Aurora (et al) removal help, please!

By nwoodly
Aug 4, 2005
  1. Hi everyone,

    I could really use someone's help with sorting through the attached Ewido and HJT logs to get rid of Aurora and a suite of other nasties ( :mad: , :evil: , and :dead: ) on my friend's pc (running Windows XP Home).

    I'm new to the forums here, so please let me know if you need more info, etc.

    Thanks a million!
  2. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    You don't have Aurora (yet).

    Uninstall this junk:
    C:\Program Files\Spyware Doctor\swdoctor.exe

    Then go to this post here first, and follow the instructions EXACTLY, especially about UPDATING and HJT-location NOT on your Desktop.
    How to remove Begin2Search/Coolwebsearch and Other Nasties

    While doing so, include these in your clean-up:
    C:\Program Files\Spyware Doctor\swdoctor.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\System32\ckozixoy.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\System32\lanbrup.exe
    O4 - HKLM\..\Run: [q79R3FV] avmiop.exe
    O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
    4 - HKLM\..\Run: [zffejb] C:\WINDOWS\System32\goulfz.exe r
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - (file missing)
    O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - (file missing)
    O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - (file missing)

    Delete the highlighted files and/or directories.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...