 trouble with aurora pop-ups, any help would be great - thanx |
Welcome! Register for a free account (or login) > How does it work?
|
|
 May 7 2005, 10:58 AM
Post
#1
|
|
|
New Member  Group: New Member Posts: 5 Joined: 7-May 05 Member No.: 31,888 Operating System: windows xp home  |
Logfile of HijackThis v1.99.1
Scan saved at 17:36:04, on 07/05/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\pctspk.exe C:\Program Files\Aladdin Systems\SpamCatcher\spamcatcher.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.exe C:\program files\disney interactive\monsters jr\qttask.exe C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\seeve.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe c:\windows\system32\bpujzh.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Documents and Settings\STUART\Desktop\DANNY'S GAMES ONLY\SS98_Demo.exe C:\WINDOWS\system32\ntvdm.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\STUART\LOCALS~1\Temp\Rar$EX00.908\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - _{1C78AB3F-A857-482e-80C0-3A1E5238A565} - (no file) F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: FDA Bar - {9595C62C-76C6-49A6-9BDA-3253DD7A34FF} - C:\Program Files\Free Downloads Accelerator\fdabar.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) O4 - HKLM\..\Run: [SupaStatus] C:\Program Files\Internet Explorer\Connection Wizard\Status.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\program files\disney interactive\monsters jr\qttask.exe" -atboottime O4 - HKLM\..\Run: [SvcHost32] C:\WINDOWS\svchost32.exe O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe" O4 - HKLM\..\Run: [WebScan] C:\PROGRA~1\ACCELE~1\ANTI-V~1\DEFSCA~1.EXE -k O4 - HKLM\..\Run: [OpiStat] C:\PROGRA~1\OpiStat\OpiStat\OpiStat.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\DOCUMENTS AND SETTINGS\STUART\DESKTOP\Nvc\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [Meow long] C:\PROGRA~1\Error Build\Corn The.exe O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover2\Trjscan.exe O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain O4 - HKLM\..\Run: [mriboj] C:\WINDOWS\mriboj.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [seeve] C:\WINDOWS\seeve.exe O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe O4 - HKLM\..\Run: [yxyirw] c:\windows\system32\bpujzh.exe O4 - HKLM\..\RunOnce: [Desktop Search Removal Tool] "C:\WINDOWS\inst\kill.exe" /VERYSILENT /NOCANCEL /NORESTART /SP- O4 - HKLM\..\RunOnce: [Bonus Sites Removal Tool] "C:\WINDOWS\inst\kill.exe" /VERYSILENT /NOCANCEL /NORESTART /SP- O4 - HKLM\..\RunOnce: [iSearch Toolbar Removal Tool] "C:\WINDOWS\inst\kill.exe" /VERYSILENT /NOCANCEL /NORESTART /SP- O4 - HKLM\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy Client\sunASCleaner.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: Download with Free Downloads Accelerator - C:\Program Files\Free Downloads Accelerator\fdaie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'nmtracer.dll' missing O15 - Trusted Zone: *.media-motor.net O15 - Trusted Zone: *.popuppers.com O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200203...meInstaller.exe O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\system\intralaunch.CAB O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup132.cab O16 - DPF: {f760cb9e-c60f-4a89-890e-fae8b849493e} - O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\DOCUMENTS AND SETTINGS\STUART\DESKTOP\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: Norman NJeeves - Unknown owner - C:\DOCUMENTS AND SETTINGS\STUART\DESKTOP\Nvc\BIN\NJEEVES.EXE (file missing) O23 - Service: Norman ZANDA - Unknown owner - C:\Documents and Settings\STUART\Desktop\NVC\BIN\Zanda.exe (file missing) O23 - Service: Norman Virus Control on-access component (nvcoas) - Unknown owner - C:\DOCUMENTS AND SETTINGS\STUART\DESKTOP\Nvc\BIN\nvcoas.exe (file missing) O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\DOCUMENTS AND SETTINGS\STUART\DESKTOP\Nvc\BIN\NVCSCHED.EXE (file missing) O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe O23 - Service: SpamCatcherUniversal - Unknown owner - C:\Program Files\Aladdin Systems\SpamCatcher\spamcatcher.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe |
 |
 
|
|
Replies
|
May 13 2005, 03:46 PM
Post
#2
|
|
 Retired  Group: Malware Expert Posts: 2,477 Joined: 1-November 03 From: So. Plfd. NJ USA Member No.: 675 Operating System: Widows 98se, ME and XP home |
Great! Good Job!
 I'll leave you with........ Some preventive maintenance: ------------------Must have or do:----------------- Now that you're clean: <----Important Step!!!! Delete your system restore files and create a new restore point: (ME and XP users only) XP system restore ME system restore Visit Windows Update and install all the lastest critical updates. Install these two free programs, they sit in the backround and protect your system from spy and adware being installed on your system, also from your browser being hijacked. Check for updates weekly. SpywareBlaster SpywareGuard IE-SPYAD Puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. IE-SPYAD SpyBot has some protection benefits - use them. Need a free anti virus? AVG*free (check for updates - daily) How about a firewall? The front door to your computer. ZoneAlarm*free ----------Free malware removal programs:---------- SpyBot AD-Aware CW-Shredder Free Online Trojan Scan A SQUARED FREE TROJAN SCANNER Trojan Hunter TrojanHunter - free trial Please consider using FireFox instead of Internet Explorer Replace Java with SunJava Pop-up stoppers: GoogleToolBar Pop-upStopperFree Don't open e-mail attachments without first scanning them with an up-to-date anti virus program, even after doing that I would be very careful. Don't click on any executables in e-mails or any other links that you're not sure of. Watch your surfing habits, don't click on or download anything you're not sure of. Don't install a program that hasn't been recommended by a reputable organization. Good luck and thanks for using the forum - MrC  |
|
|
|
Posts in this topic
srjrdrhr trouble with aurora pop-ups May 7 2005, 10:58 AM
MrCharlie Welcome to the forum.
This is a nasty infection.
... May 8 2005, 02:49 PM srjrdrhr thanks MrC, heres new hjt log
Logfile of HijackTh... May 9 2005, 02:39 AM MrCharlie Please move HJT into its own permanent folder so b... May 9 2005, 04:59 PM srjrdrhr seems to have done the trick, but having problems ... May 10 2005, 09:24 AM srjrdrhr oops, disregard the email problem. must have been ... May 10 2005, 11:46 AM MrCharlie To clean up a bit........
Close ALL programs down... May 10 2005, 05:06 PM srjrdrhr yep, everythings running like it should be running... May 13 2005, 02:15 PM
MrCharlie As this problem has been resolved the topic will b... Jun 5 2005, 05:06 AM |
Similar Topics
| Topic Title | Replies | Topic Starter | Views | Last Action | |||
|---|---|---|---|---|---|---|---|
 |
1 | schlackeye | 23 | Yesterday, 09:15 PM Last post by: Ztruker |
|||
|
9 | wavel | 148 | Yesterday, 08:36 PM Last post by: wavel |
|||
|
1 | stevie d | 50 | 5th February 2010 - 04:12 AM Last post by: paws |
|||
 |
22 | slpera | 547 | 20th January 2010 - 08:32 PM Last post by: CatByte |
|||
|
Time is now: 9th February 2010 - 12:08 AM |
Member site: Alliance of Security Analysis Professionals | UNITE Against Malware
Memory Forums | Auto Repair Forum
© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy
