The ABI network - Gladiator Security Forum

Forum Rules

Greetings,

Before you post in this forum,please read and follow the instructions in this post: Guidelines for Posting in This Forum

Failure to follow these instructions will only result in delays of the cleaning and removal process.

If you ran other AntiVirus and/or AntiSpyware programs and have the logs available, please post them as well.

Our goal is to help you clean your PC and restore it to pre-infection condition wherever possible.

Thank You

The ABI network, please help me out

Options

yarek View Member Profile	Dec 7 2005, 03:59 AM Post #1
Active Member Group: Member Posts: 10 Joined: 28-June 05 Member No.: 15411	Hello, This June I had a problem with Aurora-part of ABI Network. Bobbi Flekman was helping me. With his help I managed to get rid of it (THANK YOU!!!). From that time I did not downloaded (at least not intentionally) anything from the internet and I even tried to stay away from the updates for some of the softweres I have. Unfortunatelly I got it again. I do not have a ton of pup-ups yet (like last time). The way I found out I have it back was when I was uninstalling some software that came with my book I used to use at school. I tried to get rid of that Aurora using the previous post I mentioned above, here is the link, http://gladiator-antivirus.com/forum/index...31&#entry101431 but I was unsuccesful. My Norton Internet Security I bought in December 04 is about to expire in two weeks (it did not help). This time I will switch to firefox to begin with and replace Norton with some of the programs you suggested last time (uless there is someting new You would suggest) Please help me get rid of that Aurora. I have my ewido and ccleaner updated. I did hijackthis today and did the scan with ewido. I will post them below. Please tell me which of the "free" programs is it linked to? I will certainly get rid of it, regardless of what it is. You can do magic. I know that from the previous time. Please help. Thank You yarek Logfile of HijackThis v1.99.1 Scan saved at 9:15:25 PM, on 12/6/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\ntvdm.exe C:\WINDOWS\Mixer.exe C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe C:\Program Files\Messenger\msmsgs.exe C:\hijackthis\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wp.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defa.../search/ie.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/sbcydsl/defa...hoo.sbc.com/dsl R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/sbcydsl/defa...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.wp.pl/ F3 - REG:win.ini: load=C:\YDPDict\watch.exe O2 - BHO: Yahoo! Companion BHO - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\common\ycomp5_0_8_6.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\common\ycomp5_0_8_6.dll (file missing) O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [RegKillElbyCheck] "C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" /L RegKill O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab O16 - DPF: {3B02AAA2-327C-40ED-A849-4BE819AE5385} (ImgSizer Control) - file://C:\Documents and Settings\Jarek\Local Settings\Temp\~DlfnTmp0\imgSizer.ocx O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093665473890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1127523958671 O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 9:00:01 PM, 12/6/2005 + Report-Checksum: D005B940 + Scan result: C:\Documents and Settings\Jarek\Cookies\jarek@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@ad.adocean[1].txt -> Spyware.Cookie.Adocean : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@cnn.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wfk4glcjkbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wfkyqld5ebo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wfmiggcpsgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wfmyeodjafo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wgk4sic5maq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wgkowjc5wcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wgkyuhajaho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjk4ggcjshp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjk4wkdzmdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjkokpdpsbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjkooocpcho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjkosmazicp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjkoumazggp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjkyknczsbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjkyulajibo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjl4alajgap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjliomdpmcp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjlisodjoeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjlyandpkfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjlycmc5wfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjmiendzwlo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjny-1gc5sf.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjnygidjskq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjnygmdjogo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjnyopdjalo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjnyqndzmco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjnysldzccq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@e-2dj6wjnyunc5mco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@ehg-bestbuy.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@ehg-betterphoto.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@ehg-bizjournals.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@ehg-nokiafin.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@ehg-olympus.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@ehg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@gde.adocean[2].txt -> Spyware.Cookie.Adocean : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@my.adocean[2].txt -> Spyware.Cookie.Adocean : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@northwestairlines.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@statse.webtrendslive[1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@test.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\Jarek\Cookies\jarek@twci.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup ::Report End Thank You. I appreciate your time and willingness to help.yarek

Mosaic1 View Member Profile	Dec 7 2005, 08:00 PM Post #2
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164	What makes you think you have Aurora? I see no signs of an infection in Hijackthis. Can you please tell me exactly what was found and where?

yarek View Member Profile	Dec 7 2005, 11:17 PM Post #3
Active Member Group: Member Posts: 10 Joined: 28-June 05 Member No.: 15411	I found "The ABI Network- A division of direct revenue" in add/remove programs in control panel. I was uninstalling a few things that came with my school books and that is how I found it (between the programs on the list). I remember that "ABI Network" from the last time. I could not "uninstall" it and I can not now either. I tried various programs I worked with last time you were helping me but it is still there (last time "we" got rid of it) Please tell me how to get rid of it and if you know, what program did it come with? Thank You. I appreciate your help. Yarek

Mosaic1 View Member Profile	Dec 7 2005, 11:25 PM Post #4
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164	You're welcome. It's an orphan. Let's get rid of it using a tool in hijackthis. Open hijackthis and press the config button. Click the Misc Tools Button. Press the Open uninstall manager button. Highlight the entry and click the Delete this entry button. Close Hijackthis.

yarek View Member Profile	Dec 8 2005, 04:08 AM Post #5
Active Member Group: Member Posts: 10 Joined: 28-June 05 Member No.: 15411	Thank You very much! I did that and it is gone, just like that. Wow. Great job! Thanks a lot. Could you please tell me what program this ABI network goes with. When I started all this a few days ago in add/remove programs it said that I can not uninstall it because it goes with a "free" program that I am using thanks to them. What is that program? I'll make sure I will never use it again. Also , is it true that the uninstall that they send you to will cause more problems? Could you also tell me what anitvirus I should start using. My subscription to Norton Internet Security will expire in about two weeks. It was not the best 70$ investment. I think there are better antivirus programs. Please suggest one. Thank You for all your help. yarek

Mosaic1 View Member Profile	Dec 8 2005, 03:35 PM Post #6
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164	AVG offers free Anti Virus. http://free.grisoft.com/doc/Get+AVG+FREE/lng/us/tpl/v5 http://free.grisoft.com/softw/70free/setup...ree_308a468.exe ---------------- I don't know which software foisted the Spyware onto your system. We can have a look at the Add Remove Programs list to see if there's any clue. Open hijackthis and press the config button. Click the Misc Tools Button. Press the Open uninstall manager button. Click the Save List button. This wil crte a file named uninstall_list.txt Save the file and then open it. Post the contents here please. The Security Forums were using their uninstaller on some very tough ones a while back before we had a good removal plan. But even so, that was a last ditch attempt. Since they are the ones who insalled it, we preferred no to trust them.

yarek View Member Profile	Dec 9 2005, 12:26 AM Post #7
Active Member Group: Member Posts: 10 Joined: 28-June 05 Member No.: 15411	I am posting that list. Fortunately "The ABI Network" is no longer on it. Thanks. I hope you will be able to tell from this list what might have caused it., Thanks again. Yarek ACDSee 5.0 Standard Trial Ad-Aware SE Personal Adobe Photoshop 6.0.1 CE Adobe Reader 6.0 ArcSoft PhotoStudio 2000 BPSSR Canon ScanGear Toolbox 3.0 CC_ccProxyExt ccCommon CCleaner (remove only) ccPxyCore Colin McRae Rally 2 DivX 5.0.3 Pro Bundle Divxpack (remove only) Easy CD-DA Extractor 5.1 Electronic Arts Game Updater ewido security suite Gadu-Gadu 6.1 GTAIII HijackThis 1.99.1 HP Deskjet 5900 series HP Image Zone 5.0 HP Imaging Device Functions 5.0 HP Software Update HP Solution Center & Imaging Support Tools 5.0 ICQ Intel A/V Codecs V2.0 Intel® 537 Modem Keyboarding Pro 4 Kurka Wodna 3 LiveReg (Symantec Corporation) LiveUpdate 2.6 (Symantec Corporation) Logitech iTouch Software Medical Drug Reference 3.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Data Access Components KB870669 Microsoft DirectX Transform optional components Microsoft Office 2000 MultiLanguage Pack Disc 5 Microsoft Office 2000 SR-1 Disc 2 Microsoft Office 2000 SR-1 Professional MSRedist Need For Speed Underground Nero Nikon Message Center Nokia Connectivity Cable Driver Nokia PC Suite Norton AntiSpam Norton AntiSpam Norton AntiVirus 2005 Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security Norton Internet Security 2005 (Symantec Corporation) Norton WMI Update Norton WMI Update NVIDIA Display Driver NVIDIA Windows 2000/XP Display Drivers PCI Audio Applications PCI Audio Driver PictureProject Pop-Up Stopper PowerDVD QuickTime RealOne Player Scan Manager 5.2 Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Skype 1.4 SPBBC Spybot - Search & Destroy 1.4 SpywareBlaster v3.4 Symantec Script Blocking Installer SymNet Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Winbond HWDoctor Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 WinRAR archiver WinZip

Mosaic1 View Member Profile	Dec 9 2005, 04:18 PM Post #8
Most Respected SuperExpert Group: Member Posts: 4576 Joined: 9-June 04 Member No.: 8164	You're welcome. I can't really tell for sure where you were infected. Looking at that list, BPSSR is possibly Bullet Proof Spyware Remover? Did you ever have that installed? Look in Add Remove programs to see if that is actually BulletProof. It is on the rogue Anti Spyware list. Once you have rebooted a time or two, be sure everything is in working order. It is time to flush your system restore points. Once you do that you will not be able to correct any problems you may have now by going back to a point before today. After something like this it is a good idea to Flush the Restore Points and start fresh. To flush the XP system Restore Points. Go to Start>Run and type msconfig Press enter. When msconfig opens, click the Launch System Restore Button. On the next page, click the System Restore Settings Link on the left. Check the box labeled Turn off System restore. Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created. ---------------------------- Also here is an excellent source for tips to tighten security. Follow the advice and get the free downloads to help avoid some of these problems in the future. http://www.computercops.biz/postt7736.html

yarek View Member Profile	Dec 21 2005, 09:31 PM Post #9
Active Member Group: Member Posts: 10 Joined: 28-June 05 Member No.: 15411	Thank You for all your help I do not have any problems at this point. I waited a little to find out if everyting will stay that way but everything is working perfectly fine. I greatly appreciate your help. You can do magic. Merry Christmas and a Happy New Year yarek

« Next Oldest · HELP! Think you are Infected? · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members: