Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora Virus problem. [CLOSED]


  • This topic is locked This topic is locked

#16
deebigdog

deebigdog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
********
3:21 PM: |··· Start of Session, Sunday, July 31, 2005 ···|
3:21 PM: Spy Sweeper started
3:21 PM: Sweep initiated using definitions version 507
3:21 PM: Starting Memory Sweep
3:22 PM: Memory Sweep Complete, Elapsed Time: 00:01:19
3:22 PM: Starting Registry Sweep
3:22 PM: Found Adware: drsnsrch.com hijack
3:22 PM: HKU\S-1-5-21-507921405-1214440339-839522115-1003\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
3:22 PM: Found Adware: relatedlinks bho
3:22 PM: HKCR\interface\{e82431bf-e8a2-45ca-8361-e5517588cda1}\ (8 subtraces) (ID = 139367)
3:22 PM: HKLM\software\classes\interface\{e82431bf-e8a2-45ca-8361-e5517588cda1}\ (8 subtraces) (ID = 139376)
3:22 PM: HKLM\software\microsoft\windows\currentversion\uninstall\relatedlinks\ (2 subtraces) (ID = 139388)
3:22 PM: Found Adware: targetsaver
3:22 PM: HKU\S-1-5-21-507921405-1214440339-839522115-1003\software\tsl2\ (1 subtraces) (ID = 143616)
3:22 PM: Found Adware: abetterinternet
3:22 PM: HKLM\software\classes\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\ (9 subtraces) (ID = 359756)
3:22 PM: HKU\S-1-5-21-507921405-1214440339-839522115-1003\software\aurorahandler\ (22 subtraces) (ID = 360172)
3:22 PM: HKCR\typelib\{6d992911-b563-47fc-ab29-437f42d1c729}\ (9 subtraces) (ID = 480791)
3:22 PM: HKU\S-1-5-21-507921405-1214440339-839522115-1003\software\aurorahandler\ (22 subtraces) (ID = 480802)
3:22 PM: Found Adware: shopnavupdater
3:22 PM: HKCR\dsrch.leftframe.1\ (3 subtraces) (ID = 491138)
3:22 PM: HKCR\dsrch.popupbrowser.1\ (3 subtraces) (ID = 491147)
3:22 PM: HKCR\dsrch.popupwindow.1\ (3 subtraces) (ID = 491156)
3:22 PM: HKCR\dsrch.band.1\ (3 subtraces) (ID = 491215)
3:22 PM: HKCR\dsrch.bottomframe.1\ (3 subtraces) (ID = 491224)
3:22 PM: HKLM\software\classes\dsrch.band.1\ (3 subtraces) (ID = 491285)
3:22 PM: HKLM\software\classes\dsrch.bottomframe.1\ (3 subtraces) (ID = 491294)
3:22 PM: HKLM\software\classes\dsrch.leftframe.1\ (3 subtraces) (ID = 491303)
3:22 PM: HKLM\software\classes\dsrch.popupbrowser.1\ (3 subtraces) (ID = 491312)
3:22 PM: HKLM\software\classes\dsrch.popupwindow.1\ (3 subtraces) (ID = 491321)
3:22 PM: Found Adware: ieplugin
3:22 PM: HKCR\dsrch.band\ (5 subtraces) (ID = 509134)
3:22 PM: HKCR\dsrch.bottomframe\ (5 subtraces) (ID = 509135)
3:22 PM: HKCR\dsrch.leftframe\ (5 subtraces) (ID = 509136)
3:22 PM: HKCR\dsrch.popupbrowser\ (5 subtraces) (ID = 509137)
3:22 PM: HKCR\dsrch.popupwindow\ (5 subtraces) (ID = 509138)
3:22 PM: HKCR\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509139)
3:22 PM: HKCR\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509140)
3:22 PM: HKCR\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509141)
3:22 PM: HKCR\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509142)
3:22 PM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
3:22 PM: HKU\S-1-5-21-507921405-1214440339-839522115-1003\software\dsrch\ (11 subtraces) (ID = 509156)
3:22 PM: HKLM\software\classes\dsrch.band\ (5 subtraces) (ID = 509171)
3:22 PM: HKCR\dsrch.band\clsid\ (1 subtraces) (ID = 509361)
3:22 PM: HKCR\dsrch.band\curver\ (1 subtraces) (ID = 509362)
3:22 PM: HKCR\dsrch.bottomframe\clsid\ (1 subtraces) (ID = 509363)
3:22 PM: HKCR\dsrch.bottomframe\curver\ (1 subtraces) (ID = 509364)
3:22 PM: HKCR\dsrch.leftframe\clsid\ (1 subtraces) (ID = 509365)
3:22 PM: HKCR\dsrch.leftframe\curver\ (1 subtraces) (ID = 509366)
3:22 PM: HKCR\dsrch.popupbrowser\clsid\ (1 subtraces) (ID = 509367)
3:22 PM: HKCR\dsrch.popupbrowser\curver\ (1 subtraces) (ID = 509368)
3:22 PM: HKCR\dsrch.popupwindow\clsid\ (1 subtraces) (ID = 509369)
3:22 PM: HKCR\dsrch.popupwindow\curver\ (1 subtraces) (ID = 509370)
3:22 PM: Registry Sweep Complete, Elapsed Time:00:00:06
3:22 PM: Starting Cookie Sweep
3:22 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
3:22 PM: Starting File Sweep
3:22 PM: 00509479.exe (ID = 107479)
3:22 PM: 00507072 (ID = 78255)
3:23 PM: 00507054.exe (ID = 116325)
3:23 PM: 00508497.exe (ID = 116325)
3:23 PM: 00508549.exe (ID = 116325)
3:23 PM: 00509618.exe (ID = 116325)
3:23 PM: 00508398.exe (ID = 116325)
3:23 PM: 00507074.exe (ID = 78275)
3:23 PM: 00507071 (ID = 78254)
3:23 PM: oumrc.dll (ID = 78253)
3:23 PM: vocabulary (ID = 78283)
3:23 PM: 00507070 (ID = 78252)
3:23 PM: class-barrel (ID = 78229)
3:23 PM: 00509625.exe (ID = 116325)
3:23 PM: 00507128.exe (ID = 116325)
3:23 PM: 00507073 (ID = 78256)
3:23 PM: 00509619.exe (ID = 78246)
3:23 PM: 00509559.exe (ID = 78276)
3:23 PM: 00509620.exe (ID = 78285)
3:25 PM: lbbho.ini (ID = 73732)
3:25 PM: fjxvsac.exe.tcf (ID = 116325)
3:25 PM: File Sweep Complete, Elapsed Time: 00:02:48
3:25 PM: Full Sweep has completed. Elapsed time 00:04:17
3:25 PM: Traces Found: 281
3:25 PM: Removal process initiated
3:25 PM: Quarantining All Traces: drsnsrch.com hijack
3:25 PM: Quarantining All Traces: relatedlinks bho
3:25 PM: Quarantining All Traces: targetsaver
3:25 PM: Quarantining All Traces: abetterinternet
3:25 PM: Quarantining All Traces: shopnavupdater
3:25 PM: Quarantining All Traces: ieplugin
3:26 PM: Removal process completed. Elapsed time 00:00:17
********
3:17 PM: |··· Start of Session, Sunday, July 31, 2005 ···|
3:17 PM: Spy Sweeper started
3:17 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 77F937BB in module 'ntdll.dll'. Read of address 00000058
3:20 PM: Warning: Hosts File Shield unable to read from hosts file. Access violation at address 77F937BB in module 'ntdll.dll'. Read of address 00000024
3:20 PM: Updating spyware definitions
3:20 PM: Your definitions are up to date.
3:21 PM: |··· End of Session, Sunday, July 31, 2005 ···|
  • 0

Advertisements


#17
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hi again!

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Download CleanUp!

Run the CleanUp! installer and get the program ready to be used but don't run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


Run a Full System Scan with your Ad-aware. Let it remove anything it finds!

Now run CleanUp!
and make sure to reboot. Boot up into normal mode and do the following;
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the button "Save list"
  • Copy and paste the List from the notebook onto your post
Go back, run a new scan with HiJackThis and post the fresh log here along with the uninstall list.

- Rawe :tazz:
  • 0

#18
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP