Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi and please help me!


  • Please log in to reply
1 reply to this topic

#1 jodde16

jodde16

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 12 August 2005 - 04:37 AM

Hi everyone!
My name is johan and im 14 years old and i live in sweden.
About two weeks ago i started getting pop-up ads which i thought was strange considering i had kaspersky and the windows pop-up blocker on.
I searched my computer with Ad-Aware SE and found around 25 objects.
I removed them all (Considering they all had a strange name: Aurora)
but only two minutes later or so the pop-ups came back!
i ran Adaware again and there they were.. around 25 objects all named Aurora.
Now, I have followed all the steps i could find to destroy the malware on my computer.
After a while the aurora thingies disappeared in ad-aware.
Instead, a thing called VX6 or VP6 was found all the time.
I did the same to those and deleted them.
then a minute later when i searched with ad-aware, there they was.
I removed them and tried different programs that are supposed to delete malacious software, but now when i think my computer is free of malware, the computer has become much slower.
Some computer-rescue-finder-stuff that i downloaded:

Spyware Doctor: Very recommended by many people.. i found about 600 traces when i first ran it, and deleted it all.

Microsoft Antispyware: I searched the computer and didnt find anything!

Spy sweeper: Also recommended by most of the people in topics and such, found about 400 traces or so, deleted them all..

Adware away: This program showed to be useful.. i found aurora thingies and stuff that i deleted.. but when i restarted the computer, there it was again.
I removed it and then i havent seen a trace of it.. yet...

Spybot S&D: found a few things that i deleted, example: abetterinternet.

CCcleaner: Found a few things.. deleted them..

CWshredder: cant remember if i found anything, if i did i probably deleted it ^^.

PCrescue: found many reg-entries of COM and ACTIVE X. but the stupid program required that i purshased it online for it to delete all of it.

Registry Medic: I tried this as well and i found a lot of wrong entries.. but.. purshase, purshase, purshase...

I also tried TuneUP Utilities: I could get rid of 7.00 mb... that didnt help..

and now.. i think aurora is gone and all the other stuff.. BUT.. My computer is very much slower then it should be!!
Can someone please help me??

I post this HJT log and i hope you can find something!



Logfile of HijackThis v1.99.1
Scan saved at 11:37:25, on 2005-08-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Logitech\iTouch\iTouch.exe
C:\Program\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program\D-Tools\daemon.exe
C:\Program\Microsoft Firewall Client\ISATRAY.EXE
C:\Program\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program\Microsoft AntiSpyware\gcasServ.exe
C:\Program\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\KleinL-Frg4A\Skrivbord\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lunarstorm.se
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = Internet:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Lšnkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Steam] "c:\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program\Microsoft Firewall Client\ISATRAY.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {83873F92-B99B-400A-9E36-52B5F4970FB7} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program\ewido\security suite\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program\TuneUp Utilities 2004\WinStylerThemeSvc.exe

Please help me with my computer..

BC AdBot (Login to Remove)

 


#2 Lobos

Lobos

  • Members
  • 317 posts
  • OFFLINE
  •  
  • Location:California USA
  • Local time:04:50 AM

Posted 14 August 2005 - 10:35 PM

Hi jodde

Welcome to BC

your log appears to be clean,. I see you havent tried online virus scans. lets see if they find anything. also you have for realtime scanners running for antispyware. you may want to disable a couple of them at least . having that many maybe draggiung down your system .

Run an online antivirus check from at least one and preferably 2 of the following sites....select autoclean click below

Housecall
Panda scan
RAV

Re-boot again. Then post a new HijackThis log to check what is left if anythig didnt get cleaned post the av log too


Lobos
<span style='color:blue'>Ad-Aware SE</span> | Spybot S&D 1.4

For extra protection try spyware blaster

<span style='color:blue'>If you use IE I suggest using these two programs</span> MVPHosts & IE-SPYAD




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users