Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

DrPmon.dll & Aurora problems

Reply

Join Date: Jul 2005
Posts: 1
Reputation: raksta is an unknown quantity at this point 
Solved Threads: 0
raksta raksta is offline Offline
Newbie Poster

Re: DrPmon.dll & Aurora problems

 
0
  #1
Jul 10th, 2005
Hello followed ur advice on deleting Drpmon.dll and aurora here is the hijackthis log file and edwido scan file thanks...
Logfile of HijackThis v1.99.1
Scan saved at 5:18:36 PM, on 10/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
c:\windows\system32\jrhtnbc.exe
C:\Documents and Settings\NASH\Desktop\AntiVirus\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...ch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [pyznxj] c:\windows\system32\jrhtnbc.exe r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\stubinstaller5975.exe"
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:17:55 PM, 10/07/2005
+ Report-Checksum: 963E24AA

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{7C559105-9ECF-42b8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTx.Installer -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1390067357-1229272821-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
:mozilla.10:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.11:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.31:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.32:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.33:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.34:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.35:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.36:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.76:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.77:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.78:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.79:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\NASH\Cookies\nash@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\NASH\Cookies\nash@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\NASH\Cookies\nash@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\NASH\Cookies\nash@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\NASH\Cookies\nash@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\NASH\Cookies\nash@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\NASH\Cookies\nash@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\NASH\Cookies\nash@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\NASH\Local Settings\Temporary Internet Files\Content.IE5\O5GZWF4V\svcproc[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\NASH\Local Settings\Temporary Internet Files\Content.IE5\R97Y7A8K\abiuninst[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\NASH\Local Settings\Temporary Internet Files\Content.IE5\SZQR2TE9\stubinstaller5975[1].exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\NASH\Local Settings\Temporary Internet Files\Content.IE5\UXSBMXI5\ucmoreiex[1].exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with backup
C:\Documents and Settings\NASH\Local Settings\Temporary Internet Files\Content.IE5\UXSBMXI5\ucmoreiex[1].exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with backup
C:\Program Files\Hewlett-Packard\Memories Disc\hpodlog.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\WINDOWS\hdeo5gal.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\stubinstaller5975.exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\system32\8dcnh1es.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\bcrwkm.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with backup
C:\WINDOWS\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with backup


::Report End
Reply With Quote Quick reply to this message  
Join Date: Jul 2004
Posts: 2,964
Reputation: dlh6213 is on a distinguished road 
Solved Threads: 210
Team Colleague
dlh6213 dlh6213 is offline Offline
Posting Maven

Re: DrPmon.dll & Aurora problems

 
0
  #2
Jul 24th, 2005
Hi Raksta, welcome to DaniWeb

I've split your post into it's own thread per forum rules (http://www.daniweb.com/techtalkforum..._faq#faq_rules)

Please follow the recommendations and instructions in the three links in my signature below. After you've done the Aurora fix, please post a new HJT log.
Links to help you help yourself :

Protect Your PC & Avoid Infections -- http://www.daniweb.com/techtalkforums/thread27519.html

Cleanup Procedures & Tools -- http://www.daniweb.com/techtalkforums/thread27570.html

Infection Removal & HijackThis Use -- http://www.daniweb.com/techtalkforums/thread28196.html
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack hosting internet kaspersky legal mail malware mcafee mega-d messagelabs microsoft mobile nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC