I have followed the steps suggested here (using ewido, nailfix, spybot s&d, adaware, and cc) to remove Aurora and Nail. There is still something on the computer. Your help is appreciated. Here is the latest log from HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 5:47:44 PM, on 7/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\windows\system32\wlfgzl.exe
C:\Program Files\Netscape\Communicator\Program\nsnotify.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\SYSTEM32\userinit.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///S:/Intranet/Stage/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [slghlax] c:\windows\system32\wlfgzl.exe r
O4 - Startup: Netscape Mail Notification.lnk = C:\Program Files\Netscape\Communicator\Program\nsnotify.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
Edited by NoGall, 28 July 2005 - 12:57 PM.