Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT - Kennethken


  • This topic is locked This topic is locked
2 replies to this topic

#1 Kennethken

Kennethken

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 13 July 2005 - 12:40 PM

Hello,
I hope you can help me get the dreaded Aurora/ABI software off of my system. I contracted it 2 days ago and have downloaded some tools to help me. :thumbsup:

I have Windows XPPro w/ Norton Systemworks 2005 (up-to-date virus definitions) and have run NAV, Ad-Aware, Sypbot-S&D, MS AntiSpyware Beta, Ewido, HiJack this from normal mode. Below are the HijackThis log (first) and the Ewido scan log (from Safe Mode).

Thanks
Ken

Logfile of HijackThis v1.99.1
Scan saved at 10:55:06 AM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\ICWin227\IcvMgr1.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\ICWin227\IcvMgr2.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Upromise_RemindU\Upromise0.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\110959~1\EE\AOLHOS~1.EXE
C:\Program Files\ATI Multimedia\main\ATISched.EXE
c:\windows\system32\pdjjjc.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\COMMON~1\AOL\110959~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\CE Software\QuicKeys\QkEngine.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\CESOFT~1\QuicKeys\QKAPPS~1.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\WINDOWS\System32\PGPsdkServ.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Upromise_RemindU\Upromise1.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\jjjvt8xv.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", ""); (C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\jjjvt8xv.slt\prefs.js)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: (no name) - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [HPCDTray] "C:\Program Files\HP CD-DVD\Umbrella\hpcdtray.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v4] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp4.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ICVMGR1] C:\Program Files\ICWin227\IcvMgr1.exe
O4 - HKLM\..\Run: [ICVMGR2] C:\Program Files\ICWin227\IcvMgr2.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Upromise0] "C:\Program Files\Upromise_RemindU\Upromise0.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1109598312\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [khvwdru] c:\windows\system32\pdjjjc.exe r
O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Iw77RiYmP] grptcpip.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Lotus QuickStart.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O4 - Global Startup: QuicKeys Engine.lnk = ?
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: RemindU - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Print Using ClickBook - {180E1E16-F536-4B51-9723-6025D98AA375} - C:\Program Files\Blue Squirrel\ClickBook\macros\ieprint.htm
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: RemindU - {2863ACA1-9AA0-4432-8CFE-88C12B3B2E5E} - file://C:\Program Files\Upromise_RemindU\Sy1050\Tp1050\scri1050a.htm (HKCU)
O16 - DPF: WebConnect Pro 6.2.14 - http://63.127.179.85:2080/WebConnectDU.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.truedoc.com/activex/tdserver.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/OAS/ActiveX/winrep.cab
O16 - DPF: {528C14CD-CF9E-489C-A365-5999F17B69B9} (LightSurfUploadCtl Class) - http://pictures.sprintpcs.com/activex/Ligh...loadControl.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\System32\PGPsdkServ.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)




---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:24:30 AM, 7/13/2005
+ Report-Checksum: 1BB17B0C

+ Scan result:

C:\Program Files\Upromise_RemindU\Upromise1.exe -> Spyware.WebRebates : Ignored
HKLM\SOFTWARE\Classes\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Spyware.IEPlugin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1202660629-1284227242-725345543-500\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1202660629-1284227242-725345543-500\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1202660629-1284227242-725345543-500\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1202660629-1284227242-725345543-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpitunes_setupSTUS\comps\coach\aolcinst.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Error during cleaning
C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpitunes_setupSTUS\comps\coach\aolcinst.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Error during cleaning
C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Common Files\aolshare\Coach\Player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe -> Heuristic.Win32.Dialer : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\2D572BE0-BA80-442A-9082-4007F6\395FF2FF-8BAB-4F85-936C-EE99F5 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C3DDB8AD-2C66-4132-BB1F-912E60\E7072E33-C302-4EE7-BD93-FAC95C -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\6FED6177-335B-433A-B189-FCA1F3\9CB0CCA1-993D-456A-85CD-75F594 -> Trojan.Imiserv.c : Cleaned with backup
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\A365A065-E5BE-4E88-9227-E2018F\CCB2C6DE-19C0-4B86-9A24-62DDB2 -> Trojan.Imiserv.c : Cleaned with backup
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\FEF93A42-0B6F-4BBF-BB93-5CF27A\9C8D1B46-B2A8-455F-A8DA-B063F5 -> Trojan.Imiserv.c : Cleaned with backup
C:\RECYCLER\NPROTECT\00935619.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00936574.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00936615.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00936638.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00936674.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00936701.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00936732.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00936759.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00936783.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00936910.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00936933.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00936957.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00936983.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00937002.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00938292.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00938295.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00938524.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00938602.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00938741.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00938882.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00939228.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00939804.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00939911.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00939947 -> Spyware.ImiBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00939949 -> Spyware.ImiBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00939951 -> Spyware.ImiBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00940282.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00940283.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00940284.dll -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00940314.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00940315.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00940316.dll -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00940336.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00940337.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00940338.dll -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00940488.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00940916.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00940918.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00940924 -> Trojan.Imiserv.c : Cleaned with backup
C:\RECYCLER\NPROTECT\00940925 -> TrojanDownloader.Intexp.c : Cleaned with backup
C:\RECYCLER\NPROTECT\00940926 -> Spyware.ImiBar : Cleaned with backup
C:\RECYCLER\NPROTECT\00940935 -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00940936 -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00941007.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00941023.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00941129.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00941220.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00941525.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00941526.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\NPROTECT\00941527.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar : Cleaned with backup
C:\WINDOWS\system32\vphdzs.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c : Cleaned with backup


::Report End
_________________
Ken
Win Pro XP, Norton Systemworks 2005

BC AdBot (Login to Remove)

 


#2 Kennethken

Kennethken
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:26 AM

Posted 13 July 2005 - 10:20 PM

Hi - just wanted to let you know that I got some help from the folks at MalWare Removal with this problem and it seems to be resolve. Thanks for you time.

Ken :thumbsup:

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Members
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:08:26 AM

Posted 13 July 2005 - 10:56 PM

Thanks for informing us Ken.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users