Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora/ABI Network


  • This topic is locked This topic is locked

#1
JessKenziesMom

JessKenziesMom

    New Member

  • Member
  • Pip
  • 1 posts
Hi all! I had followed instructions from another web forum to eliminate the Aurora/ABI Network crap. They were all the instructions here with downloading the NailFix and Ewido. Did as stated, but Nail.exe will NOT go away. Now the site I was receiving help from is gone...don't know where it went, but it's gone. Can someone here PLEASE help me?? I would appreciate it SO much!! Here are my logs...

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:52:55 PM, 06/22/2005
+ Report-Checksum: B76CDB0F

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\OptClean.exe -> Heuristic.Win32.Hijacker1
C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\coach\aolcinst.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Downloader
C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\coach\aolcinst.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Downloader
C:\Documents and Settings\All Users\Application Data\AOL Downloads\update_setup90\comps\coach\aolcinst.exe/data\player\aolnysev.exe -> Heuristic.Win32.Downloader
C:\Documents and Settings\Valued Customer\Cookies\valued customer@adremote.timeinc[1].txt -> Spyware.Cookie.Timeinc
C:\Documents and Settings\Valued Customer\Cookies\valued customer@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter
C:\Documents and Settings\Valued Customer\Cookies\valued customer@element5[1].txt -> Spyware.Cookie.Element5
C:\Documents and Settings\Valued Customer\Cookies\valued customer@emarketmakers[2].txt -> Spyware.Cookie.Emarketmakers
C:\Documents and Settings\Valued Customer\Cookies\valued customer@everyone[2].txt -> Spyware.Cookie.Everyone
C:\Documents and Settings\Valued Customer\Cookies\valued customer@servedby.netshelter[2].txt -> Spyware.Cookie.Netshelter
C:\Documents and Settings\Valued Customer\Cookies\valued customer@techtracker[2].txt -> Spyware.Cookie.Techtracker
C:\Documents and Settings\Valued Customer\Cookies\valued customer@www.adwarereport[2].txt -> Spyware.Cookie.Adwarereport
C:\Documents and Settings\Valued Customer\Cookies\valued customer@www.aluriasoftware[1].txt -> Spyware.Cookie.Aluriasoftware
C:\Documents and Settings\Valued Customer\Cookies\valued customer@www.smarttargetting[1].txt -> Spyware.Cookie.Smarttargetting
C:\Documents and Settings\Valued Customer\Local Settings\Temp\30.tmp\thnall1ac.exe -> Spyware.BetterInternet
C:\Documents and Settings\Valued Customer\Local Settings\Temp\A.tmp\thnall1ac.exe -> Spyware.BetterInternet
C:\Documents and Settings\Valued Customer\Local Settings\Temp\AolCoach.cab/.\Data\player\aolnysev.exe -> Heuristic.Win32.Downloader
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@112.2o7[1].txt -> Spyware.Cookie.2o7
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@a.websponsors[1].txt -> Spyware.Cookie.Websponsors
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@about[1].txt -> Spyware.Cookie.About
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@adknowledge[2].txt -> Spyware.Cookie.Adknowledge
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@adreporting[2].txt -> Spyware.Cookie.Adreporting
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@ads.ah-ha[1].txt -> Spyware.Cookie.Ah-ha
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@ads.gorillanation[1].txt -> Spyware.Cookie.Gorillanation
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@aftrk[2].txt -> Spyware.Cookie.Aftrk
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@banner2.inet-traffic[2].txt -> Spyware.Cookie.Inet-traffic
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@bannerspace[1].txt -> Spyware.Cookie.Bannerspace
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@burstnet[2].txt -> Spyware.Cookie.Burstnet
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@captaincode[2].txt -> Spyware.Cookie.Captaincode
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@cheats.ign[2].txt -> Spyware.Cookie.Ign
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@com[2].txt -> Spyware.Cookie.Com
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@contexualsearch[1].txt -> Spyware.Cookie.Contexualsearch
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@cookie.tickle[1].txt -> Spyware.Cookie.Tickle
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@creativeby.viewpoint[2].txt -> Spyware.Cookie.Viewpoint
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@cz6.clickzs[2].txt -> Spyware.Cookie.Clickzs
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@dist.belnk[2].txt -> Spyware.Cookie.Belnk
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@e-2dj6wjloeiczcgq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@edge.ru4[2].txt -> Spyware.Cookie.Ru4
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@emarketmakers[1].txt -> Spyware.Cookie.Emarketmakers
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@everyone[2].txt -> Spyware.Cookie.Everyone
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@go2net[1].txt -> Spyware.Cookie.Go2net
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@gostats[1].txt -> Spyware.Cookie.Gostats
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@hb.lycos[1].txt -> Spyware.Cookie.Lycos
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@hydroderm.increaseyourhealth[1].txt -> Spyware.Cookie.Increaseyourhealth
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@ign[2].txt -> Spyware.Cookie.Ign
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@insightexpress[1].txt -> Spyware.Cookie.Insightexpress
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@ivwbox[1].txt -> Spyware.Cookie.Ivwbox
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@livestat[1].txt -> Spyware.Cookie.Livestat
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@maxpages[2].txt -> Spyware.Cookie.Maxpages
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@mediamgr.ugo[1].txt -> Spyware.Cookie.Ugo
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@metareward[1].txt -> Spyware.Cookie.Metareward
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@milfseeker[2].txt -> Spyware.Cookie.Milfseeker
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@musiciansfriend[1].txt -> Spyware.Cookie.Musiciansfriend
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@mywebsearch[1].txt -> Spyware.Cookie.Mywebsearch
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@offeroptimizer[1].txt -> Spyware.Cookie.Offeroptimizer
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@programs.wegcash[1].txt -> Spyware.Cookie.Wegcash
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@ps2.ign[1].txt -> Spyware.Cookie.Ign
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@rightmedia[1].txt -> Spyware.Cookie.Rightmedia
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@sageanalyst[1].txt -> Spyware.Cookie.Sageanalyst
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@secure.increaseyourhealth[1].txt -> Spyware.Cookie.Increaseyourhealth
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@sextoysex[1].txt -> Spyware.Cookie.Sextoysex
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@stats.klsoft[1].txt -> Spyware.Cookie.Klsoft
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@stats2.clicktracks[1].txt -> Spyware.Cookie.Clicktracks
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@theuseful[1].txt -> Spyware.Cookie.Theuseful
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@uproar[1].txt -> Spyware.Cookie.Uproar
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@vgstrategies.about[2].txt -> Spyware.Cookie.About
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@webpower[1].txt -> Spyware.Cookie.Webpower
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@whitepages[2].txt -> Spyware.Cookie.Whitepages
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@ww3.sextoysex[1].txt -> Spyware.Cookie.Sextoysex
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@www.funone[2].txt -> Spyware.Cookie.Funone
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@www.gamepro[1].txt -> Spyware.Cookie.Wwwgamepro
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@www.kmart[1].txt -> Spyware.Cookie.Wwwkmart
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@www.pch[1].txt -> Spyware.Cookie.Wwwpch
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@www.xposed[1].txt -> Spyware.Cookie.Xposed
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@www.xzoomy[1].txt -> Spyware.Cookie.Xzoomy
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@xuppa[2].txt -> Spyware.Cookie.Xuppa
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyghcjchoqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4egdjgfqaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoujcjkepg6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliogazekoasdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmykicjiloqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued customer@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyakczmaogqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture
C:\Documents and Settings\Valued Customer\Local Settings\Temp\EJJ\aurareco.exe -> Spyware.BetterInternet
C:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\HJBHJ1B8\CAO96X78.htm -> TrojanDownloader.FlingStone
C:\Documents and Settings\Valued Customer\Local Settings\Temp\v3temp\Disk1\Data1.cab/v3engine.sys -> Heuristic.Win32.Hijacker1
C:\Documents and Settings\Valued Customer\Local Settings\Temp\v3temp\Disk1\Engine\WinNT\V3Engine.sys -> Heuristic.Win32.Hijacker1
C:\Downloads\LemonadeTycoonSetup-dm[1].exe -> Spyware.Trymedia
C:\Program Files\BearShare\MediaTicket.exe -> Spyware.MediaTickets.f
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray.exe -> Heuristic.Win32.Backdoor4
C:\Program Files\Common Files\AOL\ACS\acsd.exe -> Heuristic.Win32.Keylogger
C:\Program Files\Common Files\AOL\ACS\acssetup.exe -> Heuristic.Win32.Keylogger
C:\Program Files\WildTangent\Components\wtDownloader0200.dll -> Heuristic.Win32.Downloader
C:\WINDOWS\jakwkkf.exe -> Spyware.BetterInternet
C:\WINDOWS\system32\in10b6s.dll -> Spyware.404Search
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll -> Spyware.WildTangent
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll -> Spyware.WildTangent
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent
C:\WINDOWS\zmukgoqwetg.exe -> Spyware.BetterInternet


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 1:58:53 PM, on 06/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\America Online 9.0b\waol.exe
C:\Program Files\AhnLab\Smart Update Utility\Ahnsdsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
C:\WINDOWS\system32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\America Online 9.0b\shellmon.exe
c:\windows\system32\qcazuu.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn3\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn3\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Canasta by pogo - http://canasta.pogo....a-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag...g-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.po...o-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.co...w-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/...n-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.co...u-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.co...m-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.co...n-ob-assets.cab
O16 - DPF: Yahoo! Canasta - http://download.game...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg...t/c381/chat.cab
O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab
O16 - DPF: Yahoo! Gin - http://download.game...nts/y/nt1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Pinochle - http://download.game...nts/y/ut2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pote_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g...ds_2_0_0_63.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...84/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....22/cpbrkpie.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak01.picture...ver.9.0.1.2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g...ds_2_0_0_36.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/...fault/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g...ng_2_0_0_18.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g...d8_2_0_0_22.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g...d9_2_0_0_22.cab
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\Ahnsdsv.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe


Jessica
  • 0

Advertisements


#2
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome JessKenziesMom to Geeks to Go!

Please disable winpatrol and spysweeper for the duration of this advise.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

***

Download the Killbox.
Unzip it to the desktop but do NOT run it yet.

***

Please download Nailfix from here:
http://www.noidea.us...050515010747824
Unzip it to the desktop but please do NOT run it yet.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.co.../safemode.shtml

***

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

***

Next please run HijackThis, click Scan, and check:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....22/cpbrkpie.cab

Close all open windows except for HijackThis and click Fix Checked.

***

Please double-click Killbox.exe to run it.

Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
c:\windows\system32\qcazuu.exe
Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
Make sure to reboot back to save mode.

***

Run a scan using Ewido, save the log.

***

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.



EDIT:
As there has been no reply from the original poster for more than two weeks this topic is now closed.

If you are the original poster and still need assistance, please send me a PM.

Edited by g2i2r4, 09 July 2005 - 11:31 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP