11/05/2010 18:34:26
LastSync : Hits:46
UseCount : 0
Hits : 46

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty [email protected][2].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:monty [email protected]/
Expires : 01/03/2007 01:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@atdmt[2].txt
Category : Data Miner
Comment : Hits:10
Value : Cookie:monty [email protected]/
Expires : 10/05/2010 01:00:00
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@tribalfusion[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:monty [email protected]/
Expires : 01/01/2038 01:00:00
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@mediaplex[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:monty [email protected]/
Expires : 22/06/2009 01:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty [email protected][2].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:monty [email protected]/
Expires : 10/05/2015 15:36:52
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@bluestreak[1].txt
Category : Data Miner
Comment : Hits:4
Value : Cookie:monty [email protected]/
Expires : 09/05/2015 23:47:28
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : monty python@casalemedia[1].txt
Category : Data Miner
Comment : Hits:17
Value : Cookie:monty [email protected]/
Expires : 03/05/2006 13:10:24
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 21
Objects found so far: 52



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : temp.frD903
Category : Malware
Comment :
Object : C:\Documents and Settings\Monty Python\Local Settings\Temp\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


VX2 Object Recognized!
Type : File
Data : DrPMon[1].dll
Category : Malware
Comment :
Object : C:\Documents and Settings\Monty Python\Local Settings\Temporary Internet Files\Content.IE5\WTQRS1IR\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


VX2 Object Recognized!
Type : File
Data : A0067900.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{ECE6783C-4731-4A3B-A1F9-4762C25FC599}\RP208\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


VX2 Object Recognized!
Type : File
Data : A0067911.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{ECE6783C-4731-4A3B-A1F9-4762C25FC599}\RP208\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0067921.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{ECE6783C-4731-4A3B-A1F9-4762C25FC599}\RP208\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0068920.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{ECE6783C-4731-4A3B-A1F9-4762C25FC599}\RP209\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0068944.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{ECE6783C-4731-4A3B-A1F9-4762C25FC599}\RP209\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0068961.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{ECE6783C-4731-4A3B-A1F9-4762C25FC599}\RP209\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0068962.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{ECE6783C-4731-4A3B-A1F9-4762C25FC599}\RP209\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0069026.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{ECE6783C-4731-4A3B-A1F9-4762C25FC599}\RP209\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : DrPMon.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


VX2 Object Recognized!
Type : File
Data : ecfggb.exe
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 64


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 64


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 64




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\control\print\monitors\zepmon
Value : Driver

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\control\print\monitors\zepmon
Value : Driver

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 69

20:43:19 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:36.44
Objects scanned:112994
Objects identified:68
Objects ignored:0
New critical objects:68
  • 0

Advertisements

#2
Guest_Andy_veal_*
Posted 12 May 2005 - 03:58 PM

Guest_Andy_veal_*
  • Guest
Hello and Welcome

Ad-aware has found objects on your computer

If you chose to clean your computer from what Ad-aware found please follow these instructions below…

Please make sure that you are using the * SE1R44 10.05.2005 * definition file.


Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied.

Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion".

Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running.

Please then boot into Safe Mode

To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder):

Please run CCleaner to assist in this process.
Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!)

* C:\Windows\Temp\
* C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies.
* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\
* Empty your "Recycle Bin".

Please run Ad-Aware SE from the command lines shown in the instructions shown below.

Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown)

"C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke
(For the Professional version)

"C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke
(For the Plus version)

"C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke
(For the Personal version)


Click OK.

Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to.

When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK.

If problems are caused by deleting a family, please leave it.

Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time.

Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile.

Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type.

Please post back here

Good luck

Andy
  • 0

#3
Askyahgurrrlboutme
Posted 13 May 2005 - 06:12 AM

Askyahgurrrlboutme

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Aurora Problem

Did everything you said...it's still poppin up...

Ad-Aware SE Build 1.05
Logfile Created on:13 May 2005 12:40:50
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R44 10.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Windows(TAC index:3):1 total references
VX2(TAC index:10):22 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R44 10.05.2005
Internal build : 52
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 470885 Bytes
Total size : 1423894 Bytes
Signature data size : 1392940 Bytes
Reference data size : 30442 Bytes
Signatures total : 39753
Fingerprints total : 872
Fingerprints size : 29756 Bytes
Target categories : 15
Target families : 668


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:12 %
Total physical memory:195568 kb
Available physical memory:21544 kb
Total page file size:870688 kb
Available on page file:637144 kb
Total virtual memory:2097024 kb
Available virtual memory:2048232 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Write-protect system files after repair (Hosts file, etc.)
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Play sound at scan completion if scan locates critical objects


13-05-2005 12:40:50 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 512
ThreadCreationTime : 13-05-2005 11:13:57
BasePriority : Normal


#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 576
ThreadCreationTime : 13-05-2005 11:13:59
BasePriority : Normal


#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 600
ThreadCreationTime : 13-05-2005 11:14:00
BasePriority : High


#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 644
ThreadCreationTime : 13-05-2005 11:14:01
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 656
ThreadCreationTime : 13-05-2005 11:14:01
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 800
ThreadCreationTime : 13-05-2005 11:14:01
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 884
ThreadCreationTime : 13-05-2005 11:14:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 920
ThreadCreationTime : 13-05-2005 11:14:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService
ProcessID : 968
ThreadCreationTime : 13-05-2005 11:14:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService
ProcessID : 1096
ThreadCreationTime : 13-05-2005 11:14:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1264
ThreadCreationTime : 13-05-2005 11:14:03
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [defwatch.exe]
ModuleName : C:\Program Files\NavNT\defwatch.exe
Command Line : "C:\Program Files\NavNT\defwatch.exe"
ProcessID : 1372
ThreadCreationTime : 13-05-2005 11:14:04
BasePriority : Normal
FileVersion : 7.61.00.935
ProductVersion : 7.61.00.935
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:13 [hpconfig.exe]
ModuleName : C:\WINDOWS\system32\HPConfig.exe
Command Line : C:\WINDOWS\system32\HPConfig.exe
ProcessID : 1400
ThreadCreationTime : 13-05-2005 11:14:04
BasePriority : Normal
FileVersion : 3, 0, 1, 8
ProductVersion : 3, 0, 1, 8
ProductName : HPConfig Module
CompanyName : Hewlett-Packard
FileDescription : HPConfig Module
InternalName : HPConfig
LegalCopyright : Hewlett-Packard Copyright © 1999-2002
OriginalFilename : HPConfig.EXE
Comments : HP Configuration Interface Service

#:14 [hpwirelessmgr.exe]
ModuleName : C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
Command Line : "C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe"
ProcessID : 1420
ThreadCreationTime : 13-05-2005 11:14:05
BasePriority : Normal
FileVersion : 1, 0, 0, 7
ProductVersion : 1, 0, 0, 7
ProductName : HPWirelessMgr Module
CompanyName : Hewlett-Packard Co.
FileDescription : HPWirelessMgr Module
InternalName : HPWirelessMgr
LegalCopyright : Hewlett-Packard Copyright 2002
OriginalFilename : HPWirelessMgr.EXE
Comments : HP Wireless On/Off Button Service

#:15 [logwatnt.exe]
ModuleName : C:\WINDOWS\LogWatNT.exe
Command Line : C:\WINDOWS\LogWatNT.exe
ProcessID : 1452
ThreadCreationTime : 13-05-2005 11:14:05
BasePriority : Normal


#:16 [rtvscan.exe]
ModuleName : C:\Program Files\NavNT\rtvscan.exe
Command Line : "C:\Program Files\NavNT\rtvscan.exe"
ProcessID : 1492
ThreadCreationTime : 13-05-2005 11:14:05
BasePriority : Normal
FileVersion : 7.61.00.935
ProductVersion : 7.61.00.935
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2001

#:17 [wdfmgr.exe]
ModuleName : C:\WINDOWS\System32\wdfmgr.exe
Command Line : C:\WINDOWS\System32\wdfmgr.exe
ProcessID : 1664
ThreadCreationTime : 13-05-2005 11:14:05
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:18 [alg.exe]
ModuleName : C:\WINDOWS\System32\alg.exe
Command Line : C:\WINDOWS\System32\alg.exe
ProcessID : 1948
ThreadCreationTime : 13-05-2005 11:14:11
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:19 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1212
ThreadCreationTime : 13-05-2005 11:14:22
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:20 [atiptaxx.exe]
ModuleName : C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Command Line : "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
ProcessID : 620
ThreadCreationTime : 13-05-2005 11:14:36
BasePriority : Normal
FileVersion : 6.14.10.4000
ProductVersion : 6.14.10.4000
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:21 [carpserv.exe]
ModuleName : C:\WINDOWS\system32\carpserv.exe
Command Line : "C:\WINDOWS\system32\carpserv.exe"
ProcessID : 944
ThreadCreationTime : 13-05-2005 11:14:37
BasePriority : Normal
FileVersion : 6.02.05
ProductVersion : 6.02.05
ProductName : SoftK56 Modem Driver
CompanyName : Conexant Systems, Inc.
FileDescription : carpserv
InternalName : carpserv
LegalCopyright : Copyright© Conexant Systems, Inc. 2003
OriginalFilename : carpserv.exe

#:22 [onetouch.exe]
ModuleName : C:\Program Files\HPQ\One-Touch\OneTouch.EXE
Command Line : "C:\Program Files\HPQ\One-Touch\OneTouch.EXE"
ProcessID : 980
ThreadCreationTime : 13-05-2005 11:14:38
BasePriority : Normal
FileVersion : 1.6.8.0
ProductVersion : 1.6.8.0
ProductName : Dritek System Inc. OneTouch 01.30.2003 ( VC60 )
CompanyName : Dritek System Inc.
FileDescription : One-Touch
InternalName : OneTouch
LegalCopyright : Copyright © 2003 Dritek System Inc.
OriginalFilename : OneTouch.exe

#:23 [vptray.exe]
ModuleName : C:\Program Files\NavNT\vptray.exe
Command Line : "C:\Program Files\NavNT\vptray.exe"
ProcessID : 1004
ThreadCreationTime : 13-05-2005 11:14:39
BasePriority : Normal
FileVersion : 7.61.00.935
ProductVersion : 7.61.00.935
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2001

#:24 [rundll32.exe]
ModuleName : C:\WINDOWS\system32\Rundll32.exe
Command Line : "C:\WINDOWS\system32\Rundll32.exe" C:\WINDOWS\DOWNLO~1\AxFilter.dll,Rundll32
ProcessID : 1000
ThreadCreationTime : 13-05-2005 11:14:39
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:25 [qttask.exe]
ModuleName : C:\Program Files\QuickTime\qttask.exe
Command Line : "C:\Program Files\QuickTime\qttask.exe" -atboottime
ProcessID : 700
ThreadCreationTime : 13-05-2005 11:14:40
BasePriority : Normal
FileVersion : 6.4
ProductVersion : QuickTime 6.4
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2003
OriginalFilename : QTTask.exe

#:26 [msnappau.exe]
ModuleName : C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
Command Line : "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
ProcessID : 1920
ThreadCreationTime : 13-05-2005 11:14:41
BasePriority : Normal


#:27 [datala~1.exe]
ModuleName : C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
Command Line : "C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE"
ProcessID : 1304
ThreadCreationTime : 13-05-2005 11:14:45
BasePriority : Normal
FileVersion : 5, 0, 2, 56
ProductVersion : 5, 0
ProductName : Nokia PC Suite
CompanyName : Nokia Mobile Phones Ltd.
FileDescription : DataLayer 2.0 Module
InternalName : DataLayer 2.0
LegalCopyright : Copyright © 2004. Nokia. All rights reserved.
OriginalFilename : DataLayer.exe

#:28 [trayap~1.exe]
ModuleName : C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
Command Line : "C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE"
ProcessID : 1368
ThreadCreationTime : 13-05-2005 11:14:46
BasePriority : Normal
FileVersion : 1, 0, 0, 22
ProductVersion : 1, 0, 0, 0
ProductName : Nokia Tray Application
FileDescription : Nokia Tray Application
InternalName : Nokia Tray Application
LegalCopyright : Copyright © 2001 - 2004 Nokia. All Rights Reserved.
OriginalFilename : TrayApplication.EXE

#:29 [devdet~1.exe]
ModuleName : C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
Command Line : "C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE" -autorun
ProcessID : 1296
ThreadCreationTime : 13-05-2005 11:14:46
BasePriority : Normal
FileVersion : 1, 3, 2, 1
ProductVersion : 1, 3, 2, 1
ProductName : Device Detector
CompanyName : ACD Systems, Ltd.
FileDescription : Device Detector
InternalName : DevDetect
LegalCopyright : Copyright © 2002
OriginalFilename : DevDetect.exe

#:30 [winampa.exe]
ModuleName : C:\Program Files\Winamp\winampa.exe
Command Line : "C:\Program Files\Winamp\winampa.exe"
ProcessID : 1028
ThreadCreationTime : 13-05-2005 11:14:48
BasePriority : Normal


#:31 [viewmgr.exe]
ModuleName : C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Command Line : "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe"
ProcessID : 1820
ThreadCreationTime : 13-05-2005 11:14:48
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager

#:32 [winpatrol.exe]
ModuleName : C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
Command Line : "C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe"
ProcessID : 1868
ThreadCreationTime : 13-05-2005 11:14:49
BasePriority : Normal
FileVersion : 9, 1, 0, 0
ProductVersion : 9.1.0.0
ProductName : WinPatrol Monitor
CompanyName : BillP Studios
FileDescription : WinPatrol System Monitor
InternalName : WinPatrol Monitor
LegalCopyright : Copyright © 1997- 2005 BillP Studios
OriginalFilename : Scotty
Comments : Let Scotty the Windows Watchdog patrol your system.

#:33 [jusched.exe]
ModuleName : C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
Command Line : "C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe"
ProcessID : 2052
ThreadCreationTime : 13-05-2005 11:14:49
BasePriority : Normal


#:34 [minimavis.exe]
ModuleName : C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\MiniMavis.exe
Command Line : "C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 12 Deluxe\MiniMavis.exe" Main
ProcessID : 2136
ThreadCreationTime : 13-05-2005 11:14:53
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 2, 0, 0, 1
ProductName : Mavis Beacon Personal Coach v 2.0
CompanyName : TLC Education Properties LLC
FileDescription : Mavis Beacon Personal Coach v 2.0
InternalName : MINIMAVIS
LegalCopyright : Copyright © 2001 TLC Education Properties LLC
OriginalFilename : MiniMavis.exe

#:35 [limewire.exe]
ModuleName : C:\Program Files\LimeWire\LimeWire.exe
Command Line : "C:\Program Files\LimeWire\LimeWire.exe" -startup
ProcessID : 2172
ThreadCreationTime : 13-05-2005 11:14:54
BasePriority : Normal
FileVersion : 1, 0, 0, 2
ProductVersion : 1, 0, 0, 2
ProductName : LimeWire
CompanyName : Lime Wire, LLC
FileDescription : LimeWire
InternalName : LimeWire
LegalCopyright : Copyright © 2004
OriginalFilename : LimeWire.exe
Comments : The most advanced file sharing program on the planet.

#:36 [servic~1.exe]
ModuleName : C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
Command Line : C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE -Embedding
ProcessID : 2820
ThreadCreationTime : 13-05-2005 11:15:30
BasePriority : Normal
FileVersion : 6, 0, 1, 7
ProductVersion : 6.0
ProductName : Nokia Connectivity Library
CompanyName : Nokia.
FileDescription : ServiceLayer Module
InternalName : ServiceLayer
LegalCopyright : Copyright © 2002-2004 Nokia. All Rights Reserved.
OriginalFilename : ServiceLayer.exe

#:37 [ymsgr_tray.exe]
ModuleName : C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
Command Line : "C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe" -ymsgr
ProcessID : 3624
ThreadCreationTime : 13-05-2005 11:16:14
BasePriority : Normal


#:38 [ad-aware.exe]
ModuleName : C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
Command Line : "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe"
ProcessID : 3592
ThreadCreationTime : 13-05-2005 11:40:28
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUI3d5OfSInst

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-527237240-839522115-1708537768-1005\software\aurora
Value : AUC3n5tFyl

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 20


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 20



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : A0069322.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{ECE6783C-4731-4A3B-A1F9-4762C25FC599}\RP211\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


VX2 Object Recognized!
Type : File
Data : A0069323.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{ECE6783C-4731-4A3B-A1F9-4762C25FC599}\RP211\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 0
ProductName : DrPMon PrintMonitor
CompanyName : Direct Revenue
FileDescription : DrPMon PrintMonitor
InternalName : DrPMon
LegalCopyright : Copyright © 2005
OriginalFilename : DrPMon.dll


VX2 Object Recognized!
Type : File
Data : A0069324.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{ECE6783C-4731-4A3B-A1F9-4762C25FC599}\RP211\
FileVersion : 1, 0, 7, 1
ProductVersion : 0, 0, 7, 0
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
LegalCopyright : TODO: © <Company name>. All rights reserved.


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23


Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 23




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 23

12:53:59 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:13:09.215
Objects scanned:105863
Objects identified:23
Objects ignored:0
New critical objects:23
  • 0
Back to Lavasoft Support (Ad-aware) · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Lavasoft Support (Ad-aware)

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP