Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

aurora pop-ups [resolved]

Started by jennyenny81 , May 22 2005 07:49 PM

This topic is locked

#1
jennyenny81

Posted 22 May 2005 - 07:49 PM

New Member

Member
7 posts

Hi there, I'm having issues with a pop-up called Aurora. I ran Ad-Aware and AVG but it just won't go away. Thanks in advance for your help! Here's my HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 9:42:40 PM, on 5/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\winhlp32.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Rip\LOCALS~1\Temp\Rar$EX00.297\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://213.159.117.134/index.php
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [thtimg] c:\windows\system32\hbwwvev.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094137864923
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://play06.pogo.c...aploader_v5.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: System - {45D72E6C-21F1-4E47-9A70-2C2AAD82806C} - C:\WINDOWS\system32\system32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

Edited by jennyenny81, 22 May 2005 - 07:50 PM.

#2
g2i2r4

Posted 23 May 2005 - 08:04 AM

retired HiJack Helper

Retired Staff
5,080 posts

Welcome jennyenny81 to Geeks to Go!

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [thtimg] c:\windows\system32\hbwwvev.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#3
jennyenny81

Posted 23 May 2005 - 04:52 PM

New Member

Topic Starter
Member
7 posts

Thanks! Here are my logs, how do they look?

Logfile of HijackThis v1.99.1
Scan saved at 6:52:37 PM, on 5/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Documents and Settings\Rip\Desktop\security suite\ewidoctrl.exe
C:\Documents and Settings\Rip\Desktop\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Rip\LOCALS~1\Temp\Rar$EX13.422\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://213.159.117.134/index.php
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094137864923
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://play06.pogo.c...aploader_v5.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O21 - SSODL: System - {45D72E6C-21F1-4E47-9A70-2C2AAD82806C} - C:\WINDOWS\system32\system32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Rip\Desktop\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\Rip\Desktop\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--------------------------

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:43:03 PM, 5/23/2005
+ Report-Checksum: FCF8CBD5

+ Date of database: 5/23/2005
+ Version of scan engine: v3.0

+ Duration: 123 min
+ Scanned Files: 249267
+ Speed: 33.51 Files/Second
+ Infected files: 191
+ Removed files: 97
+ Files put in quarantine: 97
+ Files that could not be opened: 0
+ Files that could not be cleaned: 94

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
C:\

+ Scan result:
C:\Documents and Settings\Rip\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-6fd9f626-777ed55e.class -> TrojanDownloader.Small.WV -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@17859531[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@bannerspace[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@bfast[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@exitexchange[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@network[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@tradedoubler[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\BKR\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\DQR\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\GEW\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\HDH\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\JWK\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\KEL\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\KND\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\MBG\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\mxTarget.dll -> Spyware.BiSpy.t -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\NUN\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\OHD\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\OLI\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\OUC\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\PEW\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\randreco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\RBM\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\rndrcus.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\SSS\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\temp.fr4E6A -> Spyware.DlMax.a -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\temp.frE5A7\wupdt.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\temp.frF06E -> TrojanDownloader.Intexp.c -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\THI1DF0.tmp\dlmax.dll -> Spyware.BiSpy.t -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\THI3DD3.tmp\mxTarget.dll -> Spyware.BiSpy.o -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\THI51BF.tmp\mxTarget.dll -> Spyware.BiSpy.o -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\tmp104594625.tmp -> Spyware.180solutions -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\tmp1573045750.tmp -> Spyware.180solutions -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\UCO\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\UWV\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\VEN\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\VTF\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\~F4.exe -> Dialer.Generic -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\~F6.exe -> Dialer.Generic -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temporary Internet Files\Content.IE5\LINA546X\aurora[1].exe -> Spyware.BetterInternet.c -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temporary Internet Files\Content.IE5\SL6Z096Z\Nail[1].exe -> Trojan.Nail -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temporary Internet Files\Content.IE5\SL6Z096Z\svcproc[1].exe -> Trojan.Stervis.c -> Cleaned with backup
C:\Documents and Settings\Rip.D2ZH8241\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip.D2ZH8241\Cookies\rip@myway[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Cleaned with backup
C:\Program Files\Common Files\ufoq\ufoqp.exe -> Spyware.Xupiter.m -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP435\A0042201.dll -> Spyware.BiSpy.t -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0042263.exe -> Spyware.WebRebates.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0042271.dll -> Spyware.BiSpy.t -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0042285.dll -> Spyware.BiSpy.t -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\snapshot\MFEX-2.DAT -> Spyware.DlMax.a -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0042374.exe -> Spyware.WebRebates.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP496\A0045809.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0045849.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0045861.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0045878.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0045923.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0045925.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP504\A0046063.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP504\A0046065.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0046090.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP506\A0046117.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP507\A0046201.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP509\A0046232.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP510\A0046249.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP511\A0046268.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP512\A0046286.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP512\A0046287.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP512\A0046290.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP513\A0046359.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP513\A0046422.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP513\A0046438.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP513\snapshot\MFEX-61.DAT -> TrojanDownloader.Intexp.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP514\A0046445.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP515\A0047447.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP515\A0047575.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP515\A0047587.exe -> Trojan.Nail -> Cleaned with backup
C:\WINDOWS\bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll -> Spyware.Gator.1019 -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll -> Spyware.Gator.1019 -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> TrojanDownloader.WebP2PInstaller -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WrapperOuter1154041215.EXE -> Spyware.VirtualBouncer.j -> Cleaned with backup
C:\WINDOWS\rwuewbxljh.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\SYSTEM32\axuninstall.exe -> Spyware.BlazeFind.e -> Cleaned with backup
C:\WINDOWS\SYSTEM32\tvmk1ez.dll -> Spyware.EZula.ac -> Cleaned with backup
C:\Documents and Settings\Rip\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-6fd9f626-777ed55e.class -> TrojanDownloader.Small.WV -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@17859531[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@advertising[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@atdmt[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@bannerspace[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@bfast[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@burstnet[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@exitexchange[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@geocities[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@network[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@tradedoubler[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\BKR\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\DQR\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\GEW\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\HDH\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\JWK\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\KEL\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\KND\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\MBG\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\mxTarget.dll -> Spyware.BiSpy.t -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\NUN\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\OHD\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\OLI\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\OUC\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\PEW\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\randreco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\RBM\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\rndrcus.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\SSS\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\temp.fr4E6A -> Spyware.DlMax.a -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\temp.frE5A7\wupdt.exe -> TrojanDownloader.Intexp.c -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\temp.frF06E -> TrojanDownloader.Intexp.c -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\THI1DF0.tmp\dlmax.dll -> Spyware.BiSpy.t -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\THI3DD3.tmp\mxTarget.dll -> Spyware.BiSpy.o -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\THI51BF.tmp\mxTarget.dll -> Spyware.BiSpy.o -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\tmp104594625.tmp -> Spyware.180solutions -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\tmp1573045750.tmp -> Spyware.180solutions -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\UCO\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\UWV\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\VEN\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\VTF\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\~F4.exe -> Dialer.Generic -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\~F6.exe -> Dialer.Generic -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temporary Internet Files\Content.IE5\LINA546X\aurora[1].exe -> Spyware.BetterInternet.c -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temporary Internet Files\Content.IE5\SL6Z096Z\Nail[1].exe -> Trojan.Nail -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temporary Internet Files\Content.IE5\SL6Z096Z\svcproc[1].exe -> Trojan.Stervis.c -> Error during cleaning
C:\Documents and Settings\Rip.D2ZH8241\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip.D2ZH8241\Cookies\rip@myway[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Error during cleaning
C:\Program Files\Common Files\ufoq\ufoqp.exe -> Spyware.Xupiter.m -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP435\A0042201.dll -> Spyware.BiSpy.t -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0042263.exe -> Spyware.WebRebates.c -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0042271.dll -> Spyware.BiSpy.t -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0042285.dll -> Spyware.BiSpy.t -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\snapshot\MFEX-2.DAT -> Spyware.DlMax.a -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0042374.exe -> Spyware.WebRebates.c -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP496\A0045809.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0045849.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0045861.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0045878.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0045923.exe -> Trojan.Nail -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0045925.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP504\A0046063.exe -> Trojan.Nail -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP504\A0046065.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0046090.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP506\A0046117.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP507\A0046201.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP509\A0046232.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP510\A0046249.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP511\A0046268.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP512\A0046286.exe -> Trojan.Stervis.c -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP512\A0046287.exe -> Trojan.Nail -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP512\A0046290.exe -> TrojanDownloader.Intexp.c -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP513\A0046359.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP513\A0046422.exe -> TrojanDownloader.Intexp.c -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP513\A0046438.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP513\snapshot\MFEX-61.DAT -> TrojanDownloader.Intexp.c -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP514\A0046445.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP515\A0047447.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP515\A0047575.exe -> Trojan.Stervis.c -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP515\A0047587.exe -> Trojan.Nail -> Error during cleaning
C:\WINDOWS\bbchk.exe -> Spyware.Bargainbuddy -> Error during cleaning
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll -> Spyware.Gator.1019 -> Error during cleaning
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll -> Spyware.Gator.1019 -> Error during cleaning
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> TrojanDownloader.WebP2PInstaller -> Error during cleaning
C:\WINDOWS\Downloaded Program Files\WrapperOuter1154041215.EXE -> Spyware.VirtualBouncer.j -> Error during cleaning

::Report End

#4
g2i2r4

Posted 23 May 2005 - 05:44 PM

retired HiJack Helper

Retired Staff
5,080 posts

Oh nice, some more baddies.

Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Reboot the computer.

***

Download CW-Shredder at the link below:
http://cwshredder.ne.../CWShredder.exe
Now run the CWShredder - Hit The FIX button!

***

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://213.159.117.134/index.php
you can leave this if you are in Russia

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab

O21 - SSODL: System - {45D72E6C-21F1-4E47-9A70-2C2AAD82806C} - C:\WINDOWS\system32\system32.dll (file missing)

Click on Fix Checked when finished and exit HijackThis.

***

Reboot to save mode.
Rerun Ewido and save that log.

***

Open HijackThis
Go to ‘config’
Go to ‘misc tools’
Press the button ‘open uninstall manager’
Press the button 'save list'. It will open a Notepad file. Place the content of that file here in your answer please.

***

Post back here in this topic:
an uninstall list
the Ewido scan result
a HijackThis scanlog.

#5
jennyenny81

Posted 26 May 2005 - 03:34 PM

New Member

Topic Starter
Member
7 posts

Here ya go. Sorry about the delay, I actually did this a couple of days ago but then my internet went down for some reason. Thanks for all your help!

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:43:03 PM, 5/23/2005
+ Report-Checksum: FCF8CBD5

+ Date of database: 5/23/2005
+ Version of scan engine: v3.0

+ Duration: 123 min
+ Scanned Files: 249267
+ Speed: 33.51 Files/Second
+ Infected files: 191
+ Removed files: 97
+ Files put in quarantine: 97
+ Files that could not be opened: 0
+ Files that could not be cleaned: 94

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
C:\

+ Scan result:
C:\Documents and Settings\Rip\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-6fd9f626-777ed55e.class -> TrojanDownloader.Small.WV -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@17859531[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@bannerspace[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@bfast[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@exitexchange[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@network[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@tradedoubler[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\BKR\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\DQR\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\GEW\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\HDH\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\JWK\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\KEL\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\KND\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\MBG\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\mxTarget.dll -> Spyware.BiSpy.t -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\NUN\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\OHD\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\OLI\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\OUC\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\PEW\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\randreco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\RBM\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\rndrcus.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\SSS\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\temp.fr4E6A -> Spyware.DlMax.a -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\temp.frE5A7\wupdt.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\temp.frF06E -> TrojanDownloader.Intexp.c -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\THI1DF0.tmp\dlmax.dll -> Spyware.BiSpy.t -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\THI3DD3.tmp\mxTarget.dll -> Spyware.BiSpy.o -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\THI51BF.tmp\mxTarget.dll -> Spyware.BiSpy.o -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\tmp104594625.tmp -> Spyware.180solutions -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\tmp1573045750.tmp -> Spyware.180solutions -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\UCO\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\UWV\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\VEN\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\VTF\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\~F4.exe -> Dialer.Generic -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temp\~F6.exe -> Dialer.Generic -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temporary Internet Files\Content.IE5\LINA546X\aurora[1].exe -> Spyware.BetterInternet.c -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temporary Internet Files\Content.IE5\SL6Z096Z\Nail[1].exe -> Trojan.Nail -> Cleaned with backup
C:\Documents and Settings\Rip\Local Settings\Temporary Internet Files\Content.IE5\SL6Z096Z\svcproc[1].exe -> Trojan.Stervis.c -> Cleaned with backup
C:\Documents and Settings\Rip.D2ZH8241\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip.D2ZH8241\Cookies\rip@myway[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Cleaned with backup
C:\Program Files\Common Files\ufoq\ufoqp.exe -> Spyware.Xupiter.m -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP435\A0042201.dll -> Spyware.BiSpy.t -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0042263.exe -> Spyware.WebRebates.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0042271.dll -> Spyware.BiSpy.t -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0042285.dll -> Spyware.BiSpy.t -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\snapshot\MFEX-2.DAT -> Spyware.DlMax.a -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0042374.exe -> Spyware.WebRebates.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP496\A0045809.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0045849.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0045861.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0045878.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0045923.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0045925.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP504\A0046063.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP504\A0046065.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0046090.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP506\A0046117.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP507\A0046201.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP509\A0046232.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP510\A0046249.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP511\A0046268.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP512\A0046286.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP512\A0046287.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP512\A0046290.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP513\A0046359.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP513\A0046422.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP513\A0046438.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP513\snapshot\MFEX-61.DAT -> TrojanDownloader.Intexp.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP514\A0046445.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP515\A0047447.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP515\A0047575.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP515\A0047587.exe -> Trojan.Nail -> Cleaned with backup
C:\WINDOWS\bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll -> Spyware.Gator.1019 -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll -> Spyware.Gator.1019 -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> TrojanDownloader.WebP2PInstaller -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WrapperOuter1154041215.EXE -> Spyware.VirtualBouncer.j -> Cleaned with backup
C:\WINDOWS\rwuewbxljh.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\SYSTEM32\axuninstall.exe -> Spyware.BlazeFind.e -> Cleaned with backup
C:\WINDOWS\SYSTEM32\tvmk1ez.dll -> Spyware.EZula.ac -> Cleaned with backup
C:\Documents and Settings\Rip\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-6fd9f626-777ed55e.class -> TrojanDownloader.Small.WV -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@17859531[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@advertising[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@atdmt[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@bannerspace[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@bfast[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@burstnet[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@exitexchange[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@geocities[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@network[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@tradedoubler[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Cookies\rip@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\BKR\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\DQR\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\GEW\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\HDH\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\JWK\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\KEL\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\KND\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\MBG\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\mxTarget.dll -> Spyware.BiSpy.t -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\NUN\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\OHD\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\OLI\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\OUC\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\PEW\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\randreco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\RBM\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\rndrcus.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\SSS\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\temp.fr4E6A -> Spyware.DlMax.a -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\temp.frE5A7\wupdt.exe -> TrojanDownloader.Intexp.c -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\temp.frF06E -> TrojanDownloader.Intexp.c -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\THI1DF0.tmp\dlmax.dll -> Spyware.BiSpy.t -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\THI3DD3.tmp\mxTarget.dll -> Spyware.BiSpy.o -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\THI51BF.tmp\mxTarget.dll -> Spyware.BiSpy.o -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\tmp104594625.tmp -> Spyware.180solutions -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\tmp1573045750.tmp -> Spyware.180solutions -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\UCO\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\UWV\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\VEN\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\VTF\aurareco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\~F4.exe -> Dialer.Generic -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temp\~F6.exe -> Dialer.Generic -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temporary Internet Files\Content.IE5\LINA546X\aurora[1].exe -> Spyware.BetterInternet.c -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temporary Internet Files\Content.IE5\SL6Z096Z\Nail[1].exe -> Trojan.Nail -> Error during cleaning
C:\Documents and Settings\Rip\Local Settings\Temporary Internet Files\Content.IE5\SL6Z096Z\svcproc[1].exe -> Trojan.Stervis.c -> Error during cleaning
C:\Documents and Settings\Rip.D2ZH8241\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Rip.D2ZH8241\Cookies\rip@myway[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Error during cleaning
C:\Program Files\Common Files\ufoq\ufoqp.exe -> Spyware.Xupiter.m -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP435\A0042201.dll -> Spyware.BiSpy.t -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0042263.exe -> Spyware.WebRebates.c -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0042271.dll -> Spyware.BiSpy.t -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\A0042285.dll -> Spyware.BiSpy.t -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP458\snapshot\MFEX-2.DAT -> Spyware.DlMax.a -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP459\A0042374.exe -> Spyware.WebRebates.c -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP496\A0045809.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP499\A0045849.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP500\A0045861.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP501\A0045878.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0045923.exe -> Trojan.Nail -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP502\A0045925.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP504\A0046063.exe -> Trojan.Nail -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP504\A0046065.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP505\A0046090.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP506\A0046117.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP507\A0046201.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP509\A0046232.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP510\A0046249.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP511\A0046268.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP512\A0046286.exe -> Trojan.Stervis.c -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP512\A0046287.exe -> Trojan.Nail -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP512\A0046290.exe -> TrojanDownloader.Intexp.c -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP513\A0046359.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP513\A0046422.exe -> TrojanDownloader.Intexp.c -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP513\A0046438.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP513\snapshot\MFEX-61.DAT -> TrojanDownloader.Intexp.c -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP514\A0046445.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP515\A0047447.exe -> Spyware.BetterInternet -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP515\A0047575.exe -> Trojan.Stervis.c -> Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP515\A0047587.exe -> Trojan.Nail -> Error during cleaning
C:\WINDOWS\bbchk.exe -> Spyware.Bargainbuddy -> Error during cleaning
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll -> Spyware.Gator.1019 -> Error during cleaning
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll -> Spyware.Gator.1019 -> Error during cleaning
C:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll -> TrojanDownloader.WebP2PInstaller -> Error during cleaning
C:\WINDOWS\Downloaded Program Files\WrapperOuter1154041215.EXE -> Spyware.VirtualBouncer.j -> Error during cleaning

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 4:29:39 PM, on 5/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Rip\Desktop\security suite\SecuritySuite.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Rip\LOCALS~1\Temp\Rar$EX00.828\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094137864923
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://play06.pogo.c...aploader_v5.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Rip\Desktop\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\Rip\Desktop\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

ABBYY FineReader 5.0 Sprint
Ad-Aware SE Personal
Ad-Aware SE Professional
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0.1
AOL Instant Messenger
Ares 1.8.1
AVG Free Edition
Battlefield 1942
BCM V.92 56K Modem
Broadcom Management Programs
Dell AIO Printer A940
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
Dell Support 5.0.0 (734)
DS21Patch
ewido security suite
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Intel® Extreme Graphics Driver
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
Learn2 Player (Uninstall Only)
Microsoft .NET Framework 1.1
Microsoft Combat Flight Simulator 3.0
Microsoft Encarta Encyclopedia Standard 2004
Microsoft Money 2004
Microsoft Money 2004 System Pack
Modem Helper
MSXML4 Parser
MUSICMATCH® Jukebox
P2P Networking
QuickTime
RealOne Player
Shockwave
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
TSA
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows SA
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
WinRAR archiver
WordPerfect Office 11

#6
g2i2r4

Posted 26 May 2005 - 03:50 PM

retired HiJack Helper

Retired Staff
5,080 posts

Download this tool.
Save it to your desktop and double click FxBlzFnd.exe
Let it run.

I would like to advise you to uninstall P2P Networking, as it bundle up with spyware.

Reboot the computer.

Go to start - software panel and see if Windows SA is still there. If it is, please uninstall it.

***

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot to save mode.

Do this when we have the Ewido Scan clean.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

***

Again, rerun Ewido. We need to get an all clean result. Post me the ewido log please.

#7
jennyenny81

Posted 01 June 2005 - 06:37 PM

New Member

Topic Starter
Member
7 posts

I have 2 Ewido scans to post ... thought maybe after it ran the first time i could get another clean one ... no dice.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:30:01 PM, 5/30/2005
+ Report-Checksum: 31B685E6

+ Date of database: 5/30/2005
+ Version of scan engine: v3.0

+ Duration: 53 min
+ Scanned Files: 113254
+ Speed: 35.21 Files/Second
+ Infected files: 21
+ Removed files: 21
+ Files put in quarantine: 21
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Rip\Cookies\rip@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@adrevolver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@bluestreak[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@doubleclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@fastclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@targetnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@zedo[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

::Report End

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:30:51 PM, 6/1/2005
+ Report-Checksum: 71031058

+ Date of database: 6/1/2005
+ Version of scan engine: v3.0

+ Duration: 87 min
+ Scanned Files: 125207
+ Speed: 23.87 Files/Second
+ Infected files: 12
+ Removed files: 12
+ Files put in quarantine: 12
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@dcsauhh66pifwz3kt81grbj8d_5p7p[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\rip@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Rip\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

::Report End

#8
g2i2r4

Posted 02 June 2005 - 03:00 AM

retired HiJack Helper

Retired Staff
5,080 posts

Can you post me a fresh scanlog using HijackThis?
Sofar it looks good. How are things at your end?

#9
jennyenny81

Posted 02 June 2005 - 03:04 PM

New Member

Topic Starter
Member
7 posts

The computer is running muuuuch better, no more Aurora pop-ups and it seems to be running faster (not sure if it's really faster or just my imagination, haha). You've been extremely helpful and I'm very happy the computer is improving. I just want to make sure I get rid of the "infected files". My dad said "If it has an infection, why don't we just inject some penicillin in the mouse?" He thinks he's so funny ;-) Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 4:57:12 PM, on 6/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Documents and Settings\Rip\Desktop\security suite\ewidoctrl.exe
C:\Documents and Settings\Rip\Desktop\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Rip\LOCALS~1\Temp\Rar$EX00.531\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094137864923
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://play06.pogo.c...aploader_v5.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Rip\Desktop\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\Rip\Desktop\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

#10
g2i2r4

Posted 03 June 2005 - 03:07 AM

retired HiJack Helper

Retired Staff
5,080 posts

"If it has an infection, why don't we just inject some penicillin in the mouse?"

I just knew it, there is an easier way to deal with infections, but they haven't told us. :tazz:

Well Jenny, you're doing just great without the shots. Just a leftover and than you should be clean to go.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O4 - Startup: PowerReg Scheduler.exe

Click on Fix Checked when finished and exit HijackThis.

Reboot the computer and post back a fresh log.

Edited by g2i2r4, 03 June 2005 - 03:07 AM.

#11
jennyenny81

Posted 06 June 2005 - 04:18 PM

New Member

Topic Starter
Member
7 posts

Thank you so much for your help. I never would have figured all of this out on my own. How's this look?

Logfile of HijackThis v1.99.1
Scan saved at 6:15:01 PM, on 6/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Documents and Settings\Rip\Desktop\security suite\ewidoctrl.exe
C:\Documents and Settings\Rip\Desktop\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Rip\LOCALS~1\Temp\Rar$EX00.656\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = www.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1094137864923
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://play06.pogo.c...aploader_v5.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Rip\Desktop\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

#12
g2i2r4

Posted 06 June 2005 - 04:22 PM

retired HiJack Helper

Retired Staff
5,080 posts

Looks good to me, weldone :tazz:

How are things over there?

#13
jennyenny81

Posted 06 June 2005 - 07:04 PM

New Member

Topic Starter
Member
7 posts

Everything's great on this end! Thank you again for your help!!

~Jenny

#14
g2i2r4

Posted 07 June 2005 - 01:21 AM

retired HiJack Helper

Retired Staff
5,080 posts

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

A tutorial on installing & using this product can be found here:

Using Spybot - Search & Destroy to remove Spyware, Malware, and Hijackers
Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.