I need help

Jaysinet · June 16th, 2005, 12:10 AM

I have what I believe is the Aurora Virus , I ran a hijack log and it is below. Please help me fix this

Logfile of HijackThis v1.99.1
Scan saved at 10:00:07 PM, on 6/15/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\twmqom.exe
C:\Program Files\Windows AdControl\WinAdCtl.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows AdControl\WinAdAlt.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ohb - {CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} - C:\WINDOWS\System32\dsktrf1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ksszkbymjd] C:\WINDOWS\System32\twmqom.exe
O4 - HKLM\..\Run: [Windows AdControl] C:\Program Files\Windows AdControl\WinAdCtl.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} - http://www.begin2search.com/toolbar/winb2s32.cab
O16 - DPF: {F72BC3F0-6C20-4793-9DDA-258589D8A907} - http://akamai.downloadv3.com/binarie...lv32_EN_XP.cab
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Jarhed7276 · June 16th, 2005, 12:15 AM

Here is a link to the analysis of your log file.

http://www.hijackthis.de/logfiles/21...fc01bda16.html

You can copy and paste a log file at the site below:

http://www.hijackthis.de/

Jaysinet · June 16th, 2005, 12:45 AM

I am new to the High Jack logs....that worked great