Aurora Popup [CLOSED], along with others |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
  |
 Sep 10 2005, 07:37 PM
Post
#1
|
|
|
New Member  Posts: 6 OS: XP  |
Scan saved at 9:28:47 PM, on 9/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe D:\WINDOWS\Explorer.exe D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE D:\WINDOWS\system32\pctspk.exe D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE D:\Program Files\Common Files\Symantec Shared\ccApp.exe D:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe D:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe D:\Program Files\Common Files\Real\Update_OB\realsched.exe D:\Program Files\QuickTime\qttask.exe D:\Program Files\iTunes\iTunesHelper.exe D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe D:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe D:\Program Files\AIM\aim.exe D:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe D:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe D:\Program Files\iPod\bin\iPodService.exe D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Program Files\Hotbar\Bin\4.6.1.0\HbSrv.exe D:\DOCUME~1\KELLYK~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id= R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q= F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\Nail.exe O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - D:\WINDOWS\dsr.dll O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - D:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - D:\WINDOWS\Bolger.dll O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - D:\Program Files\Yahoo!\Common\YIeTagBm.dll O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - D:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - D:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - D:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: (no name) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [fgymynbb] D:\WINDOWS\system32\ygabcjso.exe O4 - HKLM\..\Run: [farmmext] D:\WINDOWS\farmmext.exe O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] D:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] D:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [WeatherOnTray] D:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe O4 - HKLM\..\Run: [WildTangent CDA] "D:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "D:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll" O4 - HKLM\..\Run: [Dinst] D:\WINDOWS\dinst.exe O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [MimBoot] D:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe O4 - HKLM\..\Run: [MMTray] D:\PROGRA~1\MUSICM~1\MUSICM~1\mm_tray.exe O4 - HKLM\..\Run: [slroeko] d:\windows\system32\vfnfgk.exe r O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [Norton SystemWorks] "D:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Norton GoBack.lnk = D:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe O8 - Extra context menu item: &AIM Search - res://D:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - D:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - D:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - D:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU) O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) - O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - D:\WINDOWS\system32\pctspk.exe O23 - Service: SAVScan - Symantec Corporation - D:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: System Startup Service (SvcProc) - Unknown owner - D:\WINDOWS\svcproc.exe O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Please help> |
 |
 
|
|
Sep 10 2005, 07:56 PM
Post
#2
|
|
 Malware Eradicator  Posts: 18,665 From: Ottawa OS: Windows XP Pro /Vista Ultimate 
|
Hi woosh and welcome to the Geeks to Go Forums.
My name is Trevuren and I will be helping you with your log. 1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a. If you already have logged in, go directly to item a.
2. Also, while at the My Controls page, check the box to the right of your post and then scroll down. .Where it says "unsubscribe" click the pull-down menu and select "immediate email notification" 3. Please DELETE your current HJT program from its present location. 4. Download and run the following HijackThis autoinstall program from Here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER Regards, Trevuren |
|
|
|
|
Sep 19 2005, 08:46 PM
Post
#3
|
|
|
Malware Eradicator Posts: 18,665 From: Ottawa OS: Windows XP Pro /Vista Ultimate
|
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
4 / 1,372 | 12th August 2005 - 09:59 AM khrisx42 started - last by Canoeingkidd |
|||||
|
2 / 169 | 21st June 2005 - 04:26 PM sophistifunk started - last by usetobe |
|||||
|
12 / 575 | 9th September 2005 - 08:39 PM dnellie started - last by Trevuren |
|||||
|
 |
2 / 177 | 1st October 2005 - 04:49 PM JohnyLev started - last by greyknight17 |
||||
|
Time is now: 20th November 2008 - 05:22 PM |
| Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. |
