aurora and seeve pop ups

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Want to ask a question, reply to a topic, or remove all advertising? It's easy, fast and free. Join today!
Spyware, virus, trojan, fake security or privacy alerts? Please start with our malware cleaning guide.

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

aurora and seeve pop ups, adware report according to your requests

Options

tarina View Member Profile	Jun 26 2005, 11:46 AM Post #1
New Member Posts: 6 OS: windows xp	Edit: Old build and incomplete log,

don77 View Member Profile	Jun 26 2005, 11:58 AM Post #2
Malware Expert Posts: 18,682 From: Boston Ma. OS: XP Pro,ME, 98	Hi and welcome tarina Ad-aware SE build 1.06r1 is the most current version, As you are not using the latest version, please could you chose a download site to download the latest version. Download site list Just make sure you uninstall any old version of Ad-Aware before installing SE. After installing SE, then update your definition file Please then rescan your computer with the full system scan option And post your results here. Be sure and post the complete log please

tarina View Member Profile	Jun 27 2005, 04:45 PM Post #3
New Member Posts: 6 OS: windows xp	I followed your new directions, here is the new scan log. I hope it is complete, and I truly appreciate your help in this matter. Thanks again, Tarina Logfile removed: Incorrect Logfile type posted This post has been edited by Andy_veal: Jun 28 2005, 09:37 AM

Guest_Andy_veal_*	Jun 28 2005, 09:36 AM Post #4
	QUOTE Please then rescan your computer with the full system scan option Sorry about this but you posted a Smart mode scan, please follow Don's advice of selecting the full system scan option and posting your new logfile here. Thanks

Guest_Andy_veal_*	Jun 29 2005, 04:23 PM Post #6
	Hello and Welcome Ad-aware has found objects on your computer If you chose to clean your computer from what Ad-aware found please follow these instructions below… Please make sure that you are using the * SE1R51 21.06.2005 * definition file. Please launch Ad-Aware SE and click on the gear to access the Configuration Menu. Please make sure that this setting is applied. Click on Tweak > Cleaning Engine > UNcheck "Always try to unload modules before deletion". Disconnect from the internet (for broadband/cable users, it is recommended that you disconnect the cable connection) and close all open browsers or other programs you have running. Please then boot into Safe Mode To clean your machine, it is highly recommended that you clean the following directory contents (but not the directory folder): Please run CCleaner to assist in this process. Download CCleaner (Setup: go to >options > settings > Uncheck "Only delete files in Windows Temp folders older than 48 hours" for cleaning malware files!) * C:\Windows\Temp\ * C:\Documents and Settings\<Your Profile>\Local Settings\Temporary Internet Files\ <- This will delete all your cached internet content including cookies. * C:\Documents and Settings\<Your Profile>\Local Settings\Temp\ * C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\ * C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\ * Empty your "Recycle Bin". Please run Ad-Aware SE from the command lines shown in the instructions shown below. Click "Start" > select "Run" > type the text shown in bold below (including the quotation marks and with the same spacing as shown) "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe" /full +procnuke (For the Professional version) "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Aware.exe" /full +procnuke (For the Plus version) "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" +procnuke (For the Personal version) Click OK. Please note that the path above is of the default installion location for Ad-aware SE, if this is different, please adjust it to the location that you have installed it to. When the scan has completed, select Next. In the Scanning Results window, select the "Scan Summary" tab. Check the box next to each "target family" you wish to remove. Click next, Click OK. If problems are caused by deleting a family, please leave it. Please shutdown/restart your computer after removal, run a new full scan and post the results as a reply. Do not launch any programs or connect to the internet at this time. Please then copy & paste the complete log file here. Don't quarantine or remove anything at this time, just post a complete logfile. This can sometimes takes 2-3 posts to get it all posted, once the "Summary of this scan" information is shown, you have posted all of your logfile. Please remember when posting another logfile keep "Search for negligible risk entries" deselected as negligible risk entries (MRU's) are not considered to be a threat. This option can be changed when choosing your scan type. Please post back here Good luck Andy

tarina

Jun 29 2005, 08:52 PM

Post #7

New Member

Posts: 6
OS: windows xp

Here is the latest log after following your directions, I am a little concerned about a pop up that came after rebooting and trying to log on to the internet to post this, It was called Registry Scan, and it downloaded to my computer and I didn't click anything. I removed it in the add/remove programs because it freaked me out. I just wanted to let you know about that, and I am still getting pop ups from aurora and seeve. Once again I thank you so much for your help and being patient with my very little computer knowledge. I hope you are having a great day!

Thanks again!
Tarina

Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, June 29, 2005 9:34:22 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R51 21.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R51 21.06.2005
Internal build : 59
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 483435 Bytes
Total size : 1461660 Bytes
Signature data size : 1429955 Bytes
Reference data size : 31193 Bytes
Signatures total : 40756
CSI Fingerprints total : 906
CSI data size : 31253 Bytes
Target categories : 15
Target families : 694

Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Non Intel
Memory available:62 %
Total physical memory:1046960 kb
Available physical memory:648072 kb
Total page file size:2518736 kb
Available on page file:2213648 kb
Total virtual memory:2097024 kb
Available virtual memory:2045764 kb
OS:Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Obtain command line of scanned processes
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Play sound at scan completion if scan locates critical objects

6-29-2005 9:34:22 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
ModuleName : \SystemRoot\System32\smss.exe
Command Line : n/a
ProcessID : 780
ThreadCreationTime : 6-30-2005 2:32:43 AM
BasePriority : Normal

#:2 [csrss.exe]
ModuleName : \??\C:\WINDOWS\system32\csrss.exe
Command Line : C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestTh
ProcessID : 828
ThreadCreationTime : 6-30-2005 2:32:44 AM
BasePriority : Normal

#:3 [winlogon.exe]
ModuleName : \??\C:\WINDOWS\system32\winlogon.exe
Command Line : winlogon.exe
ProcessID : 852
ThreadCreationTime : 6-30-2005 2:32:45 AM
BasePriority : High

#:4 [services.exe]
ModuleName : C:\WINDOWS\system32\services.exe
Command Line : C:\WINDOWS\system32\services.exe
ProcessID : 896
ThreadCreationTime : 6-30-2005 2:32:45 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
ModuleName : C:\WINDOWS\system32\lsass.exe
Command Line : C:\WINDOWS\system32\lsass.exe
ProcessID : 908
ThreadCreationTime : 6-30-2005 2:32:45 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k DcomLaunch
ProcessID : 1052
ThreadCreationTime : 6-30-2005 2:32:45 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost -k rpcss
ProcessID : 1128
ThreadCreationTime : 6-30-2005 2:32:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
ModuleName : C:\WINDOWS\System32\svchost.exe
Command Line : C:\WINDOWS\System32\svchost.exe -k netsvcs
ProcessID : 1164
ThreadCreationTime : 6-30-2005 2:32:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [evteng.exe]
ModuleName : C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
Command Line : "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe"
ProcessID : 1204
ThreadCreationTime : 6-30-2005 2:32:46 AM
BasePriority : Normal
FileVersion : 9, 0, 1, 12
ProductVersion : 9, 0, 0, 0
ProductName : EvtEng Module
CompanyName : Intel Corporation
FileDescription : EvtEng Module
InternalName : EvtEng
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : EvtEng.EXE

#:10 [s24evmon.exe]
ModuleName : C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
Command Line : "C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe"
ProcessID : 1244
ThreadCreationTime : 6-30-2005 2:32:46 AM
BasePriority : Normal
FileVersion : 9, 0, 1, 41
ProductVersion : 9, 0, 0, 0
ProductName : Mobile Unit Support Service
CompanyName : Intel Corporation
FileDescription : Event Monitor - Supports driver extensions to NIC Driver for wireless adapters.
InternalName : S24EvMon
LegalCopyright : Copyright © Intel Corporation 1999-2004
OriginalFilename : S24EvMon.exe

#:11 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k NetworkService
ProcessID : 1296
ThreadCreationTime : 6-30-2005 2:32:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [svchost.exe]
ModuleName : C:\WINDOWS\system32\svchost.exe
Command Line : C:\WINDOWS\system32\svchost.exe -k LocalService
ProcessID : 1408
ThreadCreationTime : 6-30-2005 2:32:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:13 [explorer.exe]
ModuleName : C:\WINDOWS\Explorer.exe
Command Line : Explorer.exe C:\WINDOWS\Nail.exe
ProcessID : 1696
ThreadCreationTime : 6-30-2005 2:32:47 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:14 [spoolsv.exe]
ModuleName : C:\WINDOWS\system32\spoolsv.exe
Command Line : C:\WINDOWS\system32\spoolsv.exe
ProcessID : 1828
ThreadCreationTime : 6-30-2005 2:32:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [defwatch.exe]
ModuleName : C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
Command Line : C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
ProcessID : 1932
ThreadCreationTime : 6-30-2005 2:32:47 AM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:16 [dkservice.exe]
ModuleName : C:\Program Files\Executive Software\Diskeeper\DkService.exe
Command Line : "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
ProcessID : 1948
ThreadCreationTime : 6-30-2005 2:32:47 AM
BasePriority : Normal
FileVersion : 8.0.459.0
ProductVersion : 8.0.459.0
ProductName : Diskeeper ™ Disk Defragmenter
CompanyName : Executive Software International, Inc.
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2003 Executive Software Int'l, Inc.
OriginalFilename : DKSERVICE

#:17 [frameworkservice.exe]
ModuleName : C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
Command Line : "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart
ProcessID : 1992
ThreadCreationTime : 6-30-2005 2:32:47 AM
BasePriority : Normal
FileVersion : 3.0.0.595
ProductName : McAfee Common Framework
CompanyName : Network Associates, Inc.
FileDescription : Framework Service
InternalName : Framework
LegalCopyright : Copyright© 2000-2002 Networks Associates Technology, Inc. All Rights Reserved.
OriginalFilename : Framework.exe

#:18 [vstskmgr.exe]
ModuleName : C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
Command Line : "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"
ProcessID : 2024
ThreadCreationTime : 6-30-2005 2:32:47 AM
BasePriority : Normal

#:19 [mdm.exe]
ModuleName : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Command Line : "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
ProcessID : 184
ThreadCreationTime : 6-30-2005 2:32:47 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:20 [rtvscan.exe]
ModuleName : C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
Command Line : C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
ProcessID : 236
ThreadCreationTime : 6-30-2005 2:32:48 AM
BasePriority : Normal
FileVersion : 8.1.0.825
ProductVersion : 8.1.0.825
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2003

#:21 [nvsvc32.exe]
ModuleName : C:\WINDOWS\system32\nvsvc32.exe
Command Line : C:\WINDOWS\system32\nvsvc32.exe
ProcessID : 264
ThreadCreationTime : 6-30-2005 2:32:48 AM
BasePriority : Normal
FileVersion : 6.14.10.7082
ProductVersion : 6.14.10.7082
ProductName : NVIDIA Driver Helper Service, Version 70.82
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 70.82
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe