trouble with aurora pop-ups

Welcome! Register for a free account (or login) > How does it work?

Quickly register. It will only take 60 seconds.
Start a new topic. Ask your question. Wait for an email reply.
Is your system infected? Begin reading the malware removal guide.

What the Tech > Spyware / Malware / Virus Removal > Infections Removal

trouble with aurora pop-ups, any help would be great - thanx

Options

srjrdrhr View Member Profile	May 7 2005, 10:58 AM Post #1
New Member Group: New Member Posts: 5 Joined: 7-May 05 Member No.: 31,888 Operating System: windows xp home	Logfile of HijackThis v1.99.1 Scan saved at 17:36:04, on 07/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Aladdin Systems\SpamCatcher\spamcatcher.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\program files\disney interactive\monsters jr\qttask.exe C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\seeve.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe c:\windows\system32\bpujzh.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Documents and Settings\STUART\Desktop\DANNY'S GAMES ONLY\SS98_Demo.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\STUART\LOCALS~1\Temp\Rar$EX00.908\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Program Files\Free Downloads Accelerator\fdabar.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O4 - HKLM\..\Run: [SupaStatus] C:\Program Files\Internet Explorer\Connection Wizard\Status.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\disney interactive\monsters jr\qttask.exe" -atboottime O4 - HKLM\..\Run: [SvcHost32] C:\WINDOWS\svchost32.exe O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe" O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\DOCUMENTS AND SETTINGS\STUART\DESKTOP\Nvc\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Meow long] C:\PROGRA~1\Error Build\Corn The.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover2\Trjscan.exe O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [mriboj] C:\WINDOWS\mriboj.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe O4 - HKLM\..\Run: [yxyirw] c:\windows\system32\bpujzh.exe O4 - HKLM\..\RunOnce: [Desktop Search Removal Tool] "C:\WINDOWS\inst\kill.exe" /VERYSILENT /NOCANCEL /NORESTART /SP- O4 - HKLM\..\RunOnce: [Bonus Sites Removal Tool] "C:\WINDOWS\inst\kill.exe" /VERYSILENT /NOCANCEL /NORESTART /SP- O4 - HKLM\..\RunOnce: [iSearch Toolbar Removal Tool] "C:\WINDOWS\inst\kill.exe" /VERYSILENT /NOCANCEL /NORESTART /SP- O4 - HKLM\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy Client\sunASCleaner.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing O15 - Trusted Zone: .media-motor.net O15 - Trusted Zone: .popuppers.com O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup132.cab O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} - O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\DOCUMENTS AND SETTINGS\STUART\DESKTOP\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Norman NJeeves - Unknown owner - C:\DOCUMENTS AND SETTINGS\STUART\DESKTOP\Nvc\BIN\NJEEVES.EXE (file missing) O23 - Service: Norman ZANDA - Unknown owner - C:\Documents and Settings\STUART\Desktop\NVC\BIN\Zanda.exe (file missing) O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\DOCUMENTS AND SETTINGS\STUART\DESKTOP\Nvc\BIN\nvcoas.exe (file missing) O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\DOCUMENTS AND SETTINGS\STUART\DESKTOP\Nvc\BIN\NVCSCHED.EXE (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: SpamCatcherUniversal - Unknown owner - C:\Program Files\Aladdin Systems\SpamCatcher\spamcatcher.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Replies

MrCharlie View Member Profile	May 8 2005, 02:49 PM Post #2
Malwareware Removal Specialist Group: Malware Expert Posts: 2,483 Joined: 1-November 03 From: So. Plfd. NJ USA Member No.: 675 Operating System: Widows 98se, ME and XP home	Welcome to the forum. This is a nasty infection. Please run this uninstaller, you must have an internet connection for it to work. http://www.mypctuneup.com/index.php Reboot and we'll clean up the rest of it. MrC

Posts in this topic

srjrdrhr trouble with aurora pop-ups May 7 2005, 10:58 AM

MrCharlie Welcome to the forum. This is a nasty infection. ... May 8 2005, 02:49 PM

srjrdrhr thanks MrC, heres new hjt log Logfile of HijackTh... May 9 2005, 02:39 AM

MrCharlie Please move HJT into its own permanent folder so b... May 9 2005, 04:59 PM

srjrdrhr seems to have done the trick, but having problems ... May 10 2005, 09:24 AM

srjrdrhr oops, disregard the email problem. must have been ... May 10 2005, 11:46 AM

MrCharlie To clean up a bit........ Close ALL programs down... May 10 2005, 05:06 PM

srjrdrhr yep, everythings running like it should be running... May 13 2005, 02:15 PM

MrCharlie Great! Good Job! I'll leave you ... May 13 2005, 03:46 PM

MrCharlie As this problem has been resolved the topic will b... Jun 5 2005, 05:06 AM

« Next Oldest · Infections Removal · Next Newest »

Topic Title	Replies	Topic Starter	Views	Last Action
General Hardware Trouble installing a Samsung YP-S3 mp3 player 123	32	zaydurrahman	38,153	7th March 2010 - 10:06 PM Last post by: calcifer
Infections Removal [Closed] Laptop Quickly Deteriorating... Trouble!	2	dandylion	155	25th February 2010 - 12:10 PM Last post by: ken545
Infections Removal [Resolved] Possible Rootkit/trojan trouble 12	16	wavel	489	24th February 2010 - 05:27 PM Last post by: LDTate
Microsoft Windows™ Big Trouble 12	22	schlackeye	510	22nd February 2010 - 02:00 PM Last post by: schlackeye