[hobbes322]

I made a post last night about aurora pop ups and stuff, but apparently someone deleted it, so lets give it another whirl. Heres my HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 9:51:05 AM, on 5/29/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\games\steam\steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Cheating-Death\cdeath.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system32\rktizw.exe
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\Documents and Settings\Stevo\Desktop\Stevo's Stuff\Executables\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINDOWS\DOWNLO~1\instafin.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: XBTB03545 - {75BC6760-A53B-4a0f-BF70-D77F551F3FFC} - C:\PROGRA~1\SQUIZZ~1\SQUIZZ~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SquizzleBar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\SquizzleBar\squizzlebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [vhocroo] c:\windows\system32\rktizw.exe
O4 - HKCU\..\Run: [Steam] "c:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [iofk] C:\PROGRA~1\COMMON~1\iofk\iofkm.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.st.../soesysinfo.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

I then downloaded Ewido Security Suite and CC Cleaner, I ran both of them, here is my Ewido report, Uninstall log from HJT, and new HJT log.

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:52:01 AM, 5/29/2005
+ Report-Checksum: 93FB2274

+ Date of database: 5/29/2005
+ Version of scan engine: v3.0

+ Duration: 61 min
+ Scanned Files: 101019
+ Speed: 27.48 Files/Second
+ Infected files: 42
+ Removed files: 40
+ Files put in quarantine: 40
+ Files that could not be opened: 0
+ Files that could not be cleaned: 2

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Stevo\Cookies\[email protected][1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Stevo\Cookies\stevo@p[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Stevo\Cookies\stevo@real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Cleaned with backup
C:\Program Files\Common Files\iofk\iofkl.exe -> TrojanDownloader.TSUpdate.j -> Cleaned with backup
C:\Program Files\Common Files\iofk\iofkp.exe -> Spyware.Xupiter.m -> Cleaned with backup
C:\Program Files\Lycos\Sidesearch\sidesearch1400.dll -> Spyware.Sidesearch.c -> Cleaned with backup
C:\Program Files\SearchRelevant\SearchRelevant.dll -> Spyware.Relevance -> Cleaned with backup
C:\Program Files\Windows TaskAd\WinProject.dll -> Spyware.WinAD.b -> Cleaned with backup
C:\Program Files\WindowsSA\omniscient.exe -> Spyware.Omnigate -> Cleaned with backup
C:\Program Files\WindowsSA\omniscienthook.dll -> Spyware.Omnigate -> Cleaned with backup
C:\temp\NCasePackage.exe -> Spyware.180solutions -> Cleaned with backup
C:\temp\optimize.exe -> TrojanDownloader.Dyfuca.dk -> Cleaned with backup
C:\temp\WinAdCtlInstPack.exe -> Spyware.WinAD.b -> Cleaned with backup
C:\temp\WinCtlAdInstPack.exe -> Spyware.WinAD.f -> Cleaned with backup
C:\WINDOWS\iLookup\ezStub22.exe -> Spyware.EZula.z -> Cleaned with backup
C:\WINDOWS\iNetPal\EZThemes_m3tsp8.exe -> TrojanDownloader.Agent.er -> Cleaned with backup
C:\WINDOWS\mmaker2.exe -> Spyware.Ebates.a -> Cleaned with backup
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Cleaned with backup
C:\WINDOWS\polall1m.exe -> TrojanDownloader.Agent.ae -> Cleaned with backup
C:\WINDOWS\polmx.exe -> TrojanDownloader.Agent.ae -> Cleaned with backup
C:\WINDOWS\polmx3.exe -> TrojanDownloader.Agent.ae -> Cleaned with backup
C:\WINDOWS\remtm2.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\satmat.exe -> TrojanDownloader.Stubby.d -> Cleaned with backup
C:\WINDOWS\svcproc.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\WINDOWS\system32\apuc.dll -> Spyware.BargainBuddy.j -> Cleaned with backup
C:\WINDOWS\system32\axuninstall.exe -> Spyware.BlazeFind.e -> Cleaned with backup
C:\WINDOWS\system32\DrPMon.dll -> Trojan.Agent.db -> Cleaned with backup
C:\WINDOWS\system32\DrTemp\randreco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\system32\ezPopStub.exe -> Spyware.EZula.z -> Cleaned with backup
C:\WINDOWS\system32\HLInstaller1.exe -> Spyware.iSearch -> Cleaned with backup
C:\WINDOWS\system32\HyperLinker1.exe -> Spyware.iSearch -> Cleaned with backup
C:\WINDOWS\system32\ide21201.vxd -> Spyware.MediaPass -> Cleaned with backup
C:\WINDOWS\system32\InstaFinder_inst.exe -> Spyware.InstaFinder.a -> Cleaned with backup
C:\WINDOWS\system32\lmf32v.dll_tobedeleted -> Spyware.Suggestor.g -> Cleaned with backup
C:\WINDOWS\system32\randreco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\system32\rktizw.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\stmtreco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\system32\wsaupdater.exe -> Spyware.BlazeFind.b -> Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__DrPMon.dll -> Trojan.Agent.db -> Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__omniband.dll -> Spyware.BlazeFind.e -> Cleaned with backup
C:\WINDOWS\vmvzfashk.exe -> Spyware.BetterInternet -> Cleaned with backup


::Report End

Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0.1
Adrenaline Gamer
Age of Mythology
AOL Instant Messenger
AquaGreen
BitTorrent 4.0.1
BrainBread v1.2
CCleaner (remove only)
Chapter V
Cheating-Death 4.29.5
Dark Age of Camelot - Platinum Edition
Decal Converter
Direct Connect 2.0
DivX Codec
DivX Player
EverQuest II Trial of the Isle
ewido security suite
Firearms 3.0
Fraps
Garry's Mod 4a
Google Toolbar for Internet Explorer
Half-Life Model Viewer 1.25
Half-Life® 2
HijackThis 1.99.1
HL2CTF Beta v1.4
InstaFinder
IOS Beta v3.0
iPod for Windows 2005-02-07
iTunes
Java 2 Runtime Environment, SE v1.4.2_06
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
mIRC
Mozilla Firefox (1.0)
MSXML4 Parser
Natural Selection 3.0 Beta 4a
Nero - Burning Rom
NVIDIA Drivers
PartyPoker
QuickTime
RealPlayer
Realtek AC'97 Audio
Search Relevancy
Ship
Spybot - Search & Destroy 1.3
SquizzleBar
Steam
StyleXP (remove only)
Sven Co-op 3.0
TeamSpeak 2 RC2
Temper
The ABI Network- A Division of Direct Revenue
The Trenches
TSA
Ventrilo
VS v6.0
Web Offer
Webshots Desktop
Windows ControlAd
Windows Media Player Hotfix [See Q828026 for more information]
Windows SA
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB839645
Windows XP Hotfix - KB840315
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB841533
Windows XP Hotfix - KB841873
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q314862 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q321178 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q811493
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP1) Q819696
Windows XP Hotfix (SP2) [See Q329115 for more information]
WinRAR archiver
WinZip
Xfire (remove only)
Zombie Panic! 0.93

Logfile of HijackThis v1.99.1
Scan saved at 10:53:08 AM, on 5/29/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\games\steam\steam.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Cheating-Death\cdeath.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system32\cxtmeow.exe
C:\Documents and Settings\Stevo\Desktop\Stevo's Stuff\Executables\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - URLSearchHook: (no name) - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F2 - REG:system.ini: UserInit=C:\Windows\System32\wsaupdater.exe,
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: InstaFinder - {4E7BD74F-2B8D-469E-DCF7-F96DA086B434} - C:\WINDOWS\DOWNLO~1\instafin.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: XBTB03545 - {75BC6760-A53B-4a0f-BF70-D77F551F3FFC} - C:\PROGRA~1\SQUIZZ~1\SQUIZZ~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SquizzleBar - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\SquizzleBar\squizzlebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ojcngfu] c:\windows\system32\cxtmeow.exe
O4 - HKCU\..\Run: [Steam] "c:\games\steam\steam.exe" -silent
O4 - HKCU\..\Run: [iofk] C:\PROGRA~1\COMMON~1\iofk\iofkm.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.st.../soesysinfo.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

and this is the state I am in right now, no clue if it got rid of Aurora (will know soon I guess), but I also wanna make sure my comp is generally clean as well, please get back to me whenever possible.

[Advertisements]

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

[pomp]

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml


Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

[Kat]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.