Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Aurora Popups/Winfixer/180 search assistant [RESOLVED]

Started by valpocrusader369 , Aug 04 2005 04:44 PM

  • This topic is locked This topic is locked

#1
valpocrusader369
Posted 04 August 2005 - 04:44 PM

valpocrusader369

    Member

  • Member
  • PipPip
  • 20 posts
Hello again,
i have the same problem again. I have Aurora popups and 180 search assistant problem, and now Winfixer wants to install every 30 seconds. I have followed all preliminary instructions and am posting my Ewido log and hijakthis log below. Help is greatly appreciated, you guys do awesome work!

Ewido

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:34:03 PM, 8/4/2005
+ Report-Checksum: ABE28D7F

+ Scan result:

[1664] VM_01B70000 -> Adware.BetterInternet : Error during cleaning
C:\Documents and Settings\Eddie\Cookies\eddie@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Eddie\Cookies\eddie@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Eddie\Cookies\eddie@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\WINDOWS\1jmlm8sl.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\accessories.ico:twopxz -> Backdoor.Small.dc : Cleaned with backup
C:\WINDOWS\Blue Lace 16.bmp:aasrr -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\clock.avi:thzju -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\cmsetacl.log:kzkbq -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\dasetup.log:xmmjmy -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\EventSystem.log:ljvqv -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\FaxSetup.log:iibzw -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\FaxSetup.log:klovl -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:lopwt -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\hphmdl01.dat:wpsoq -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB822827.log:vqosk -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB823980.log:tqrci -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB823980.log:tuphl -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB824105.log:jiyxug -> Backdoor.Small.dc : Cleaned with backup
C:\WINDOWS\KB826942.log:bjqcwr -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB828028.log:kdtwl -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB828035.log:eitfw -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB828035.log:escve -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB828035.log:wvssh -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB833407.log:ktagp -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB833987.log:xsvaz -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB835732.log:daeffl -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB837001.log:hjeys -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB837001.log:oaegi -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB840987.log:pfzxp -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB841356.log:likpb -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB841356.log:vudze -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB871250.log:ybpre -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB873333.log:nylgon -> Backdoor.Small.dc : Cleaned with backup
C:\WINDOWS\KB873339.log:agkhl -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB873339.log:awtzl -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB873376.log:wjniq -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB873376.log:xrrfy -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB885250.log:fzeuqq -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB885836.log:lkung -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB886185.log:xwfjp -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB887472.log:dyesh -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB888113.log:iscqu -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB888113.log:iyohk -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB888113.log:zwpbc -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB889293-IE6SP1-20041111.235619.log:meahe -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\KB889293-IE6SP1-20041111.235619.log:wmfxd -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\KB891711.log:xsnouv -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\LUINSTALL.LOG:xfdab -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\msgsocm.log:jhjmt -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\ocgen.log:ellik -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\ocgen.log:jduhe -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\orun32.isu:pnwah -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\orun32.isu:uefza -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\ppvvxgx.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\pss\win.ini.backup:flyrj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\q329623.log:ntjix -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\REGLOCS.OLD:kopny -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\River Sumida.bmp:bspdca -> Backdoor.Small.dc : Cleaned with backup
C:\WINDOWS\sessmgr.setup.log:enizg -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\setupapi.log.0.old:gmybtj -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINDOWS\setupapi.log.0.old:pjzem -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\setuperr.log:vamze -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\spupdsvc.log:akcoa -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\Sti_Trace.log:zxdvwp -> Backdoor.Small.dc : Cleaned with backup
C:\WINDOWS\svcpack.log:gtxkb -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\SYMEVENT.LOG:qbmeq -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\system32\0ut69qf3.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\8grvl16b.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\system32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\tsoc.log:kdwdh -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\wiaservc.log:evlmp -> TrojanDownloader.Agent.jb : Cleaned with backup
C:\WINDOWS\Windows Update.log:gmqgl -> TrojanDownloader.Small.ajr : Cleaned with backup
C:\WINDOWS\WindowsUpdate.log:dovlkt -> Backdoor.Small.dc : Cleaned with backup
C:\WINDOWS\Zapotec.bmp:hioem -> TrojanDownloader.Small.ajr : Cleaned with backup


::Report End

Hijack this Log

Logfile of HijackThis v1.99.1
Scan saved at 5:40:30 PM, on 8/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\WinFixer 2005\WFX5.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://lt.firstmagn...cker/Login.aspx
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://lt.firstmagn.../HomePage.aspx"); (C:\Documents and Settings\Eddie\Application Data\Mozilla\Profiles\default\bpccvhee.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Eddie\Application Data\Mozilla\Profiles\default\bpccvhee.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\MYDOWN~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0802] "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5LP_0001_0802NetInstaller.exe"
O4 - HKLM\..\RunOnce: [ClrSchUninstall] C:\DOCUME~1\Eddie\LOCALS~1\Temp\Uninstall.EXE -b
O4 - HKCU\..\RunOnce: [CleanUp!] C:\Documents and Settings\Eddie\Desktop\Virus Weapons\Cleanup.exe /WindowsRestart
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O16 - DPF: {6D63C97A-4C9D-4B6E-AF86-E11E631AD4AA} (xLoan2List Control) - https://www.sharperl...an2ListProj.cab
O16 - DPF: {7EA90EB3-366D-4270-AB3B-05C4EE9CD966} (xLoan2 Control) - https://www.sharperl.../xLoan2Proj.cab
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - http://www.clickloan...PtClickLoan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VALPARAISO.FIRSTMAGNUS.COM
O17 - HKLM\Software\..\Telephony: DomainName = VALPARAISO.FIRSTMAGNUS.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VALPARAISO.FIRSTMAGNUS.COM
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks!!!
  • 0

Advertisements

#2
Excal
Posted 04 August 2005 - 05:22 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi valpocrusader369 and welcome to GeeksToGo! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Are you familiar with this? VALPARAISO.FIRSTMAGNUS.COM


DOWNLOAD PROGRAMS

Please update your ewido :tazz:

Please download Nailfix from Here
please do NOT run it yet.


THE FIX

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Go to Start->Run and type in services.msc and hit OK. Then look for System Startup Service (SvcProc) and double click on it. Click on the Stop button and under Startup type, choose Disabled. (if present)

5. Once in Safe Mode, please double-click on
Nailfix.exe on your desktop. Click next, then finished. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

6. Now open and run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

7. Close all browsers, windows and unneeded programs.

8. Open HiJack and do a scan.

9. Put a Check next to the following items:

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0802] "C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5LP_0001_0802NetInstaller.exe"
O4 - HKLM\..\RunOnce: [ClrSchUninstall] C:\DOCUME~1\Eddie\LOCALS~1\Temp\Uninstall.EXE -b
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c18.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

10. click the Fix Checked box

11. Please remove these entries from Add/Remove Programs in the Control Panel(if present):

WinFixer 2005

12. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\WinFixer 2005

13. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5LP_0001_0802NetInstaller.exe

14. Run the program CleanUp!

15. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

16. Please post an Active scan log , Ewido Scan log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#3
valpocrusader369
Posted 04 August 2005 - 07:21 PM

valpocrusader369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Okay, all steps taken and here are the results. Valparaiso.firstmagnus.com is from work and I do recognize it. The active scan log showed no infections etc...

Ewido log here:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:50:57 PM, 8/4/2005
+ Report-Checksum: 4F43BDE6

+ Scan result:

C:\Documents and Settings\Eddie\Cookies\eddie@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Eddie\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup


::Report End

Hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 8:19:01 PM, on 8/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\hphmon05.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://lt.firstmagn...cker/Login.aspx
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://lt.firstmagn.../HomePage.aspx"); (C:\Documents and Settings\Eddie\Application Data\Mozilla\Profiles\default\bpccvhee.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Eddie\Application Data\Mozilla\Profiles\default\bpccvhee.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\MYDOWN~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6D63C97A-4C9D-4B6E-AF86-E11E631AD4AA} (xLoan2List Control) - https://www.sharperl...an2ListProj.cab
O16 - DPF: {7EA90EB3-366D-4270-AB3B-05C4EE9CD966} (xLoan2 Control) - https://www.sharperl.../xLoan2Proj.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} (PtClickLoan Control) - http://www.clickloan...PtClickLoan.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = VALPARAISO.FIRSTMAGNUS.COM
O17 - HKLM\Software\..\Telephony: DomainName = VALPARAISO.FIRSTMAGNUS.COM
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = VALPARAISO.FIRSTMAGNUS.COM
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks!!!
  • 0

#4
Excal
Posted 04 August 2005 - 07:40 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Looks pretty good, any problems?

:tazz:

Excal
  • 0

#5
valpocrusader369
Posted 04 August 2005 - 07:58 PM

valpocrusader369

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Not yet, everything seems to be working fine. I'll give it a while and see if the aurora pops up again. Y'all rock, thanks a billion!!!!!!!!!!
  • 0

#6
Excal
Posted 04 August 2005 - 08:08 PM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Great job, it appears your computer is clean :tazz:

Ensure you rehide your “hidden files and folders” back to the way they were.

Now that your system is Malware Free, it is important to reset your system Restore. Click Here to learn how to.

Might I suggest the following Free Spyware programs, if you don't already have them, for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE
Spybot S&D
Microsoft Anti-Spyware


If you are unhappy with your current antivirus and want to replace it or if you dont already have one, I suggest one of these free programs:
*Note - do not use more than one anti-virus program as it will more than likely cause conflict.

AVG
Avast
AntiVir


The following free programs are great for prevention:

SpywareBlaster 3.4
Spywareguard
IE/Spyad

A Firewall is a must! Here are 3 good free versions:
(do not have more than one firewall running on your system)

Sygate
Kerio
ZoneLabs

There are other options other than Internet Explorer for a browser, which some say have better security. Two of them are:

Firefox
Opera

If you decide to keep Internet Explorer, This site is a great source for tightening up security on It's settings.

Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month.

Be sure and give the Temp folders a cleaning out now and then as well, Make sure after you clean your Temp files to empty out your Recycle bin as well.
For ease use the following program:

Cleanup
Run "Cleanup" and when it has finished, Reboot

To help prevent future spyware installations/infections, please read the Anti-Spyware Tutorial and use the tools provided. Also read How I got Infected
  • 0

#7
Excal
Posted 18 August 2005 - 04:26 AM

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP