This is my log that I just finished. I have a bunch of popups, including the Aurora pop ups that I can't seem to get rid of. I ran all the programs that were suggested to help get rid of some things but the popups never stop. Hope some of you can help.
Thanks a lot!
Logfile of HijackThis v1.99.1
Scan saved at 10:51:36 PM, on 6/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\TEMP\sdpgnu.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\m61rce7o\m61rce7o.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\Star Alliance Timetable\StarUpdater.exe
C:\Program Files\m61rce7o\34198879.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\m61rce7o\m61rce7o.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\WINDOWS\system32\xbntur\qjvveusq.exe
c:\windows\system32\zwgoba.exe
C:\WINDOWS\system32\nrxptiiq\psiy.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Patricio\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=
O1 - Hosts: 216.39.69.102 view.atdmt.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [pimilb] C:\WINDOWS\system32\hqvh\pimilb.exe
O4 - HKLM\..\Run: [edfy] C:\WINDOWS\system32\xfwfxy\edfy.exe
O4 - HKLM\..\Run: [fhgchlx] C:\WINDOWS\system32\bpebqm\fhgchlx.exe
O4 - HKLM\..\Run: [qtdobulv] C:\WINDOWS\system32\yvweos\qtdobulv.exe
O4 - HKLM\..\Run: [oqggvd] C:\WINDOWS\system32\gmbwycoo\oqggvd.exe
O4 - HKLM\..\Run: [yrluaher] C:\WINDOWS\system32\hkouum\yrluaher.exe
O4 - HKLM\..\Run: [jmrs] C:\WINDOWS\system32\vnlwel\jmrs.exe
O4 - HKLM\..\Run: [skyhn] C:\WINDOWS\TEMP\sdpgnu.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [wovsykus] C:\WINDOWS\system32\opwlyp\wovsykus.exe
O4 - HKLM\..\Run: [qvmggiq] C:\WINDOWS\system32\rieap\qvmggiq.exe
O4 - HKLM\..\Run: [lydofv] C:\WINDOWS\system32\kkdi\lydofv.exe
O4 - HKLM\..\Run: [Windows Hosts File] WindowsHosts.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [2s4S35l] rmokman.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [oudxijxc] C:\WINDOWS\system32\veagsx\oudxijxc.exe
O4 - HKLM\..\Run: [m61rce7o] C:\Program Files\m61rce7o\m61rce7o.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [fedwbesv] C:\WINDOWS\system32\glmy\fedwbesv.exe
O4 - HKLM\..\Run: [clotoqdw] C:\WINDOWS\system32\clmy\clotoqdw.exe
O4 - HKLM\..\Run: [dkxqvc] C:\WINDOWS\system32\ikmb\dkxqvc.exe
O4 - HKLM\..\Run: [hgrb] C:\WINDOWS\system32\pjciqaej\hgrb.exe
O4 - HKLM\..\Run: [catrnbh] C:\WINDOWS\system32\ckyes\catrnbh.exe
O4 - HKLM\..\Run: [fdfcv] C:\WINDOWS\system32\jhxn\fdfcv.exe
O4 - HKLM\..\Run: [ywuq] C:\WINDOWS\system32\fpspvupu\ywuq.exe
O4 - HKLM\..\Run: [mftqfp] C:\WINDOWS\system32\nruha\mftqfp.exe
O4 - HKLM\..\Run: [ipjkm] C:\WINDOWS\system32\argx\ipjkm.exe
O4 - HKLM\..\Run: [qjvveusq] C:\WINDOWS\system32\xbntur\qjvveusq.exe
O4 - HKLM\..\Run: [SkyH2] C:\WINDOWS\TEMP\aqcap.exe
O4 - HKLM\..\Run: [xgrwfv] c:\windows\system32\zwgoba.exe
O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\blxqhqsu.exe
O4 - HKLM\..\Run: [psiy] C:\WINDOWS\system32\nrxptiiq\psiy.exe
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKLM\..\RunOnce: [GIANTAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Xgqzfl] C:\WINDOWS\system32\m?config.exe
O4 - HKCU\..\Run: [JBv2RRJFW] remwselc.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Startup: StarUpdater.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia...ll/pcs_0002.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: clotoqdwclmy - Unknown owner - C:\WINDOWS\system32\clmy\clotoqdw.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: fhgchlxbpebqm - Unknown owner - C:\WINDOWS\system32\bpebqm\fhgchlx.exe
O23 - Service: hgrbpjciqaej - Unknown owner - C:\WINDOWS\system32\pjciqaej\hgrb.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: oqggvdgmbwycoo - Unknown owner - C:\WINDOWS\system32\gmbwycoo\oqggvd.exe
O23 - Service: pimilbhqvh - Unknown owner - C:\WINDOWS\system32\hqvh\pimilb.exe
O23 - Service: psiynrxptiiq - Unknown owner - C:\WINDOWS\system32\nrxptiiq\psiy.exe
O23 - Service: qjvveusqxbntur - Unknown owner - C:\WINDOWS\system32\xbntur\qjvveusq.exe
O23 - Service: qvmggiqrieap - Unknown owner - C:\WINDOWS\system32\rieap\qvmggiq.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: spistpmbphfvg - Unknown owner - C:\WINDOWS\system32\bphfvg\spistpm.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
O23 - Service: wovsykusopwlyp - Unknown owner - C:\WINDOWS\system32\opwlyp\wovsykus.exe