I am having a problem with constant Aurora pop-ups and I cannot access many of the websites I usually go to.
I have followed your instructions from the "Posting a HijackThis Log" section
The following is my HijackThis log and Ewido Log
Logfile of HijackThis v1.99.1
Scan saved at 1:08:49 PM, on 6/8/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\NavNT\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\INTERB~1\Bin\ibguard.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\INTERB~1\Bin\ibserver.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\Promon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://smbusiness.dellnet.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw2.cab
O16 - DPF: Yahoo! Bingo - http://download.game...nts/y/xt0_x.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1118249633983
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BROTHERHOODCRUSADE.ORG
O17 - HKLM\Software\..\Telephony: DomainName = BROTHERHOODCRUSADE.ORG
O17 - HKLM\System\CCS\Services\Tcpip\..\{1523ECD0-B4BE-4E7C-890B-365F053CFCE2}: NameServer = 192.168.1.2,206.13.29.12,216.219.253.211,206.13.30.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BROTHERHOODCRUSADE.ORG
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\PROGRA~1\INTERB~1\Bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\INTERB~1\Bin\ibserver.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Ewido Log
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 12:24:13 PM, 6/8/2005
+ Report-Checksum: FF98C6A9
+ Date of database: 6/8/2005
+ Version of scan engine: v3.0
+ Duration: 31 min
+ Scanned Files: 55834
+ Speed: 29.89 Files/Second
+ Infected files: 47
+ Removed files: 47
+ Files put in quarantine: 47
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\TFoster.BROTHERHOODCRUS\Cookies\tfoster@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\TFoster.BROTHERHOODCRUS\Cookies\tfoster@atdmt[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\TFoster.BROTHERHOODCRUS\Cookies\tfoster@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\TFoster.BROTHERHOODCRUS\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\TFoster.BROTHERHOODCRUS\Cookies\tfoster@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\TFoster.BROTHERHOODCRUS\Local Settings\Temp\temp.frB46A -> Trojan.Agent.db -> Cleaned with backup
C:\Documents and Settings\TFoster.BROTHERHOODCRUS\Local Settings\Temp\VTU\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP702\A0060849.exe -> TrojanDownloader.Small.apm -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP719\A0061451.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP719\A0061473.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP719\A0061477.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP720\A0061530.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP721\A0061537.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP722\A0061543.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP722\A0061546.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP722\A0061551.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP722\A0061576.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP722\A0061577.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP722\A0061579.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP722\A0061586.dll -> Spyware.Winsta -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP723\A0061629.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP723\A0061635.dll -> Spyware.Winsta -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP723\A0061654.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP723\A0061655.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP723\A0061666.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP723\A0061667.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP723\A0061668.dll -> Spyware.Winsta -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP725\A0061686.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP725\A0061688.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP725\A0061706.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP725\A0061716.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP725\A0061718.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP725\A0061998.dll -> Trojan.Agent.db -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP725\A0062003.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP725\A0062012.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP725\A0062013.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP725\A0062017.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP725\A0062020.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP725\A0062021.dll -> Trojan.Agent.db -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP725\A0062022.dll -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP725\A0062026.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{FB160F56-3CF0-4E10-9E02-CF29FD976694}\RP725\A0062027.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\WINDOWS\ahwzrqx.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\EPXActiveX.ocx -> Spyware.Winsta -> Cleaned with backup
C:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet -> Cleaned with backup
C:\WINDOWS\NDNuninstall5_20.exe -> Spyware.NewDotNet -> Cleaned with backup
C:\WINDOWS\SYSTEM32\WinStat11.dll -> Spyware.Winsta -> Cleaned with backup
::Report End