I have ran AVG, Spybot, Ad-Aware, Spy Sweeper, Xoftspy, CWShredder, HijackThis, and more. They all pick up a worm or virus and then delete it. Once I go on the internet, a little pop-up window comes up from Aurora. It will always come up when I go to my homepage, not on any other pages. I run these programs again and they will find a virus or worm. How can I get rid of this. Here's my HijackThis Logfile- Logfile of HijackThis v1.99.1 Scan saved at 10:05:04 PM, on 5/9/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\MsConfigs\MsConfigs.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\p2pnetwork.exe C:\PROGRA~1\INTRIG~1\pcbodyguard.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\UltraMon\UltraMon.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\UltraMon\UltraMonTaskbar.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\George Costanza\Local Settings\Temp\HijackThis.exe F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [PCBG] C:\PROGRA~1\INTRIG~1\pcbodyguard.exe /start O4 - HKLM\..\Run: [p2pnetwork] p2pnetwork.exe O4 - HKLM\..\RunServices: [p2pnetwork] p2pnetwork.exe O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0 O4 - HKCU\..\Run: [p2pnetwork] p2pnetwork.exe O4 - HKCU\..\RunServices: [p2pnetwork] p2pnetwork.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office10\OSA.EXE O4 - Global Startup: Reset.lnk = C:\WINDOWS\repair\reset.bat O4 - Global Startup: UltraMon.lnk = C:\Program Files\UltraMon\UltraMon.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://ny.contentmatch.net (HKLM) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1114829085453 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing)
I'm new to the forums but maybe I can help.. Go to microsoft.com and download the anitspyware beta program It is free for now, but is a very good tool for removing problems like you have. You may have to unistall the other spyware programs you have installed. When you download and install this program look for the update sortcut in your start menu and update your spyware files first, then run a complete scan.. I hope this helps
Before you use any other anti-spyware app, down load this in case you lose your internet connection after you get of rid some adware/spyware/malware: http://cexx.org/lspfix.htm Read the description, in case if you sever your internet connection unintentionally.... After that, try using these anti-spyware apps: Spyware Doctor 3.2: https://www.pctools.com/spyware-doctor/download/ Bazooka Scanner: http://www.download.com/Bazooka-Adw...47782.html?part=dl-bazooka&subj=dl&tag=button BHO Demon: http://www.definitivesolutions.com/bhodemon.htm WinPatrol 9.1 Free: http://winpatrol.com/ As cyber9760 stated, download Microsoft Antispyware Beta: http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en Remember, after installing them, update and tweak some options to suit your needs... Some of these programs allow you to see what your homepage is and allow you to change it back. Let us know how it turns out.
I started to notice that no popups come up when I use Firefox. Once I use IE, popups come up and ad-aware picks up objects. I will continue to use Firefox for now. When I tried to install Microsoft's Antispyware Beta, I get this Right now, I'm trying to get this problem fixed. -Bazooka didn't find anything or did Spyware doctor.
you can try spysweeper from here http://www.webroot.com/downloads/?WRSID=395c4771134a78d4328a306e2b3bd88d it has always worked well for me . it can be tried before you buy for 21 days . good luck to you
I have used Spy Sweeper and has deleted things and its a good program. After I use IE for a while and do a check with Spy Sweeper later on, it will pick up the same objects and cookies and then delete them again.
Get rid of this... Have you successfully restored your homepage? If you would like to get rid of pop-ups/pop-unders, try the Google Toolbar: http://toolbar.google.com I haven't tried out the Yahoo! Toolbar, but it's gotten some nice reviews. If you want to use this if you don't want to use google as a search engine. http://www.download.com/Yahoo-Toolbar-with-Anti-Spy/3000-2379_4-10310983.html A good app to help you is WinPatrol. It's main function is to help you with your start-up items, monitor your browser changes, file association changes, gives brief descriptions on what the running process is, etc. http://winpatrol.com [bold]a free version is available[/bold] Another good app, Spyware Blaster 3.3, blocks active-x based spyware/adware from being installed on your comp. The comprehensive list for IE is huge (no surprise since IE has security flaws) and some for firefox. http://javacoolsoftware.com/spywareblaster.html (update the database after installation) Have you installed the latest critical updates from Windowsupdate? http://windowsupdate.microsoft.com [bold]note: you'll need IE or a similar based-IE broswer to get the updates[/bold] AVG has been known to miss trojans when scanning the computer. I suggest using AntiVir XP: is a free, often updated (at least twice per day), simple to use anti-virus app. The downside that some people agree is the GUI and the scanning engine's name. http://free-av.com/ Some people like Avast! to scan their comps. you could try it out as an alternative. Hopefully, if one doesn't find anything, another will pick it up... http://avast.com/eng/down_home.html
I ran AntiVir XP and it picked up about 10 worms and virus and deleted them. Everything is looking good right now and no signs of any virus. Thanks for the help guys, and thanks thug121 for the program.
