DrPmon.dll & Aurora problems

Question

raksta 0 Newbie Poster

18 Years Ago

Hello followed ur advice on deleting Drpmon.dll and aurora here is the hijackthis log file and edwido scan file thanks...

Logfile of HijackThis v1.99.1
Scan saved at 5:18:36 PM, on 10/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
c:\windows\system32\jrhtnbc.exe
C:\Documents and Settings\NASH\Desktop\AntiVirus\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [pyznxj] c:\windows\system32\jrhtnbc.exe r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\WINDOWS\stubinstaller5975.exe"
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_07\bin\npjpi142_07.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------


+ Created on:           5:17:55 PM, 10/07/2005
+ Report-Checksum:      963E24AA


+ Scan result:


HKLM\SOFTWARE\Classes\CLSID\{7C559105-9ECF-42b8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTx.Installer -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1390067357-1229272821-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
:mozilla.10:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.11:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.31:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.32:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.33:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.34:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.35:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.36:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.43:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.76:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.77:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.78:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.79:C:\Documents and Settings\NASH\Application Data\Mozilla\Firefox\Profiles\jhop99p7.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\NASH\Cookies\nash@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\NASH\Cookies\nash@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\NASH\Cookies\nash@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\NASH\Cookies\nash@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\NASH\Cookies\nash@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\NASH\Cookies\nash@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\NASH\Cookies\nash@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\NASH\Cookies\nash@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\NASH\Local Settings\Temporary Internet Files\Content.IE5\O5GZWF4V\svcproc[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\NASH\Local Settings\Temporary Internet Files\Content.IE5\R97Y7A8K\abiuninst[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\NASH\Local Settings\Temporary Internet Files\Content.IE5\SZQR2TE9\stubinstaller5975[1].exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\NASH\Local Settings\Temporary Internet Files\Content.IE5\UXSBMXI5\ucmoreiex[1].exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with backup
C:\Documents and Settings\NASH\Local Settings\Temporary Internet Files\Content.IE5\UXSBMXI5\ucmoreiex[1].exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with backup
C:\Program Files\Hewlett-Packard\Memories Disc\hpodlog.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\WINDOWS\hdeo5gal.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\stubinstaller5975.exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\system32\8dcnh1es.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\bcrwkm.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Cleaned with backup
C:\WINDOWS\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Cleaned with backup



::Report End

windows-virus

Edited 11 Years Ago by Nick Evan because: Fixed formatting

2 Contributors
1 Reply
131 Views
2 Weeks Discussion Span
Latest Post 18 Years Ago Latest Post by dlh6213

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

dlh6213 27 Posting Maven Team Colleague · Answer 1 · 2005-07-24T16:50:03+00:00

Hi Raksta, welcome to DaniWeb :D

I've split your post into it's own thread per forum rules (http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules)

Please follow the recommendations and instructions in the three links in my signature below. After you've done the Aurora fix, please post a new HJT log.