Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Rapidly changing name exe...aurora? [RESOLVED]

Started by koniord , Jul 12 2005 11:53 AM

This topic is locked

#1
koniord

Posted 12 July 2005 - 11:53 AM

Member

Member
49 posts

Hallo,

This is a great site and I read some topics...you are doing a great job. Thanks in advance. I saw the donation link and I will use it as soon as I recover because it is very hard to find such help online.

I'm working on XP, no service packs installed. If needed I do not want to install sp2 because some audio applications I use have problems with it. No problem with SP1 .

After reading before posting....
I downloaded Ad-aware-spybot and fix-cwShredder-tds-3-clean up- hijackThis installed them after deinstalling all other relevant progs and did what the steps indicated.
Did I forget something?

My problem insists:

Logfile of HijackThis v1.99.1
Scan saved at 8:43:58 μμ, on 12/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\emitray.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\gcvlrdn.exe
C:\DOCUME~1\KWSTAS\LOCALS~1\Temp\CMB\aurareco.exe
C:\DOCUME~1\KWSTAS\LOCALS~1\Temp\D280\abiuninst.exe
C:\Documents and Settings\KWSTAS\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.gr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.gr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.gr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.gr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [jjthfoz] c:\windows\system32\xwafhkl.exe
O4 - HKLM\..\Run: [ukzkhfi] c:\windows\system32\nslkdrt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [qjxkmbh] c:\windows\system32\rozxgl.exe r
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to AD Black List - c:\program files\avant browser\AddToADBlackList.htm
O8 - Extra context menu item: Block All Images from the Same Server - c:\program files\avant browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Highlight - c:\program files\avant browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - c:\program files\avant browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - c:\program files\avant browser\Search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Emagic EMI 2|6 System Tray Service (emitray) - Emagic Soft- und Hardware GmbH - C:\WINDOWS\System32\emitray.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

I will not touch anything before I have an answer.
Thank you

Edited by koniord, 12 July 2005 - 07:24 PM.

#2
kool808

Posted 14 July 2005 - 08:11 AM

Visiting Staff

Member
1,690 posts

Hello and welcome to Geeks to Go! I'm kool808 and I will be helping you today.

I am working on your log. As soon as I made a good fix for this, I will post a reply. Thank you for your patience.

#3
kool808

Posted 14 July 2005 - 08:15 AM

Visiting Staff

Member
1,690 posts

hi there koniord, thank you very much for the compliments we are very glad to help you! We are happy with our job helping other people.

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection.
Click here
Apply the update, reboot, and post a fresh Hijack This log.

In case you only want the sp1a please do download and install it.
SP1a
========================================
http://www.softpedia...Pack-SP1a.shtml
========================================

Edited by kool808, 14 July 2005 - 08:15 AM.

#4
koniord

Posted 14 July 2005 - 04:26 PM

Member

Topic Starter
Member
49 posts

Hallo kool808 and thank you for your prompt reply.
I installed sp1.

Logfile of HijackThis v1.99.1
Scan saved at 1:23:22 πμ, on 15/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\emitray.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Documents and Settings\KWSTAS\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.gr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.gr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.gr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.gr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [jjthfoz] c:\windows\system32\xwafhkl.exe
O4 - HKLM\..\Run: [ukzkhfi] c:\windows\system32\nslkdrt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [qjxkmbh] c:\windows\system32\rozxgl.exe r
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Emagic EMI 2|6 System Tray Service (emitray) - Emagic Soft- und Hardware GmbH - C:\WINDOWS\System32\emitray.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Hope to hear from you soon.
The pop ups have stopped already by the way.

Thanks again

#5
kool808

Posted 14 July 2005 - 04:41 PM

Visiting Staff

Member
1,690 posts

That is good to hear. Please SAVE THIS PAGE or secure a PRINT COPY of the instructions for reference later.
=====================================
Please download the trial version of Ewido Security Suite [ HERE ]
Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from [ HERE ]
Unzip it to the desktop but please DO NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
(How to boot in Safe Mode...)

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#6
koniord

Posted 14 July 2005 - 07:29 PM

Member

Topic Starter
Member
49 posts

Ηallo kool808,

The nailfix link has a problem.
Also, I'm already using Ewido trial. Should I unistall it and then do the above?

Thanks,
koniord

#7
kool808

Posted 15 July 2005 - 01:34 AM

Visiting Staff

Member
1,690 posts

Also, I'm already using Ewido trial. Should I unistall it and then do the above?

We will be using this program for the moment since it has the very potential to disinfect our problem. Keep it for a moment and after we had cleaned your system you can safely uninstall it.

The nailfix link has a problem.

I am sorry for the link, the server must be down at that time. I changed the link, please continue with the next procedures.

Please SAVE THIS PAGE or secure a PRINT COPY of the instructions for reference later.
=================================

There are actually 3 links:
http://www.noidea.us...050515010747824 <-- downserver
http://users.pandora...chy/nailfix.zip <-- the zip version
http://users.pandora...chy/nailfix.exe <-- the exe selfextracting version

Please download Nailfix from Here
Unzip it to the desktop but please DO NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
(How to boot in Safe Mode...)

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#8
koniord

Posted 15 July 2005 - 06:24 AM

Member

Topic Starter
Member
49 posts

Hallo,

Starting in safe mode was a bit tricky because I fell into a loop of rebooting but after I managed to start windows again I did it from the msconfig.
Heres the new logs:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:07:14 μμ, 15/7/2005
+ Report-Checksum: 306A17CB

+ Scan result:

C:\Documents and Settings\KWSTAS\Cookies\kwstas@casinotropez[1].txt -> Spyware.Cookie.Casinotropez : Cleaned with backup
C:\Documents and Settings\KWSTAS\Cookies\kwstas@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\KWSTAS\Cookies\kwstas@xxxcounter[2].txt -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\KWSTAS\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\KWSTAS\Local Settings\Temp\D280\abiuninst.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\gcvlrdn.exe -> Adware.BetterInternet : Cleaned with backup

::Report End

Logfile of HijackThis v1.99.1
Scan saved at 3:14:26 μμ, on 15/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\emitray.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\Documents and Settings\KWSTAS\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.gr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.gr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.gr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.gr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [jjthfoz] c:\windows\system32\xwafhkl.exe
O4 - HKLM\..\Run: [ukzkhfi] c:\windows\system32\nslkdrt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [qjxkmbh] c:\windows\system32\rozxgl.exe r
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Emagic EMI 2|6 System Tray Service (emitray) - Emagic Soft- und Hardware GmbH - C:\WINDOWS\System32\emitray.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

I have a question.
During my attempts to start windows after the problem with F8 and starting in safe mode something changed and now when the computer boots it makes a noise coming from the floppy drive....this particular noise is enough to make me go crazy.
I had disabled booting from the floppy drive and this had stopped but now it does not work this way. What should I do?

thanks again

#9
kool808

Posted 15 July 2005 - 07:22 AM

Visiting Staff

Member
1,690 posts

I have a question.
During my attempts to start windows after the problem with F8 and starting in safe mode something changed and now when the computer boots it makes a noise coming from the floppy drive....this particular noise is enough to make me go crazy.
I had disabled booting from the floppy drive and this had stopped but now it does not work this way. What should I do?

Can you describe in details what you configured in the msconfig?

#10
koniord

Posted 15 July 2005 - 08:03 AM

Member

Topic Starter
Member
49 posts

I changed nothing in the msconfig window.
I went straight to Boot.ini, ticked /SAFEBOOT and restarted the pc.

When I finished working in safe mode I unticked /SAFEBOOT and restarted the pc in normal mode.

#11
koniord

Posted 15 July 2005 - 08:08 AM

Member

Topic Starter
Member
49 posts

Oh I'm sorry...when I said I had disabled booting from the floppy drive I ment from the BIOS and this happened a long time ago.
To be more accurate...1st boot devive:cd rom, 2nd boot device: Hard disk 3:cd rom ....I'm not sure about the exact terms but that is the order.

#12
kool808

Posted 15 July 2005 - 08:17 AM

Visiting Staff

Member
1,690 posts

Does it still make any noises?

Let us deal first with the infections, then let us troubleshoot that afterwards.
======================================
Please SAVE THIS PAGE or secure a PRINT COPY of the instructions for reference.

Download the latest version of Ad-Aware from HERE (if you already have Ad-Aware installed, make sure that it is the latest version and always go online and update it before you run it).
Follow the procedures for updates and setup here: Ad-Aware SE Setup
Do NOT run the scan yet!

Download Lavasoft's VX2 Cleaner plug-in HERE

Install the VX2 Cleaner
Start Ad-Aware SE
Go to "Plug-ins"
Select the VX2 Cleaner plug-in and click "Run Plugin"
If your computer isn't infected, click "Close".

If your computer is infected

Select "Clean system"
Reboot your computer
Scan your computer with Ad-Aware, full system scan.
Remove any VX2 objects detected
Reboot your computer again
Run a second scan to make sure the files have been removed from your computer

Reboot in SAFE MODE. (How to boot in Safe Mode...)
================================
We will now fix the remaining problems with HijackThis. Please close all remaining windows, disconnect from the internet, open HijackThis then click SCAN. Please put a check on the following items listed below:

O4 - HKLM\..\Run: [jjthfoz] c:\windows\system32\xwafhkl.exe
O4 - HKLM\..\Run: [ukzkhfi] c:\windows\system32\nslkdrt.exe
O4 - HKLM\..\Run: [qjxkmbh] c:\windows\system32\rozxgl.exe r

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab

Make sure to double check the items you have selected,then click Fix Checked.

Open Ad-Aware 1.06r , then performa a full system scan.

Be sure to View Hidden and System Files.

Through Windows Explorer, delete the following folder(s) or files(s) if they exist (in bold):

c:\windows\system32\xwafhkl.exe
c:\windows\system32\nslkdrt.exe
c:\windows\system32\rozxgl.exe

Finally, Empty Recycle Bin
======================================
Reboot in NORMAL MODE.

To make sure it is perfectly clean let us have the final check.

Close all windows, open HijackThis then SCAN.
Post a NEW HijackThis Log.
Please tell me how your system is working now.

#13
koniord

Posted 15 July 2005 - 09:15 AM

Member

Topic Starter
Member
49 posts

Hallo
The system is working

Logfile of HijackThis v1.99.1
Scan saved at 6:12:57 μμ, on 15/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\emitray.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\imapi.exe
C:\Documents and Settings\KWSTAS\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.gr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.gr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com.gr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.gr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Emagic EMI 2|6 System Tray Service (emitray) - Emagic Soft- und Hardware GmbH - C:\WINDOWS\System32\emitray.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Please let me know about the gloppy noise thing.
Thank you very much

#14
kool808

Posted 15 July 2005 - 05:14 PM

Visiting Staff

Member
1,690 posts

Hi koniord, very good you did a great job! Your log is much much better now. There is one more thing I need to verify.

Emagic Soft- und Hardware GmbH - C:\WINDOWS\System32\emitray.exe

Are you familiar with this? Did you install it on your system?

If you are not sure with this then I shall proceed with my next fix for you, otherwise if you are familiar with it then we proceed with the final clean up and prevention tips. :tazz:

We will deal with the mousy thing later, will that be fine with you?

#15
koniord

Posted 15 July 2005 - 06:06 PM

Member

Topic Starter
Member
49 posts

That is absolutely fine with me.
Emagic (model name:EMI 2|6) is a usb soundcard I use for music listening but I'm not sure what this exe is. I would prefer to keep it.

Edited by koniord, 15 July 2005 - 06:09 PM.