Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Not Sure If I Have Auraeco.exe Thing [RESOLVED]


  • This topic is locked This topic is locked

#16
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
PLEASE DO THE FOLLOWING:

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

1. Download ewido security suite (it is a free version of the program).
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit ewido.
  • DO NOT RUN IT YET.
NOTE:If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates


2. Download CleanUp
  • Install the program
  • DO NOT RUN IT YET
3. Download this file: Nailfix Utility
  • Save it to your desktop.
  • DO NOT RUN IT YET
4. Download dsrfix.zip
  • Save it to your desktop.
  • Unzip dsrfix.zip and extract it to your desktop.
  • This will create a new folder on your desktop named dsrfix.
  • DO NOT USE IT YET.
5. Download APT
  • Unzip the contents to a new folder on your desktop.
  • Open the folder you just created and click on apt.exe
  • Search in the window for <<c:\windows\system32\putuzf.exe >>.
  • Open your C:\Windows\system32 folder and search for << putuzf.exe >>.
    NOTE:Don't delete it yet, just leave the system32 folder open so you can see the bad file.
  • In APT again, Select <<c:\windows\system32\putuzf.exe>> and Click Kill3
  • Then immediately delete << putuzf.exe >> from your system32 folder.
  • Close APT.
6. REBOOT into SafeMode. With Windows XP, you can follow these steps from Microsoft

OR
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, start tapping press F8 key.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
7. Once in Safe Mode, please double-click on nailfix.exe.
  • Click "Next" in the setup
  • Make sure "Run Nailfix" is checked
  • Click "Finish"
  • Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.
8. Open ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
9. Now scan with HJT and place a checkmark next to each of the following items:

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [gxux] C:\WINDOWS\gxux.exe
O4 - HKLM\..\Run: [Ijkhjtjr] C:\Program Files\Awvxqv\Csgni.exe
O4 - HKLM\..\Run: [bghuee] c:\windows\system32\putuzf.exe r
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c8.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe





Close all open windows except for HJT, then click the Fix Checked button and EXIT HJT.

10. Open the folder dsrfix on your desktop.
  • Double-Click on dsrfix.bat
  • A window will pop up briefly then close, this is normal.
11. Enable show hidden files and folders:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK
12. Now using Windows Explorer (Windows key + E) locate and DELETE the following files and folders (with all their content), if they are still present.

C:\Program Files\Awvxqv<===Folder
C:\Program Files\hp center\137903<===Folder
C:\WINDOWS\Nail.exe
C:\WINDOWS\gxux.exe
C:\WINDOWS\svcproc.exe


13. Now run the CleanUp program:

*IMPORTANT NOTE*</b>
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp
14. REBOOT your computer back into Normal Mode

15. Run HJT, SCAN and post a new HJT log, as well as the ewido report log from the Ewido scan by using Add Reply

Regards,

Trevuren

Edited by Trevuren, 14 August 2005 - 11:26 AM.

  • 0

Advertisements


#17
Dee Daa

Dee Daa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Trevuren

I've managed to delete the file, however when I go into safe mode and try to install nailfix.exe an error message appears telling me the file is corrupt and it won't let me install it. Any ideas how I can go on from this

Regards

Dee Daa
  • 0

#18
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Try it with the nailfix1 file that I have included as an attachment.


Trevuren
  • 0

#19
Dee Daa

Dee Daa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Trevuren

Can't seem to find the attachment can you tell me where I find it
  • 0

#20
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Let's see if this works


Trevuren
  • 0

#21
Dee Daa

Dee Daa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Trevuren

Followed through the instructions however on HJT line 23 wasn't there and on windows explorer I wasn't able to find gxux.exe file. Below is a copy of recent HJT file and Exido scan
Logfile of HijackThis v1.99.1
Scan saved at 21:13:47, on 14/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk3.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-uk3.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk3.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/...bGameLoader.cab
O16 - DPF: {4B9F2C37-C0CF-42BC-BB2D-DCFA8B25CABF} (PopCapLoaderCtrl Class) - http://zone.msn.com/...pcaploader1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093638110686
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.co...aploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 20:46:53, 14/08/2005
+ Report-Checksum: CAFABA78

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CLSID -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CurVer -> Spyware.CashBack : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Owner\My Documents\Program\Complete Dvd Copy\Ahead Nero Burning ROM Ultra Edition\KeyGen.exe -> TrojanDropper.Delf.gi : Cleaned with backup
C:\Program Files\Awvxqv\Csgni.exe -> Trojan.Small.cy : Cleaned with backup
C:\Program Files\DashBar\DashBar21.dll -> Spyware.DashBar : Cleaned with backup
C:\Program Files\DashBar\DbAu.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\DashBar\DBUninstaller.exe -> Spyware.DashBar : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0048025.exe -> Spyware.Lop : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049061.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049205.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049222.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049234.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049244.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049254.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049256.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049267.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049272.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049273.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049274.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049275.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049277.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049285.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049296.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049297.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049307.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049319.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP351\A0049325.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP352\A0049327.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP352\A0049334.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP352\A0049339.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP352\A0049346.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP352\A0049351.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP352\A0049352.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP352\A0049353.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP352\A0049354.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP353\A0049360.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP353\A0049367.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP353\A0049381.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP353\A0049386.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP354\A0049399.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP355\A0049406.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP355\A0049414.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP355\A0049419.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP355\A0049420.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP355\A0049421.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP355\A0049422.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP355\A0049437.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP355\A0049438.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP355\A0049443.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP355\A0049449.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP355\A0049450.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP355\A0049461.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP355\A0049497.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP355\A0049498.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP355\A0049503.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP356\A0049512.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP356\A0049519.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP357\A0049521.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP357\A0049539.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP357\A0049540.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP357\A0049545.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP358\A0049547.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP358\A0049549.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP358\A0049550.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP358\A0049551.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP358\A0049552.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP358\A0049559.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP358\A0049564.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP358\A0049566.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP358\A0049573.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP358\A0049580.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP358\A0049592.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP358\A0049597.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP359\A0049600.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP359\A0049617.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP359\A0049620.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP359\A0049628.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B258A826-5527-4815-B22B-7BD9E483ADD8}\RP359\A0049629.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\pmjskrtyzw.exe -> Adware.BetterInternet : Cleaned with backup


::Report End
  • 0

#22
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your log looks good. If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures.

Trevuren
  • 0

#23
Dee Daa

Dee Daa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Trevuren

The pop ups have well stopped poping up so I think everything is ok, so whats the final procedure and what do I do with all these programs I've installed :tazz:
  • 0

#24
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Congratulations, your log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Re-hide your System Files and Folders to prevent any future accidents.

2. Cleanup the leftovers. Download CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

3. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

TO DISABLE SYSTEM RESTORE
  • Right-click "My Computer", and then left click "Properties".
  • Left click on "System Restore Tab"
  • Check box beside "Turn Off System Restore"
  • Left click on "Apply"
TO ENABLE SYSTEM RESTORE
  • Remove check mark from "Turn Off System Restore"
  • Click on "Apply"
Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren

  • 0

#25
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP