Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Aurora Popup

Started by saxman124 , May 25 2005 06:18 PM

Please log in to reply

#1
saxman124

Posted 25 May 2005 - 06:18 PM

New Member

Member
7 posts

I am hoping someone will be able to help me.

I keep getting these Aurora popups which then cause another popup. I am assuming they are related although I cannot be certain of this.

I have run Adaware multiple times. I finally upgraded to Adaware SE when I realized a new version was out. On average Adaware finds about 150 instances of adware/spyware/malware on my PC. I usually get a message saying a couple files could not be deleted which most of the time ends up being DrPMon.dll. I always select the option for this file to be deleted upon the next restart. I always restart my PC instantly and Adaware starts before the rest of the programs do. To my suprise, Adaware always finds about 80 instances then.

Can someone please help me?

Thanks,
Jason

#2
dispn0ygonekrazy

Posted 27 May 2005 - 08:42 PM

Member

Member
138 posts

Hi saxman im dispn0ygonekrazy and I'll be helping you as soon as my POST gets approved. =]

#3
dispn0ygonekrazy

Posted 28 May 2005 - 08:52 AM

Member

Member
138 posts

Hi saxman124

Before we can help you, we need to see your HiJack This log first so we can be specific on what information we give you.

If you dont know where to download it please click here
After you've download it please save Hijack This in a permanent folder (i.e C:\Hijack This) to ensure backup issues

And then Post a Log of HJT(HiJack This) in the same thread thank you.

#4
saxman124

Posted 28 May 2005 - 10:32 AM

New Member

Topic Starter
Member
7 posts

Logfile of HijackThis v1.99.1
Scan saved at 12:28:22 PM, on 5/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\windows\system32\ffdgpe.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\tsgwtuj.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\MMDiag.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ACT\SideACT.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Goleads\GoleadsMarketingCRM\GoleadsMarketingCRM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\ACT\act.exe
C:\PROGRA~1\ACT\DrvWd6.wpi
C:\WINDOWS\SYSTEM32\calc.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmjb.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_director.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_TDM~1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP Authorized Custom\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us2.hpwis.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WinStat - {0A51FD8D-6835-4212-B796-AFC24F4D108A} - C:\WINDOWS\system32\WinStat10.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [junhitq] C:\WINDOWS\vvzurflb.exe
O4 - HKLM\..\Run: [dnrmggs] C:\WINDOWS\System32\ykwdhec.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MusicMatch\MusicMatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [tsgwtuj] C:\WINDOWS\system32\tsgwtuj.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [gqpsydd] c:\windows\system32\ffdgpe.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Goleads Marketing CRM.lnk = C:\Program Files\Goleads\GoleadsMarketingCRM\GoleadsMarketingCRM.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .qcp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Backgammon by pogo - http://gammon.pogo.c...n-ob-assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo...s-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag...g-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.c...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.co...2-ob-assets.cab
O16 - DPF: Heavy Cannon by pogo - http://playweb13.pog...n-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game4.pogo.co...l-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.co...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.co...s-ob-assets.cab
O16 - DPF: NDWCab - http://www.neededware.com/ndw.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.po...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.co...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game4.pogo.co...e-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo....m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.co...1-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.c...r-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../US/install.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcaf...can/mcasupd.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com...indows-i586.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk....ViewerSetup.cab
O16 - DPF: {AE1DA4D3-F3BB-46CC-9BB1-37943587DADE} - http://www.goleads.n...arketingCRM.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.c...s/serialzip.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Salnt50 - Realtek Semiconductor Corporation - (no file)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

#5
dispn0ygonekrazy

Posted 28 May 2005 - 11:10 AM

Member

Member
138 posts

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#6
saxman124

Posted 30 May 2005 - 09:34 AM

New Member

Topic Starter
Member
7 posts

OK. I did what you said to. I had some problems though. I had to run Ewido twice and each time it would get to 98 % and then I would get an error saying it needed to shut down. After doing this twice and seeing how long it took to do the scan, I decided not to do it a third time. I never was able to get any report from this. But it did find a lot of infected files.

I did run HijackThis again and I have the report. So far so good on my PC as I have not seen any popups of any kind yet.

Here is the report:

Logfile of HijackThis v1.99.1
Scan saved at 11:16:26 AM, on 5/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP Authorized Custom\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us2.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WinStat - {0A51FD8D-6835-4212-B796-AFC24F4D108A} - C:\WINDOWS\system32\WinStat10.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [junhitq] C:\WINDOWS\vvzurflb.exe
O4 - HKLM\..\Run: [dnrmggs] C:\WINDOWS\System32\ykwdhec.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MusicMatch\MusicMatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Goleads Marketing CRM.lnk = C:\Program Files\Goleads\GoleadsMarketingCRM\GoleadsMarketingCRM.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .qcp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Backgammon by pogo - http://gammon.pogo.c...n-ob-assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo...s-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag...g-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.c...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.co...2-ob-assets.cab
O16 - DPF: Heavy Cannon by pogo - http://playweb13.pog...n-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game4.pogo.co...l-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.co...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.co...s-ob-assets.cab
O16 - DPF: NDWCab - http://www.neededware.com/ndw.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.po...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.co...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game4.pogo.co...e-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo....m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.co...1-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.c...r-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../US/install.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcaf...can/mcasupd.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com...indows-i586.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk....ViewerSetup.cab
O16 - DPF: {AE1DA4D3-F3BB-46CC-9BB1-37943587DADE} - http://www.goleads.n...arketingCRM.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.c...s/serialzip.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Salnt50 - Realtek Semiconductor Corporation - (no file)

#7
dispn0ygonekrazy

Posted 30 May 2005 - 09:43 AM

Member

Member
138 posts

Hey jason I will get back to you as soon as my post gets approved

#8
dispn0ygonekrazy

Posted 30 May 2005 - 01:43 PM

Member

Member
138 posts

Hi saxman124,

Before you ran Ewido did you run and check for updates first before you ran in safe mode? if you didnt do that first and we'll try this again.I also want the Log from Ewido please.

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#9
saxman124

Posted 30 May 2005 - 03:45 PM

New Member

Topic Starter
Member
7 posts

I already did all this. I downloaded the Ewido updates and everything before I restarted in Safe mode. The problem is it wouldn't finish. Ewido would get 98% done and then I would get a Windows error saying Ewido had to terminate. I have no problem going through this again, but Ewido would take at least 3 to 4 hours to scan my system. With it being the business week, I cannot afford for my computer to be down for even one hour. If I retry this, it will not be until the weekend.

If you have any other ideas to why Ewido wouldn't finish, I would like to know. I have my reserves of going through this long process again without making any changes that may fix the program error received from Ewido. I did however read in another post that a user had the same problem when running Ewido.

I followed all your instructions exactly as you mentioned so I know it is nothing I did wrong. I appreciate all your help and right now I have had no popups at all.

I have no problem going through this process again, but I would like to know more about why Ewido wouldn't finish in safe mode with the updates already installed before I commit to having my PC down another day.

Any help on this topic you can give me would be much appreciated.

#10
dispn0ygonekrazy

Posted 30 May 2005 - 05:42 PM

Member

Member
138 posts

All right First I dont know why Ewido is acting up like that but we will still try and get rid of nail differently so please wait while my post gets approved

#11
dispn0ygonekrazy

Posted 30 May 2005 - 06:15 PM

Member

Member
138 posts

Hi saxman124,

You forgot to post a new log of your Ewido scan and HiJack This, before we can move on I need both logs so we can approach this in a different way and while I get help from others to fix your computer. Thank you

#12
saxman124

Posted 30 May 2005 - 07:48 PM

New Member

Topic Starter
Member
7 posts

This is the new log of HijackThis:

I don't think Nail.exe is on here anymore.

Logfile of HijackThis v1.99.1
Scan saved at 9:47:12 PM, on 5/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\MMDiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mim.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ACT\SideACT.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Goleads\GoleadsMarketingCRM\GoleadsMarketingCRM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\HP Authorized Custom\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us2.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WinStat - {0A51FD8D-6835-4212-B796-AFC24F4D108A} - C:\WINDOWS\system32\WinStat10.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [mgavrtclexe] C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [junhitq] C:\WINDOWS\vvzurflb.exe
O4 - HKLM\..\Run: [dnrmggs] C:\WINDOWS\System32\ykwdhec.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MusicMatch\MusicMatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: SideACT!.lnk = C:\Program Files\ACT\SideACT.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Goleads Marketing CRM.lnk = C:\Program Files\Goleads\GoleadsMarketingCRM\GoleadsMarketingCRM.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .qcp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: http://www.neededware.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Backgammon by pogo - http://gammon.pogo.c...n-ob-assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo...s-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag...g-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.c...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.co...2-ob-assets.cab
O16 - DPF: Heavy Cannon by pogo - http://playweb13.pog...n-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game4.pogo.co...l-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.co...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.co...s-ob-assets.cab
O16 - DPF: NDWCab - http://www.neededware.com/ndw.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.po...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.co...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game4.pogo.co...e-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo....m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.co...1-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.c...r-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.../US/install.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildt...iveLauncher.cab
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcaf...can/mcasupd.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com...indows-i586.cab
O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk....ViewerSetup.cab
O16 - DPF: {AE1DA4D3-F3BB-46CC-9BB1-37943587DADE} - http://www.goleads.n...arketingCRM.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.c...s/serialzip.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Salnt50 - Realtek Semiconductor Corporation - (no file)

#13
dispn0ygonekrazy

Posted 31 May 2005 - 07:31 AM

Member

Member
138 posts

Hi saxman124,

It looks like we got rid of your Nail infection and now we're going to move on with the fix.

Please download the following Programs and DO NOT RUN THEM YET.

1. Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

2. Download CleanUp! install but don't run it yet.

3. Download Spybot S&D 1.3, Install and scan your computer.

4. Download Ad-Aware SE Personal Edition 1.06 install, Update the definitions, and then run a full scan. Save the logfile.

5. Open HJT and scan, place a check next to the following entires below.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us2.hpwis.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drs...esearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drs...esearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: WinStat - {0A51FD8D-6835-4212-B796-AFC24F4D108A} - C:\WINDOWS\system32\WinStat10.dll

O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)

O4 - HKLM\..\Run: [junhitq] C:\WINDOWS\vvzurflb.exe
O4 - HKLM\..\Run: [dnrmggs] C:\WINDOWS\System32\ykwdhec.exe
O4 - Global Startup: Goleads Marketing CRM.lnk = C:\Program Files\Goleads\GoleadsMarketingCRM\GoleadsMarketingCRM.exe

O16 - DPF: Backgammon by pogo - http://gammon.pogo.c...n-ob-assets.cab
O16 - DPF: Checkers by pogo - http://checkers.pogo...s-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag...g-ob-assets.cab
O16 - DPF: Euchre by pogo - http://euchre.pogo.c...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game3.pogo.co...2-ob-assets.cab
O16 - DPF: Heavy Cannon by pogo - http://playweb13.pog...n-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game4.pogo.co...l-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.co...g-ob-assets.cab
O16 - DPF: Multiline Slots by pogo - http://game6.pogo.co...s-ob-assets.cab
O16 - DPF: NDWCab - http://www.neededware.com/ndw.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://waterwheel.po...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game4.pogo.co...r-ob-assets.cab
O16 - DPF: Pinochle by pogo - http://game4.pogo.co...e-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://holdem2.pogo....m-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: Tumble Bees by pogo - http://jumbee.pogo.c...e-ob-assets.cab
O16 - DPF: Turbo 21 TM by pogo - http://game5.pogo.co...1-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.c...r-ob-assets.cab
O16 - DPF: WordJong by pogo - http://wordjong.pogo...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game4.pogo.co...s-ob-assets.cab
O16 - DPF: {AE1DA4D3-F3BB-46CC-9BB1-37943587DADE} - http://www.goleads.n...arketingCRM.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.roings.c...s/serialzip.cab

O23 - Service: Salnt50 - Realtek Semiconductor Corporation - (no file)

After placing a check on the Items above click on Fix Checked

Now reboot in Safe Mode

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Open Add/Remove programs and remove the programs below (if found):

Viewpoint Media
AwAware tool
SurfSideKick

Besure you are able to View Hidden Files

To do this

* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Click Yes to confirm.
* Click OK.

Delete the following folders (if found)

C:\Program Files\Viewpoint
C:\Program Files\SurfSideKick 3
C:\Program Files\Goleads
C:\Program Files\ACT

Delete the following files not the folder(if found)

C:\WINDOWS\systb.dll
C:\WINDOWS\vvzurflb.exe
C:\WINDOWS\System32\ykwdhec.exe
C:\WINDOWS\system32\WinStat10.dll

Ater doing those steps please reboot your computer in Normal mode.

Now I want you to run CleanUp! and let it scan, after it finishes post a fresh HJT log and the log from Ad-Aware.

#14
saxman124

Posted 31 May 2005 - 02:40 PM

New Member

Topic Starter
Member
7 posts

I can't do all that. I noticed you wanted me to delete some files for programs I use constantly such as GoLeads and ACT. These are programs I use for my sales database and I fear even thinking about deleting these due to the loss of my whole database.

Is there something wrong with them?

Can you please look this over again and make sure I am not deleting anything dealing with ACT! or GoLeads? Just to be clear on this, GoLeads is a service I pay for and ACT! is actually made by Symantec and is used for my job as an outside sale rep. I didn't know if maybe these are being mistaken for "evil" programs or what.

Also all the stuff that says "by Pogo" is for that Pogo game website. Is there something wrong with those files as well?