Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora pop ups wont go away! [RESOLVED]


  • This topic is locked This topic is locked

#16
spencer9812

spencer9812

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:33:17 PM, on 05/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ganster\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) -
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.co...pside_web18.cab
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} (Stamps.com Secure Postal Account Registration) - https://secure.stamp...34/sdcregie.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - http://download.answ...nswersSetup.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://www.miniclip....bGameLoader.cab
O16 - DPF: {416792D8-F532-493A-BECC-1C99A1501FF9} (vmLaunch Class) - http://media2.comcas...vmLauncher2.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...83/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yim...ctl_0_0_0_2.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfi...ll/gtdownls.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,20/mcgdmgr.cab
O16 - DPF: {CA797B15-445F-4AA9-9828-8A88502F560F} (Uninstall Control) - http://www.worldwinn...d/uninstall.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g...d8_2_0_0_21.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: STOPzilla - C:\WINDOWS\SYSTEM32\IS3WLHandler.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
  • 0

Advertisements


#17
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
You still have HijackThis.exe in a temp folder. Please move it out NOW along with the backup folder it created.

Your log is clean.

Turn off system restore by right clicking on My Computer and go to Properties->System Restore and check the box for Turn off System Restore. Click Apply and then OK. Restart your computer and uncheck the same box to enable System Restore.

Make sure to get the latest updates for Windows and Internet Explorer at http://v5.windowsupd...t.aspx?ln=en-us.

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If not, you should be set to go.
  • 0

#18
spencer9812

spencer9812

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
There are no problems, but I might have still some spyware because i did a quick scan of a trail version of spyware and i got some infections. I will be taking care of this.
  • 0

#19
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
If you want, we can handle it here also. I don't trust most so-called spyware removal programs. Do you mind telling me which one you are using to do the scans? There are a lot of fake ones out there, so be careful especially when they ask you to buy it.
  • 0

#20
spencer9812

spencer9812

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
spyware doctor and ad- aware SE personal are the ones i use.
  • 0

#21
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
What are they detecting? It may be minor.
  • 0

#22
spencer9812

spencer9812

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
simple stuff like toolbars for internet explorer.
  • 0

#23
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
That's not normal. Do you have Spybot also? If not, get it now and check for updates. Then run the full scan and remove the items it finds.

Restart. Give me a new HijackThis log so I can see if anything else changed since then.
  • 0

#24
spencer9812

spencer9812

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
Ive had spybot for a long time ever since i got my computer and everytime i do a scan and clean the crap out. Theres also this infection that never can be deleted. It's called Fun web products. Im going to run a scan today and check for updates
  • 0

#25
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, we will remove FunWebProducts (remind me later on in case I forget). Do this also:

Let's use a program to scan for any trojans that may exist. Download TDS-3 http://tds.diamondcs...p?page=download. Learn how to use it at http://tds.diamondcs...?page=easytouse. Make sure to update it after you installed it. You can get the manual updates at http://tds.diamondcs...php?page=update. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to 'System Testing' on the menu and choose 'Full System Scan'. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, it will be listed in the bottom window. Please copy and paste that here also if it applies. If you have problems copying the text, look (or search) for a file named scandump.txt and see if that has the alarms - post that here.
  • 0

Advertisements


#26
spencer9812

spencer9812

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
18:01:48 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED)
18:01:48 [Init] Started 08-06-05 18:01:48 Pacific Standard Time (UTC: 8), Internet Time @1084.58
18:01:48 [Init] Loading TDS-3 Systems ...
18:01:49 [Init] Token successfully adjusted.
18:01:49 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum
18:01:51 [Init] • Plugins : OK. Loaded 13
18:01:51 [Init] • Exec Protection : Not Installed
18:01:51 [Init] WARNING: Your Radius.TD3 database needs to be updated!
18:01:51 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3
18:01:52 [Init] Licensed users can use the Update facility from the TDS menu
18:01:53 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs>
18:02:13 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families
18:02:14 [Init] • Systems Initialised [39471 references - 16560 primaries/10873 traces/12038 variants/other]
18:02:14 [Init] Radius Systems loaded. <Databases updated 14-10-2004>
18:02:15 [Init] TDS-3 Ready. <Ganster@192.168.1.100, 127.0.0.1 - United States>
18:02:15 [Tip Of The Day] The next time you re-install Windows, put it in a directory name OTHER than C:\Windows - this directory is often hard-coded into some virii/trojans/worms, and they will not work properly if you have your operating system in a non-default directory name.
18:02:16 [TDS] Good evening Ganster. Time to stop working!
18:02:57 [Mutex Memory Scan] Started...
18:02:59 [Mutex Memory Scan] Finished (no trojan mutexes found).
18:02:59 [TDS-3] NOTICE - TDS-3 was not properly shut down.
18:02:59 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering.
18:03:22 [Script Error] ERR: Type mismatch: 'ok' (LINE: 1 COL:0)
18:03:28 [Script Error] ERR: Type mismatch: 'start' (LINE: 1 COL:0)
18:03:30 [Script Error] ERR: Type mismatch: 'scan' (LINE: 1 COL:0)
18:03:37 [CRC32] Started - verifying 29 files ...
18:03:38 [CRC32] File doesn't exist: C:\autoexec.bat
18:03:49 [CRC32] Test finished.
18:06:54 [Memory Scan] Memory scan started, please wait a moment ...
18:07:02 [Memory Scan] Memory scan complete.
18:07:02 [Mutex Memory Scan] Started...
18:07:06 [Mutex Memory Scan] Finished (no trojan mutexes found).
18:07:06 [Trace Scan] Started...
18:08:31 [Trace Scan] Finished.
18:08:31 [ServiceScan] Scanning for services and drivers ...
18:08:54 [ServiceScan] Scanned 360 services and drivers.
18:08:55 [File Scan] Scanning in C:\ ...
18:27:01 [TDS] Good evening Ganster. Time to stop working!
18:56:39 [TDS] Good evening Ganster. Time to stop working!
19:55:01 [TDS] Good evening Ganster.
20:14:10 [TDS] Good evening Ganster.
20:29:22 [TDS] Good evening Ganster.
21:06:47 [File Scan] Scanned 53237 files: 3 alarms in 10671 seconds (Avg 5.99 files/sec)
21:06:48 [File Scan] Scanning in D:\ ...
21:08:36 [TDS] Good evening Ganster.
21:16:14 [File Scan] Scanned 8344 files: 3 alarms in 565.3594 seconds (Avg 15.76 files/sec)
21:16:14 [File Scan] Scanning in E:\ ...
21:16:39 [File Scan] Scanned 100 files: 3 alarms in 24.85938 seconds (Avg 5.02 files/sec)
21:16:39 [File Scan] Scanning in G:\ ...
21:16:39 [File Scan] Scanned 0 files: 3 alarms in 0 seconds (Avg -1.#IND files/sec)
21:16:39 [File Scan] Scanning in H:\ ...
21:16:39 [File Scan] Scanned 0 files: 3 alarms in 0 seconds (Avg -1.#IND files/sec)
21:16:39 [File Scan] Scanning in I:\ ...
21:16:39 [File Scan] Scanned 0 files: 3 alarms in 0 seconds (Avg -1.#IND files/sec)
21:16:39 [File Scan] Scanning in J:\ ...
21:16:39 [File Scan] Scanned 0 files: 3 alarms in 0 seconds (Avg -1.#IND files/sec)
21:16:39 [Scan] Finished.
21:16:45 [TDS] Good evening Ganster.

Scan Control Dumped @ 21:18:26 08-06-05
Suspicious Filename: Dual extensions
File: c:\documents and settings\ganster\my documents\downloads\shareaza_2.1.0.0.exe

Suspicious Filename: Dual extensions
File: c:\hp\bin\python-2.2.1.exe

Positive identification <Adv>: Possible keylogger
File: c:\program files\bulletproofsoft.com\spywareremover\94bb38a6.dll
  • 0

#27
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup. Close the Registry Editor now. Go to Start->Run and type in notepad and hit OK. Then copy and paste the following into Notepad:

REGEDIT4
[-HKEY_CLASSES_ROOT\clsid\{7631768f-511e-41d8-badb-604b0034776b}]
[-HKEY_CLASSES_ROOT\clsid\{a4730ebe-43a6-443e-9776-36915d323ad3}]
[-HKEY_CLASSES_ROOT\interface\{10125c2d-6821-4070-b24e-2e992501ad55}]
[-HKEY_CLASSES_ROOT\interface\{10125c2f-6821-4070-b24e-2e992501ad55}]
[-HKEY_CLASSES_ROOT\interface\{277e1fe0-cf65-11d3-b377-0800460222f0}]
[-HKEY_CLASSES_ROOT\interface\{6d54a7c0-c379-11d3-b377-0800460222f0}]
[-HKEY_CLASSES_ROOT\interface\{7deaef88-f913-4750-801e-f3c1059299f1}]
[-HKEY_CLASSES_ROOT\interface\{7deaef8a-f913-4750-801e-f3c1059299f1}]
[-HKEY_CLASSES_ROOT\iwontoolbar.iwonnetscapeshutdown]
[-HKEY_CLASSES_ROOT\iwontoolbar.iwonnetscapeshutdown.1]
[-HKEY_CLASSES_ROOT\iwontoolbar.iwonnetscapestartup]
[-HKEY_CLASSES_ROOT\iwontoolbar.iwonnetscapestartup.1]
[-HKEY_CURRENT_USER\software\iwon]
[-HKEY_CURRENT_USER\software\netscape\netscape navigator\automation startup\counter]
[-HKEY_CURRENT_USER\software\netscape\netscape navigator\automation startup\iwontoolbar.iwonnetscapestartup.1]
[-HKEY_LOCAL_MACHINE\software\funwebproducts]
[-HKEY_LOCAL_MACHINE\software\iwon]

Save the file as "delete.reg". Make sure to save it with the quotes. Double click on it and choose Yes to merge it. You may delete the file afterwards.

Uninstall BulletProofSoft.com from Add/Remove panel.

Delete this folder if it's still there -> c:\program files\bulletproofsoft.com\

Go to Start->Run and type in regsvr32 /u i1srchas.dll

Restart. Any problems now?
  • 0

#28
spencer9812

spencer9812

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
yea im haveing a big problem, rite now im in safe mode with networking and when i restart mi computer it keeps saying didnt start up properly . then there are some options. like start windows normally. or start when it worked right and safe mode options ( safe mode, safe mode w/ networking or w/ command prompt. mostly when i click on start windows normally. right when i click it. it restarts the computer and everytime i click on a option it restarts mi computer and goes to the same menu that says didnt start normally becasue of software or hardware change. I only got in safe mode w/ networking because i was lucky. i need major help!!
  • 0

#29
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, were you able to do the above steps I asked you to do?

I need to go home and see the setting on my XP machine to help you troubleshoot this problem. Some software/hardware might be causing this problem. So try the steps above first if you haven't done so already.

Either way, post back so I know the update.
  • 0

#30
spencer9812

spencer9812

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 108 posts
yea I did them.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP