Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Aurora [CLOSED]

Started by Enox , May 24 2005 06:00 PM

  • This topic is locked This topic is locked

#1
Enox
Posted 24 May 2005 - 06:00 PM

Enox

    New Member

  • Member
  • Pip
  • 3 posts
I've been noticing these pop-ups under the name "Aurora" and when I got tired of them, I couldn't figure out how to remove the Aurora program. I have no idea how it got onto my computer, but I want it off! Can anyone help? Here's a copy of my HijackThis log.

thanks


Logfile of HijackThis v1.99.1
Scan saved at 6:57:40 PM, on 5/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\PaqTool\keylog\keylog.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\find.exe
C:\Program Files\AIM\aim.exe
c:\windows\system32\zkoapu.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\Suh8.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\WINDOWS\system32\Cxnrm42.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ian.FAMILY\Desktop\Installers\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sandboxer...25KNZSLK53CWYEG
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [0zJToD] C:\windows\temp\0zJToD.exe
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\LhoK8W3.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [84uyYA] C:\documents and settings\main\local settings\temp\84uyYA.exe
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TTnqkvNf] C:\documents and settings\steph\local settings\temp\TTnqkvNf.exe
O4 - HKLM\..\Run: [HomeKeyLogger] C:\Documents and Settings\Main\PrintHood\HomeKeyLogger\KeyLogger.exe
O4 - HKLM\..\Run: [VC_Log] C:\Program Files\PaqTool\keylog\keylog.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [py14rBsL] C:\documents and settings\steph\local settings\temp\py14rBsL.exe
O4 - HKLM\..\Run: [9Ihbb] C:\documents and settings\steph\local settings\temp\9Ihbb.exe
O4 - HKLM\..\Run: [llD2bx] C:\documents and settings\steph\local settings\temp\llD2bx.exe
O4 - HKLM\..\Run: [kdfejl] c:\windows\system32\kdfejl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Find] C:\WINDOWS\find.exe
O4 - HKLM\..\Run: [vsimfd] c:\windows\system32\zkoapu.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
O16 - DPF: {E4961D20-6367-4C75-BCF3-5213C29A827C} (llamapro) - https://www.pimpwar....ro/llamapro.cab
O20 - AppInit_DLLs: sfklg.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Ian.FAMILY\Desktop\Installers\CWShredder214.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements

#2
loophole
Posted 29 May 2005 - 04:35 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello Enox :tazz:

You have Quite a bit here but we should be able to get it.You may wish to print out a copy of these instructions to follow while you complete this procedure.

First, we need to remove the peper trojan. Download this file, run, and let terminate (it'll just blink briefly on your screen and won't appeared to have done much--this is normal):
http://www.geekstogo...=download&id=18 Now please run the tool a second time

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

CleanUp! - Download it and install it. Dont run it yet.


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.



Now please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:( some of these may not be present)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sandboxer...25KNZSLK53CWYEG
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [Find] C:\WINDOWS\find.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.com/cabs/mmed.cab
O16 - DPF: {E4961D20-6367-4C75-BCF3-5213C29A827C} (llamapro) - https://www.pimpwar....ro/llamapro.cab

Close all open windows except for HijackThis and click Fix Checked.

Please uninstall the following(if present) Click Start>>>control panel>>>add/remove
Ebates_MoeMoneyMaker

Now run clean up again

Reboot and post a new log as well as the log from the Ewido scan. we will have more work to do


Good luck and Thanks

Edited by loophole, 30 May 2005 - 09:38 AM.

  • 0

#3
Enox
Posted 30 May 2005 - 12:22 AM

Enox

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks for the help! Here's the new HijackThis log. I ran Ewido, but when I came back to the computer (I left for a bit because it was taking so long) a dialog box had come up and said Ewido had encountered an error and needed to close. I tried to get a log from it, but it closed before I could. Sorry.

Logfile of HijackThis v1.99.1
Scan saved at 1:23:24 AM, on 5/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\PaqTool\keylog\keylog.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
c:\windows\system32\zhhfmi.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ian.FAMILY\Desktop\Installers\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [0zJToD] C:\windows\temp\0zJToD.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [84uyYA] C:\documents and settings\main\local settings\temp\84uyYA.exe
O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TTnqkvNf] C:\documents and settings\steph\local settings\temp\TTnqkvNf.exe
O4 - HKLM\..\Run: [HomeKeyLogger] C:\Documents and Settings\Main\PrintHood\HomeKeyLogger\KeyLogger.exe
O4 - HKLM\..\Run: [VC_Log] C:\Program Files\PaqTool\keylog\keylog.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [py14rBsL] C:\documents and settings\steph\local settings\temp\py14rBsL.exe
O4 - HKLM\..\Run: [9Ihbb] C:\documents and settings\steph\local settings\temp\9Ihbb.exe
O4 - HKLM\..\Run: [llD2bx] C:\documents and settings\steph\local settings\temp\llD2bx.exe
O4 - HKLM\..\Run: [kdfejl] c:\windows\system32\kdfejl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Find] C:\WINDOWS\find.exe
O4 - HKLM\..\Run: [MMC] C:\WINDOWS\inisys.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [krsigd] c:\windows\system32\zhhfmi.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - AppInit_DLLs: sfklg.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Ian.FAMILY\Desktop\Installers\CWShredder214.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Edited by Enox, 30 May 2005 - 12:24 AM.

  • 0

#4
loophole
Posted 30 May 2005 - 10:46 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello enox

Looking better

You may wish to print out a copy of these instructions to follow while you complete this procedure.


Please uninstall Spyware Stormer see why here http://www.spywarewa...nti-spyware.htm
I will give you a list of Valid ati-spyware programs later.

Click Start>>>control panel>>>add/remove
Spyware stormer

Please download the Killbox by Option^Explicit.

Save it to your desktop.


Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

O4 - HKLM\..\Run: [Spyware Stormer] C:\Program Files\Spyware Stormer\SpywareStormer.Exe
O4 - HKLM\..\Run: [0zJToD] C:\windows\temp\0zJToD.exe
O4 - HKLM\..\Run: [84uyYA] C:\documents and settings\main\local settings\temp\84uyYA.exe
O4 - HKLM\..\Run: [TTnqkvNf] C:\documents and settings\steph\local settings\temp\TTnqkvNf.exe
O4 - HKLM\..\Run: [py14rBsL] C:\documents and settings\steph\local settings\temp\py14rBsL.exe
O4 - HKLM\..\Run: [9Ihbb] C:\documents and settings\steph\local settings\temp\9Ihbb.exe
O4 - HKLM\..\Run: [llD2bx] C:\documents and settings\steph\local settings\temp\llD2bx.exe
O4 - HKLM\..\Run: [kdfejl] c:\windows\system32\kdfejl.exe
O4 - HKLM\..\Run: [Find] C:\WINDOWS\find.exe
O4 - HKLM\..\Run: [MMC] C:\WINDOWS\inisys.exe
O4 - HKLM\..\Run: [krsigd] c:\windows\system32\zhhfmi.exe
O20 - AppInit_DLLs: sfklg.dll

Now open pocketkillbox Select the option "Delete on reboot".
Now highlight and 'copy' (Ctrl + C) the entire list of filepaths below:
Click 'File' on the killbox menu at the top and choose 'Paste from clipboard'
The entire list should now be in the "Full Path of File to Delete"
field.To check, click on the dropdown-arrow next to that field.
If you expand it, these lines should all be there.

C:\WINDOWS\find.exe
C:\WINDOWS\inisys.exe
c:\windows\system32\zhhfmi.exe
C:\documents and settings\steph\local settings\temp\llD2bx.exe
C:\documents and settings\steph\local settings\temp\9Ihbb.exe
C:\documents and settings\steph\local settings\temp\py14rBsL.exe
C:\documents and settings\steph\local settings\temp\TTnqkvNf.exe
C:\windows\temp\0zJToD.exe
C:\documents and settings\main\local settings\temp\84uyYA.exe
c:\windows\system32\sfklg.dll
C:\Program Files\Spyware Stormer

Then press the red button with a white X in it.
Killbox will tell you that all listed files will be deleted on next reboot, click YES.When it asks if you would like to Reboot now, click YES.

as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now try to run the Ewido scan
Now run cleanup
Reboot and post a new log as well as the Ewido scan (if it was able to run)
  • 0

#5
Enox
Posted 30 May 2005 - 05:20 PM

Enox

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks again. Here's my new HijackThis log and my Ewido scan log (it worked this time):

Logfile of HijackThis v1.99.1
Scan saved at 6:18:31 PM, on 5/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\PaqTool\keylog\keylog.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\Ian.FAMILY\Desktop\Installers\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [HomeKeyLogger] C:\Documents and Settings\Main\PrintHood\HomeKeyLogger\KeyLogger.exe
O4 - HKLM\..\Run: [VC_Log] C:\Program Files\PaqTool\keylog\keylog.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O20 - AppInit_DLLs: sfklg.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Ian.FAMILY\Desktop\Installers\CWShredder214.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:10:37 PM, 5/30/2005
+ Report-Checksum: 29D8425E

+ Date of database: 5/30/2005
+ Version of scan engine: v3.0

+ Duration: 268 min
+ Scanned Files: 118484
+ Speed: 7.37 Files/Second
+ Infected files: 213
+ Removed files: 209
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 4

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\All Users\Documents\bpkhk.dll -> TrojanSpy.PerfectKeyLogger.ac -> Error during cleaning
C:\Documents and Settings\All Users\Documents\bpkun.exe -> TrojanSpy.PerfectKeyLogger.147.b -> Error during cleaning
C:\Documents and Settings\All Users\Documents\bpkwb.dll -> TrojanSpy.PerfectKeyLogger.ac -> Error during cleaning
C:\Documents and Settings\All Users\Documents\inst.bin -> TrojanSpy.Agent.y -> Error during cleaning
C:\install_george.exe -> Spyware.PurityScan.h -> Cleaned without backup
C:\RECYCLER\S-1-5-21-3974297951-1699069013-2581927419-1011\Dc47.exe -> TrojanDownloader.VB.em -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP534\A0220947.exe -> Spyware.Sahat.m -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP536\A0221374.exe -> Spyware.P2PNetworking -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP536\A0221381.dll -> Spyware.Altnet.d -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP536\A0221450.exe -> Spyware.Claria -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP536\A0221472.dll -> Spyware.WildTangent.b -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP536\A0221487.dll -> Spyware.WildTangent.b -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP536\A0221616.exe -> Spyware.Sahat.m -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP536\A0221619.DLL -> Spyware.P2PNetworking -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP536\A0223615.exe -> Spyware.Sahat.m -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP536\A0223622.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP536\A0223623.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP536\A0223646.EXE -> Spyware.MyWay.b -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP536\A0223647.DLL -> Spyware.MyWay.e -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP538\A0223788.DLL -> Spyware.ToolBar.MyWay.g -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP539\A0223800.dll -> Spyware.Altnet.d -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP539\A0223836.DLL -> Spyware.P2PNetworking -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP539\A0223838.exe -> Spyware.P2PNetworking -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP540\A0223882.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP540\A0223953.exe -> Spyware.Sahat.m -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP540\A0224615.exe -> Spyware.Sahat.m -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP540\A0224618.exe -> Spyware.ToolBar.MyWay.g -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP540\A0224620.EXE -> Spyware.P2PNetworking -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP540\A0224621.EXE -> Spyware.P2PNetworking -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP540\A0224627.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0224698.exe -> TrojanDownloader.VB.em -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0224699.exe -> TrojanDownloader.VB.em -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0224711.exe -> Spyware.Sahat.m -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0224722.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0224727.exe -> Spyware.Sahat.m -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0224735.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0225725.exe -> Spyware.Sahat.m -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0225731.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0225732.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0225733.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0225755.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP541\A0225756.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0225843.exe -> Spyware.Sahat.m -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0226749.exe -> Spyware.Sahat.m -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0226755.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0226756.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP543\A0226757.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0226778.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0226869.dll -> Spyware.WildTangent.b -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP544\A0226884.dll -> Spyware.WildTangent.b -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP547\A0227626.exe -> TrojanDownloader.VB.em -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP547\A0227627.exe -> TrojanDownloader.VB.em -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP548\A0227685.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP548\A0227781.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP550\A0228055.exe -> TrojanDownloader.VB.em -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP550\A0228062.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP552\A0228182.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP553\A0228227.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP555\A0228294.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP560\A0229220.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP560\A0229240.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP561\A0230237.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP562\A0230275.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP562\A0231236.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0233280.exe -> Trojan.Nail -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0233366.exe -> TrojanDownloader.VB.em -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0233369.exe -> TrojanDownloader.VB.em -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0234238.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP564\A0234239.exe -> Trojan.Nail -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP565\A0235257.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP565\A0235369.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP565\A0236364.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP567\A0238433.DLL -> Spyware.ToolBar.MyWay.g -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP568\A0238449.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP568\A0238467.exe -> Trojan.Stervis.c -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP568\A0238468.exe -> Trojan.Nail -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP569\A0238476.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP569\A0239452.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP570\A0239459.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0239481.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP571\A0239484.exe -> Trojan.Nail -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0239489.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0239490.exe -> Trojan.Nail -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242445.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242472.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242644.exe -> TrojanDownloader.VB.em -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242646.dll -> Spyware.404Search.h -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242651.dll -> Spyware.ImiBar.d -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242655.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242656.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242657.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242658.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242659.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242661.exe -> Trojan.Imiserv.c -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242668.exe -> Trojan.Stervis.c -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242669.exe -> Trojan.Nail -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242672.dll -> Trojan.Agent.db -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242673.dll -> Spyware.ImiBar.d -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242674.exe -> Trojan.Imiserv.c -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242709.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242710.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242719.exe -> Trojan.Stervis.c -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP572\A0242720.exe -> Trojan.Nail -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0242722.dll -> Spyware.ImiBar.d -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0242727.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP573\A0242734.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP575\A0242746.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242757.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242762.exe -> TrojanDownloader.Apropo.ab -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242763.dll -> Spyware.Midadle.e -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242764.dll -> Spyware.Midadle.e -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242765.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242766.dll -> Spyware.Midadle.e -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242767.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242768.exe -> TrojanDownloader.Apropo.r -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242769.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242770.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242771.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242772.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242773.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242774.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242775.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242776.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242777.dll -> Spyware.Midadle.e -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242778.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242779.dll -> Spyware.Midadle.e -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242780.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242781.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242782.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242783.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242784.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242785.exe -> Spyware.P2PNetworking -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242786.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242787.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242788.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242789.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242790.exe -> Spyware.SaveNow.z -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242791.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242792.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242793.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242794.dll -> Spyware.Midadle.e -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242795.exe -> Spyware.Trymedia.a -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP576\A0242796.exe -> Spyware.Trymedia.a -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP577\A0243003.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP577\A0243013.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP577\A0243028.exe -> Trojan.Nail -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP577\A0244001.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP577\A0244002.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP577\A0244011.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP577\A0244214.exe -> Trojan.Nail -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP578\A0244228.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP578\A0244241.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP579\A0244262.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP579\A0244263.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP579\A0244298.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP579\A0245308.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP579\A0245313.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP580\A0245315.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP580\A0245331.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP580\A0245334.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0245348.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0245352.exe -> TrojanDownloader.VB.em -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0245353.exe -> TrojanDownloader.VB.em -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0245354.exe -> TrojanDownloader.VB.em -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0245355.exe -> TrojanDownloader.VB.em -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0245365.exe -> Trojan.Nail -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0245366.exe -> Trojan.Stervis.c -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0245367.dll -> Trojan.Agent.db -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0245368.exe -> TrojanSpy.PerfectKeyLogger.147.b -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0245369.dll -> Spyware.Midadle.b -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0245968.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0245969.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0245979.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP581\A0245990.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\thin-85-1-x-x.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\WINDOWS\Buddy.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\WINDOWS\gsnilcbpxz.exe -> Spyware.BetterInternet -> Cleaned without backup
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Cleaned without backup
C:\WINDOWS\svcproc.exe -> Trojan.Stervis.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\BO2802040113.dll -> Spyware.VirtualBouncer.d -> Cleaned without backup
C:\WINDOWS\SYSTEM32\calsdr.exe -> TrojanDropper.Small.ff -> Cleaned without backup
C:\WINDOWS\SYSTEM32\Cvj2h0J.exe -> TrojanDownloader.VB.em -> Cleaned without backup
C:\WINDOWS\SYSTEM32\cvtgudb.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\WINDOWS\SYSTEM32\DrPMon.dll -> Trojan.Agent.db -> Cleaned without backup
C:\WINDOWS\SYSTEM32\HyperLinker3.exe -> Spyware.iSearch -> Cleaned without backup
C:\WINDOWS\SYSTEM32\lmf32v.dll -> Spyware.Suggestor.g -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsc22C.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsc58.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsd11F.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsd120.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nseB1.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsf15D.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsf182.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsgB0.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsh3FB.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsi127.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsj124.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsm57.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsmAA.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsu17F.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsv366.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsx162.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsy243.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsyAD.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsz207.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\nsz208.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\PreUninstall.exe -> Spyware.Suggestor.g -> Cleaned without backup
C:\WINDOWS\SYSTEM32\rtneg3.dll -> Spyware.Beginto.c -> Cleaned without backup
C:\WINDOWS\SYSTEM32\Suh8.exe -> TrojanDownloader.VB.em -> Cleaned without backup
C:\WINDOWS\SYSTEM32\vkyipu.exe -> Trojan.Agent.cp -> Cleaned without backup
C:\WINDOWS\SYSTEM32\wυaclt.exe -> Spyware.PurityScan.bf -> Cleaned without backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c -> Cleaned without backup
C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c -> Cleaned without backup


::Report End
  • 0

#6
loophole
Posted 30 May 2005 - 06:32 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello Enox

Much better ,The aurora infection came back but should go now that everything else is gone

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet


Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Show Hidden Files and Folders (if needed)
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

Now please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O20 - AppInit_DLLs: sfklg.dll

Now click fix checked and close Hijack

Using windows explorer( right click start, left click explore)
Search for and delete this file
C:\WINDOWS\system32\sfklg.dll

Rehide files and folders

Reboot and post a fresh log and the Ewido scan
  • 0

#7
loophole
Posted 23 June 2005 - 11:59 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member with address of this thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP