[Pande17]

Ok, im brand new to these forums i downloaded hijack this, and i scanned my computer and here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 9:49:18 PM, on 7/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Valve\Steam\Steam.exe
c:\windows\system32\wfigim.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Ben\Desktop\hijack\HijackThis.exe

O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ozdbd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\ozdbd.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ccbrnoc] c:\windows\system32\wfigim.exe r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\GO\CTCMSGo.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4727F9F4-D71F-4EBC-B9FE-0E1DE267E7EC}: NameServer = 69.50.176.196,195.225.176.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{8A8DB50F-9234-4741-ADFA-7406176840C6}: NameServer = 69.50.176.196,195.225.176.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{A28B2AE7-F92A-4882-B3C1-9FC8A11FC52D}: NameServer = 69.50.176.196,195.225.176.110
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7EE0085-34BC-429F-A82E-EE334845066C}: NameServer = 69.50.176.196,195.225.176.110
O17 - HKLM\System\CS1\Services\Tcpip\..\{4727F9F4-D71F-4EBC-B9FE-0E1DE267E7EC}: NameServer = 69.50.176.196,195.225.176.110
O17 - HKLM\System\CS2\Services\Tcpip\..\{4727F9F4-D71F-4EBC-B9FE-0E1DE267E7EC}: NameServer = 69.50.176.196,195.225.176.110
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe




How can i get rid of this damned aurora malware, thank you

[Advertisements]

bump

*Edited by an Administrator

Hello! Bumping your thread will not get you helped any quicker, as we look for threads with no replies. Also, we work from oldest to newest, and currently are working on logs that have been posted three to five days ago , sometimes even older. Please be patient with us. We are working as fast as we can without compromising the integrity of our work.

Edited by ~Kat~, 07 July 2005 - 12:34 AM.

[Pande17]

bump

*Edited by an Administrator

Hello! Bumping your thread will not get you helped any quicker, as we look for threads with no replies. Also, we work from oldest to newest, and currently are working on logs that have been posted three to five days ago , sometimes even older. Please be patient with us. We are working as fast as we can without compromising the integrity of our work.

Edited by ~Kat~, 07 July 2005 - 12:34 AM.

[Pande17]

o allright im sorry then, im new to how this forum works, and im very thankful for the time you guys spend helping us i'll just wait, i can live

[Pande17]

well... i've waited a couple weeks now? anybody know how much longer i need to wait for?