Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

[Referred]Aurora Pop ups


  • Please log in to reply

#1
leazabeth

leazabeth

    New Member

  • Member
  • Pip
  • 2 posts
I have tried removing Aurora using advice I read on this web site. This included using CCleaner, running in safe mode, starting Ad-aware from the command line etc. Aurora has resisted all these efforts to remove it. Here is my Ad-aware log file from my last effort. Please help me, if you do, I'll have your baby!!

Elizabeth :tazz:


Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, July 04, 2005 11:23:56 AM
Using definitions file:SE1R52 30.06.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt(TAC index:3):3 total references
Roings(TAC index:8):5 total references
Tracking Cookie(TAC index:3):5 total references
Windows(TAC index:3):1 total references
VX2(TAC index:10):30 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


7-4-2005 11:23:56 AM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 1268
ThreadCreationTime : 7-4-2005 6:18:08 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1316
ThreadCreationTime : 7-4-2005 6:18:14 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1340
ThreadCreationTime : 7-4-2005 6:18:16 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1384
ThreadCreationTime : 7-4-2005 6:18:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1396
ThreadCreationTime : 7-4-2005 6:18:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1544
ThreadCreationTime : 7-4-2005 6:18:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1636
ThreadCreationTime : 7-4-2005 6:18:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1676
ThreadCreationTime : 7-4-2005 6:18:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1856
ThreadCreationTime : 7-4-2005 6:18:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1880
ThreadCreationTime : 7-4-2005 6:18:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 256
ThreadCreationTime : 7-4-2005 6:18:18 PM
BasePriority : Normal
FileVersion : 2.2.1.004
ProductVersion : 2.2.1.004
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:12 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 280
ThreadCreationTime : 7-4-2005 6:18:19 PM
BasePriority : Normal
FileVersion : 2.2.1.004
ProductVersion : 2.2.1.004
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:13 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 400
ThreadCreationTime : 7-4-2005 6:18:19 PM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:14 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 452
ThreadCreationTime : 7-4-2005 6:18:19 PM
BasePriority : Normal
FileVersion : 8.16
ProductVersion : 8.16
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : © 1993 - 2003 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:15 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 7-4-2005 6:18:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:16 [scardsvr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 560
ThreadCreationTime : 7-4-2005 6:18:19 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Smart Card Resource Management Server
InternalName : SCardSvr.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : SCardSvr.exe

#:17 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 640
ThreadCreationTime : 7-4-2005 6:18:19 PM
BasePriority : Normal


#:18 [basfipm.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 7-4-2005 6:18:19 PM
BasePriority : Normal
FileVersion : 3, 0, 2, 0
ProductVersion : 3, 0, 2, 0
ProductName : Broadcom ASF IP monitoring service
CompanyName : Broadcom Corp.
FileDescription : Broadcom ASF IP monitoring service
InternalName : BAsfIpM
LegalCopyright : Copyright© 2001 Broadcom Corporation, All Rights Reserved
OriginalFilename : BAsfIpM.EXE

#:19 [cbregcap.exe]
FilePath : C:\Program Files\Connected\
ProcessID : 664
ThreadCreationTime : 7-4-2005 6:18:19 PM
BasePriority : Normal
FileVersion : 6.2.617
ProductVersion : 6.2
ProductName : Connected TLM
CompanyName : Connected Corporation
FileDescription : Registry Capture Module
InternalName : CBRegCap
LegalCopyright : © 2002 by Connected Corporation
OriginalFilename : CBRegCap.exe

#:20 [cblaunch.exe]
FilePath : C:\Program Files\Connected\
ProcessID : 780
ThreadCreationTime : 7-4-2005 6:18:19 PM
BasePriority : Normal
FileVersion : 6.2.617
ProductVersion : 6.2
ProductName : Connected TLM
CompanyName : Connected Corporation
FileDescription : Connected TLM Launcher
InternalName : CBLaunch
LegalCopyright : © 2002 by Connected Corporation
OriginalFilename : CBLaunch.exe

#:21 [cvpnd.exe]
FilePath : C:\Program Files\Cisco Systems\VPN Client\
ProcessID : 828
ThreadCreationTime : 7-4-2005 6:18:19 PM
BasePriority : Normal
FileVersion : 4.6.00.0045
ProductVersion : 4.6.00.0045
ProductName : Cisco Systems VPN Client
CompanyName : Cisco Systems, Inc.
FileDescription : Cisco Systems VPN Client
InternalName : cvpnd
LegalCopyright : Copyright © 1998-2004 Cisco Systems, Inc.
OriginalFilename : CVPND.EXE

#:22 [defwatch.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 844
ThreadCreationTime : 7-4-2005 6:18:19 PM
BasePriority : Normal
FileVersion : 9.0.2.1000
ProductVersion : 9.0.2.1000
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright 1998 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : DefWatch.exe

#:23 [kodakccs.exe]
FilePath : C:\WINDOWS\system32\drivers\
ProcessID : 880
ThreadCreationTime : 7-4-2005 6:18:19 PM
BasePriority : Normal
FileVersion : 1.1.5100.4
ProductVersion : 4.4.0.0
ProductName : Kodak DC File System Driver (Win32)
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : KodakCCS.exe
LegalCopyright : Copyright © Eastman Kodak Co. 2000-2004
OriginalFilename : DcFsSvc.exe

#:24 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 900
ThreadCreationTime : 7-4-2005 6:18:19 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:25 [savroam.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 972
ThreadCreationTime : 7-4-2005 6:18:20 PM
BasePriority : Normal
FileVersion : 9.0.2.1000
ProductVersion : 9.0.2.1000
ProductName : Symantec SAVRoam
CompanyName : symantec
FileDescription : SAVRoam
InternalName : SAVRoam
LegalCopyright : Copyright 2002 - 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SAVRoam.exe

#:26 [rtvscan.exe]
FilePath : C:\Program Files\Symantec AntiVirus\
ProcessID : 1096
ThreadCreationTime : 7-4-2005 6:18:20 PM
BasePriority : Normal
FileVersion : 9.0.2.1000
ProductVersion : 9.0.2.1000
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:27 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1132
ThreadCreationTime : 7-4-2005 6:18:20 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:28 [wltrysvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1176
ThreadCreationTime : 7-4-2005 6:18:20 PM
BasePriority : Normal


#:29 [bcmwltry.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1212
ThreadCreationTime : 7-4-2005 6:18:20 PM
BasePriority : Normal
FileVersion : 3.10.39.2
ProductVersion : 3.10.39.2
ProductName : Wireless Network Tray Applet
CompanyName : Broadcom Corporation
FileDescription : Wireless Network Tray Applet
InternalName : bcmwltry.exe
LegalCopyright : 1998-2002, Broadcom Corporation All Rights Reserved.
OriginalFilename : bcmwltry.exe

#:30 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1400
ThreadCreationTime : 7-4-2005 6:18:21 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:31 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2664
ThreadCreationTime : 7-4-2005 6:18:32 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:32 [quickset.exe]
FilePath : C:\Program Files\Dell\QuickSet\
ProcessID : 2736
ThreadCreationTime : 7-4-2005 6:18:34 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : QuickSet Application
FileDescription : QuickSet MFC Application
InternalName : direct
LegalCopyright : Copyright © 2001
OriginalFilename : direct.EXE

#:33 [carpserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2764
ThreadCreationTime : 7-4-2005 6:18:34 PM
BasePriority : Normal
FileVersion : 5.03.21.05
ProductVersion : 5.03.21.05
ProductName : Conexant carpserv
CompanyName : Conexant Systems
FileDescription : carpserv
InternalName : carpserv
LegalCopyright : Copyright© Conexant Systems, Inc. 2002
OriginalFilename : carpserv.exe

#:34 [directcd.exe]
FilePath : C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\
ProcessID : 2816
ThreadCreationTime : 7-4-2005 6:18:35 PM
BasePriority : Normal
FileVersion : 5.3.4.21
ProductVersion : 5.3.4.21
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001,2002, Roxio, Inc.
OriginalFilename : Directcd.exe

#:35 [taskswitch.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2844
ThreadCreationTime : 7-4-2005 6:18:35 PM
BasePriority : Normal


#:36 [apoint.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 2856
ThreadCreationTime : 7-4-2005 6:18:36 PM
BasePriority : Normal
FileVersion : 5.4.101.113
ProductVersion : 5.4.101.113
ProductName : Alps Pointing-device Driver
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver
InternalName : Alps Pointing-device Driver
LegalCopyright : Copyright © 1999-2002 Alps Electric Co., Ltd.
OriginalFilename : Apoint.exe

#:37 [fwminder.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2880
ThreadCreationTime : 7-4-2005 6:18:36 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : FWMinder
CompanyName : Battelle, Pacific Northwest National Laboratory
InternalName : FWMinder
OriginalFilename : FWMinder.exe

#:38 [apntex.exe]
FilePath : C:\Program Files\Apoint\
ProcessID : 2948
ThreadCreationTime : 7-4-2005 6:18:37 PM
BasePriority : Normal
FileVersion : 5.0.1.13
ProductVersion : 5.0.1.13
ProductName : Alps Pointing-device Driver for Windows NT/2000
CompanyName : Alps Electric Co., Ltd.
FileDescription : Alps Pointing-device Driver for Windows NT/2000
InternalName : Alps Pointing-device Driver for Windows NT/2000
LegalCopyright : Copyright © 1998-2001 Alps Electric Co., Ltd.
OriginalFilename : ApntEx.exe

#:39 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2956
ThreadCreationTime : 7-4-2005 6:18:37 PM
BasePriority : Normal
FileVersion : 0.1.0.3034
ProductVersion : 0.1.0.3034
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:40 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_02\bin\
ProcessID : 2972
ThreadCreationTime : 7-4-2005 6:18:37 PM
BasePriority : Normal


#:41 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3012
ThreadCreationTime : 7-4-2005 6:18:37 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:42 [uckmxse.exe]
FilePath : c:\windows\system32\
ProcessID : 3100
ThreadCreationTime : 7-4-2005 6:18:38 PM
BasePriority : Normal
FileVersion : 1, 1, 0, 3
ProductVersion : 0, 0, 7, 0

#:43 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 3116
ThreadCreationTime : 7-4-2005 6:18:38 PM
BasePriority : Normal
FileVersion : 2.2.1.004
ProductVersion : 2.2.1.004
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2003 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:44 [vptray.exe]
FilePath : C:\PROGRA~1\SYMANT~2\
ProcessID : 3188
ThreadCreationTime : 7-4-2005 6:18:39 PM
BasePriority : Normal
FileVersion : 9.0.2.1000
ProductVersion : 9.0.2.1000
ProductName : Symantec AntiVirus
CompanyName : Symantec Corporation
FileDescription : Symantec AntiVirus
LegalCopyright : Copyright 1991 - 2004 Symantec Corporation. All rights reserved.

#:45 [narshelper.exe]
FilePath : C:\WINDOWS\System32\PNNLTasks\
ProcessID : 3352
ThreadCreationTime : 7-4-2005 6:18:39 PM
BasePriority : Normal
FileVersion : 1.00
ProductVersion : 1.00
ProductName : PNNL NARS Helper
CompanyName : Battelle
InternalName : NARSHelper
OriginalFilename : NARSHelper.exe

#:46 [citivan.exe]
FilePath : C:\Program Files\Citi Virtual Account Numbers\
ProcessID : 3360
ThreadCreationTime : 7-4-2005 6:18:40 PM
BasePriority : Normal
FileVersion : 3, 7, 0, 0, 134
ProductVersion : 3, 7, 0, 0, 134
ProductName : Virtual Account Numbers
CompanyName : Orbiscom Ltd. All rights reserved.
FileDescription : Virtual Account Numbers
InternalName : WEBOCARD
LegalCopyright : Copyright © 1999-2002, Orbiscom Ltd.
All rights reserved.
OriginalFilename : WebOCard.exe

#:47 [spywarebegone.exe]
FilePath : C:\spywarebegone\
ProcessID : 3392
ThreadCreationTime : 7-4-2005 6:18:40 PM
BasePriority : Normal
FileVersion : 5.0.0.15
ProductName : Spyware BeGone!
CompanyName : MicroSmarts Enterprise
FileDescription : Locate Spies and Adware Then Clean It.
InternalName : Spyware BeGone!
LegalCopyright : MicroSmarts Enterprise
LegalTrademarks : Spyware BeGone!
OriginalFilename : SpywareBeGone.exe
Comments : Program By Tarek Hussein.

#:48 [googledesktop.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 3400
ThreadCreationTime : 7-4-2005 6:18:40 PM
BasePriority : Normal


#:49 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3416
ThreadCreationTime : 7-4-2005 6:18:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:50 [easyshare.exe]
FilePath : C:\Program Files\Kodak\Kodak EasyShare software\bin\
ProcessID : 3516
ThreadCreationTime : 7-4-2005 6:18:41 PM
BasePriority : Normal
FileVersion : 5, 0, 4, 128
ProductVersion : 4, 0, 2, 134
ProductName : Kodak EasyShare software
CompanyName : Eastman Kodak Company
FileDescription : Kodak EasyShare software
InternalName : EasyShare
LegalCopyright : Copyright © Eastman Kodak Company 2002
LegalTrademarks : EasyShare
OriginalFilename : EasyShare.exe

#:51 [cbsystray.exe]
FilePath : C:\Program Files\Connected\
ProcessID : 3596
ThreadCreationTime : 7-4-2005 6:18:44 PM
BasePriority : Normal
FileVersion : 6.2.617
ProductVersion : 6.2
ProductName : Connected TLM
CompanyName : Connected Corporation
FileDescription : Connected TLM System Tray
InternalName : CBSysTray
LegalCopyright : © 2002 by Connected Corporation
OriginalFilename : CBSysTray.exe

#:52 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Plus\
ProcessID : 3780
ThreadCreationTime : 7-4-2005 6:19:04 PM
BasePriority : Normal
FileVersion : 6.2.0.237
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:53 [googledesktopindex.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 4088
ThreadCreationTime : 7-4-2005 6:19:43 PM
BasePriority : Normal


#:54 [googledesktopcrawl.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 156
ThreadCreationTime : 7-4-2005 6:19:44 PM
BasePriority : Normal


#:55 [winword.exe]
FilePath : C:\Program Files\Microsoft Office\Office10\
ProcessID : 1028
ThreadCreationTime : 7-4-2005 6:20:44 PM
BasePriority : Normal


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUC3n5trMsgSDisp

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUs3t5icky1S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUs3t5icky2S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUs3t5icky3S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUs3t5icky4S

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUC1o3d5eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUT3i5m7eOfSFinalAd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUD3s5tSSEnd

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AU3N5a7tionSCode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUP3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUT3h5rshSCheckSIn

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUT3h5rshSMots

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUM3o5deSSync

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUI3n5ProgSCab

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUI3n5ProgSEx

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUI3n5ProgSLstest

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUB3D5om

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUI3d5OfSDist

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUE3v5nt

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUT3h5rshSBath

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUT3h5rshSysSInf

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUL3n5Title

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUC3u5rrentSMode

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUC3n5tFyl

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUI3g5noreS

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUS3t5atusOfSInst

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\aurora
Value : AUL3a5stSSChckin

Roings Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment : "Date"
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\software\intexp
Value : Date

Windows Object Recognized!
Type : RegData
Data : explorer.exe c:\windows\nail.exe
TAC Rating : 3
Category : Vulnerability
Comment : Shell Possibly Compromised
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe c:\windows\nail.exe

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 30
Objects found so far: 30


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt : S-1-5-21-19610888-2120439649-608991905-1728\Software\Microsoft\Internet Explorer\MainSearch Pagewebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs...search.cgi?id="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "http://websearch.drs...search.cgi?id="
Possible Browser Hijack attempt : S-1-5-21-19610888-2120439649-608991905-1728\Software\Microsoft\Internet Explorer\MainSearch Barwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "http://websearch.drs...search.cgi?id="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\Software\Microsoft\Internet Explorer\Main
Value : Search Bar
Data : "http://websearch.drs...search.cgi?id="
Possible Browser Hijack attempt : S-1-5-21-19610888-2120439649-608991905-1728\Software\Microsoft\Internet Explorer\SearchURLwebsearch.drsnsrch.com

Possible Browser Hijack attempt Object Recognized!
Type : RegData
Data : "websearch.drsnsrch.com/q.cgi?q="
TAC Rating : 3
Category : Vulnerability
Comment : Possible Browser Hijack attempt
Rootkey : HKEY_USERS
Object : S-1-5-21-19610888-2120439649-608991905-1728\Software\Microsoft\Internet Explorer\SearchURL
Value :
Data : "websearch.drsnsrch.com/q.cgi?q="

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 33


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d3h269@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:d3h269@imrworldwide.com/cgi-bin
Expires : 1-18-2009 4:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d3h269@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:d3h269@z1.adserver.com/
Expires : 7-4-2006 10:24:42 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d3h269@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:d3h269@fastclick.net/
Expires : 7-6-2005 10:25:20 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d3h269@citi.bridgetrack[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:d3h269@citi.bridgetrack.com/
Expires : 7-18-2005 9:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : d3h269@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:d3h269@tribalfusion.com/
Expires : 12-31-2037 5:00:00 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 38



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : File
Data : A0101907.exe
TAC Rating : 10
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{16BB0C24-AD73-40FE-B770-B8DCD0798552}\RP416\
FileVersion : 1.0.2.4
ProductVersion : 1.0.2.4
ProductName : Buddy Window
CompanyName : Direct Revenue
FileDescription : Buddy
InternalName : Buddy.exe
LegalCopyright : © Direct Revenue. All rights reserved.
OriginalFilename : Buddy.exe
Comments : Browser window for Direct Revenue


Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 39


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 39




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

VX2 Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

Roings Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp

Roings Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Version

Roings Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : Date

Roings Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\intexp
Value : bid

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 44

11:39:49 AM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:15:52.760
Objects scanned:143284
Objects identified:44
Objects ignored:0
New critical objects:44
  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Please follow the instructions located in Step Five: Posting a Hijack This Log. Post your HJT log as a reply to this thread, which has been relocated to the Malware Removal Forum for providing you with further assistance.

Kindly note that it is very busy in the Malware Removal Forum, so there may be a delay in receiving a reply. Please also note that HJT logfiles are reviewed on a first come/first served basis.
  • 0

#3
leazabeth

leazabeth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Here is my HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 7:49:23 PM, on 7/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Connected\CBRegCap.EXE
C:\Program Files\Connected\CBlaunch.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\System32\FWMinder.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
c:\windows\system32\igmsshl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\VPTray.exe
C:\WINDOWS\System32\PNNLTasks\NARSHelper.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\spywarebegone\SpywareBeGone.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Connected\CBSysTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijack This\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CitiUSBrowserHelper Class - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\System32\BhoCitUS.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54527408-C9B0-CD10-BD1F-CCEE8BFCBC98} - C:\WINDOWS\system32\bawaex.dll (file missing)
O2 - BHO: (no name) - {5D52747A-C9B5-CE1D-BD1B-CEEE8CF1BC9A} - C:\WINDOWS\system32\bawaex.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {EA5A82FB-D6BE-44F9-9363-B1ABABC153C1} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [FW Status] C:\WINDOWS\System32\FWMinder.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [RunLocalStart] rundll32.exe C:\WINDOWS\System32\PNNLTasks\LocalStart32.dll,LocalStart32AppEntry run
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [RVO.exe] C:\documents and settings\d3h269\local settings\temp\RVO.exe
O4 - HKLM\..\Run: [Pbd.exe] C:\documents and settings\d3h269\local settings\temp\Pbd.exe
O4 - HKLM\..\Run: [6hL4S.exe] C:\documents and settings\d3h269\local settings\temp\6hL4S.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [PNNL NARS Helper] C:\WINDOWS\System32\PNNLTasks\NARSHelper.exe
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [phhdwpp] c:\windows\system32\hegdin.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [cnbhem] c:\windows\system32\igmsshl.exe r
O4 - HKCU\..\Run: [Spyware Begone] C:\spywarebegone\SpywareBeGone.exe -FastScan
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Adtu] C:\Documents and Settings\d3h269\Application Data\ceco.exe
O4 - HKCU\..\Run: [Ndl] C:\WINDOWS\System32\j?vaw.exe
O4 - Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SysTray.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 - DefaultPrefix:
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.chart...oad/tgctlcm.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaud...d/ccpm_0237.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1114433891943
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pnl.gov
O17 - HKLM\Software\..\Telephony: DomainName = pnl.gov
O17 - HKLM\System\CCS\Services\Tcpip\..\{80163BBC-8CDA-462E-A183-14FEA7820F1E}: Domain = pnl.gov
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAFFA080-58DC-429A-A98A-76C571A48B49}: Domain = pnl.gov
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB9F92B4-7C50-44E1-8216-EAB6DBE0DD3D}: Domain = pnl.gov
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pnl.gov
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = pnl.gov,emsl.pnl.gov
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = pnl.gov
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = pnl.gov,emsl.pnl.gov
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = pnl.gov,emsl.pnl.gov
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v3.0.1 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Connected RegCap (CBRegCap) - Connected Corporation - C:\Program Files\Connected\CBRegCap.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Connected Launcher (ConnectedLauncher) - Connected Corporation - C:\Program Files\Connected\CBlaunch.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Thank you!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP