Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

nail.exe, missing on startup


  • This topic is locked This topic is locked

#1
Zeno McDohl

Zeno McDohl

    New Member

  • Member
  • Pip
  • 1 posts
On startup, I get this error:
---------------------------
C:WINDOWSNail.exe
---------------------------
Windows cannot find 'C:WINDOWSNail.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.
---------------------------
OK   
---------------------------

I know this is malware, so I removed it all. But this error is still there. I simply need to remove the reference that is telling it to start up. (since it doesn't exist) I do not see anything related to it in msconfig. Does anyone have any ideas?

Here's the log:
Logfile of HijackThis v1.99.1
Scan saved at 6:18:18 PM, on 6/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesCommon FilesAOLACSAOLAcsd.exe
C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
C:Program Filesewidoewidoctrl.exe
c:PROGRA~1mcafee.comvsomcvsrte.exe
C:WINDOWSsystem32nvsvc32.exe
c:PROGRA~1mcafee.comvsomcshield.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSExplorer.exe
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesHPhpcoretechhpcmpmgr.exe
C:WINDOWSSystem32spooldriversw32x863hpztsb10.exe
C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe
C:Program FilesMicrosoft HardwareMousepoint32.exe
C:PROGRA~1mcafee.comvsomcvsshld.exe
C:PROGRA~1mcafee.comagentmcagent.exe
C:Program FilesJavajre1.5.0_02binjusched.exe
C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
c:progra~1mcafee.comvsomcvsescn.exe
C:Program FilesTrilliantrillian.exe
C:Program FilesMUSHclientmushclient.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32winlogon.exe
C:Program Filesewidoewidoguard.exe
c:progra~1mcafee.comvsomcvsftsn.exe
C:Documents and SettingsTyDesktopHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe C:WINDOWSNail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:WINDOWSsystb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:WINDOWSsystem32dlatfswshx.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FlashGetjccatch.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:progra~1mcafee.comvsomcvsshl.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:PROGRA~1FlashGetfgiebar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 - HKLM..Run: [HP Component Manager] "C:Program FilesHPhpcoretechhpcmpmgr.exe"
O4 - HKLM..Run: [HPDJ Taskbar Utility] C:WINDOWSSystem32spooldriversw32x863hpztsb10.exe
O4 - HKLM..Run: [HP Software Update] "C:Program FilesHewlett-PackardHP Software UpdateHPWuSchd2.exe"
O4 - HKLM..Run: [POINTER] point32.exe
O4 - HKLM..Run: [VSOCheckTask] "c:PROGRA~1mcafee.comvsomcmnhdlr.exe" /checktask
O4 - HKLM..Run: [VirusScan Online] "c:PROGRA~1mcafee.comvsomcvsshld.exe"
O4 - HKLM..Run: [MCAgentExe] c:PROGRA~1mcafee.comagentmcagent.exe
O4 - HKLM..Run: [MCUpdateExe] C:PROGRA~1mcafee.comagentMcUpdate.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program FilesJavajre1.5.0_02binjusched.exe
O4 - HKLM..Run: [Microsoft Works Update Detection] C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
O4 - HKLM..Run: [iTunesHelper] C:Program FilesiTunesiTunesHelper.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:Program FilesAOL Toolbartoolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download All by FlashGet - C:Program FilesFlashGetjc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:Program FilesFlashGetjc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02binnpjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.5.0_02binnpjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:Program FilesAIMaim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:WINDOWSsystem32Shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:PROGRA~1FlashGetflashget.exe
O12 - Plugin for .spop: C:Program FilesInternet ExplorerPluginsNPDocBox.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1104000672249
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:Program FilesCommon FilesAOLACSAOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:Program FilesCommon FilesAOLTopSpeed2.0aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - C:Program Filesewidoewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:Program Filesewidoewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:PROGRA~1mcafee.comvsomcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:PROGRA~1McAfee.comAgentmcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:PROGRA~1mcafee.comvsomcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe

Edited by Zeno McDohl, 01 June 2005 - 04:22 PM.

  • 0

Advertisements


#2
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome Zeno McDohl to Geeks to Go!

Please print out and/or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below.

***

You have Spybot S&D's Teatimer running which is good, but we need you to disable it for the remainder of the fix as it will interfere with the registry changes being made.
Open Spybot S&D in advanced mode, click Tools > Resident, and remove the check from "Resident Tea-Timer". Reboot after unchecking the entry.
Check at the righthand corner next to your computerclock to see if Spybot's icon is still there. If so, click the icon and choose exit.

***

Please update Ewido to the latest definitions. Don't use it yet.

***

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

***

Then please run Ewido, and run a full scan. Save the logfile from the scan.

***

Next please run HijackThis, click Scan, and check:

R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

F2 - REG:system.ini: Shell=Explorer.exe C:WINDOWSNail.exe

O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:WINDOWSsystb.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
Close all open windows except for HijackThis and click Fix Checked.

***

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

EDIT:
As there has been no reply from the original poster for more than two weeks this topic is now closed.

If you are the original poster and still need assistance, please send me a PM.

Edited by g2i2r4, 18 June 2005 - 01:17 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP