Ad:

Viruses, Spyware and other Nasties Discussion Thread
Unsolved
Views: 17867

You are currently viewing page 1 of this multi-page discussion thread

May 11th, 2005

need help with aurora popups

Expand Post »

Hi im a new member so if you could tell me where to download HJT and post results here that would be great.

Now my problem is that I have the aurora popup and on task manager there is a process with a random name like xlkdfh.exe and when i end process, another one with a random name comes up. its properties say like TODOS product or something. I read on a different thread that someone had the exact problem i had so i started this one and i assume u guys know the problem im talking about. The things ive tried are i saw what someone told that other person to run ewido scan in safe mode and i cleaned everything except this one "worm.something.something" in my D drive cuz my D drive is my recovery drive or w/e. So when i rebooted, the random name process was gone but aurora was still there and then the name changing thing came back. I just ran Ad aware and i looked at the quarantine list and Aurora was there but i dont think it worked.

So if you could help me get rid of aurora, that would be awesome.

Similar Threads

aurora popups causing problems, could be more in Viruses, Spyware and other Nasties
Aurora popups and Drpmon.dll trouble in Viruses, Spyware and other Nasties
aurora popups in Viruses, Spyware and other Nasties
Aurora Popups troubles in Viruses, Spyware and other Nasties
Aurora popups casing major problems?! in Viruses, Spyware and other Nasties

ysb21189

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

24 posts
since May 2005

Permalink

May 11th, 2005

Re: need help with aurora popups

Post your log right here.

Download HijackThis selfextracting zip version from here. Once downloaded, double click on the file & it will install into it's own, permanent folder.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Online

12,165 posts
since Feb 2004

Permalink

May 11th, 2005

Re: need help with aurora popups

OK here is my log. can i just ask where the folder is?

Logfile of HijackThis v1.99.1
Scan saved at 6:00:53 PM, on 5/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\conime.exe
c:\windows\system32\zokmva.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Local Settings\Temp\_AZTMP0_\HijackThis.exe

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C18517DA-CA70-46CE-86F4-882F6B62E975} - C:\PROGRA~1\UBIZNA~1\MyKey\bms.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: (no name) - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - (no file)
O3 - Toolbar: ¸¶AIA°¿oμa(&K) - {46D387E9-41FC-4F71-A7C3-B0BEB3568F00} - C:\PROGRA~1\UBIZNA~1\MyKey\keyband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
O4 - HKLM\..\Run: [scvhost] scvhost.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoft.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [NS] ns.exe
O4 - HKLM\..\Run: [IMJPMIG8.3] IMJPMIG8_3.exe
O4 - HKLM\..\Run: [ikanap] c:\windows\system32\zokmva.exe
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [scvhost] scvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoft.exe
O4 - HKLM\..\RunServices: [NS] ns.exe
O4 - HKLM\..\RunServices: [IMJPMIG8.3] IMJPMIG8_3.exe
O4 - HKLM\..\RunServices: [Windows Helpers] windowhelpers.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [kbdur] C:\WINDOWS\system32\kbdur.exe
O4 - HKCU\..\Run: [rate.exe] C:\WINDOWS\System32\i11r54n4.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ¸®¼A¡ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.gopd.co.kr
O15 - Trusted Zone: http://*.gopd.co.kr
O15 - Trusted Zone: http://cfolder.nownuri.net
O15 - Trusted Zone: http://client.nownuri.net
O15 - Trusted Zone: http://club.nownuri.net
O15 - Trusted Zone: http://help.nownuri.net
O15 - Trusted Zone: http://helpdesk.nownuri.net
O15 - Trusted Zone: http://join.nownuri.net
O15 - Trusted Zone: http://mplug.nownuri.net
O15 - Trusted Zone: http://pdsfind1.nownuri.net
O15 - Trusted Zone: http://www.nownuri.net
O15 - Trusted Zone: http://*.nownuri.net
O15 - Trusted Zone: http://adrenalin.pdbox.co.kr
O15 - Trusted Zone: http://bbs.pdbox.co.kr
O15 - Trusted Zone: http://bbs2.pdbox.co.kr
O15 - Trusted Zone: http://bbs3.pdbox.co.kr
O15 - Trusted Zone: http://bbs4.pdbox.co.kr
O15 - Trusted Zone: http://client.pdbox.co.kr
O15 - Trusted Zone: http://cp.pdbox.co.kr
O15 - Trusted Zone: http://find.pdbox.co.kr
O15 - Trusted Zone: http://ftp2.pdbox.co.kr
O15 - Trusted Zone: http://gopd.pdbox.co.kr
O15 - Trusted Zone: http://help.pdbox.co.kr
O15 - Trusted Zone: http://mboard.pdbox.co.kr
O15 - Trusted Zone: http://media.cp.pdbox.co.kr
O15 - Trusted Zone: http://mfind.pdbox.co.kr
O15 - Trusted Zone: http://my.pdbox.co.kr
O15 - Trusted Zone: http://point.pdbox.co.kr
O15 - Trusted Zone: http://shop.pdbox.co.kr
O15 - Trusted Zone: http://side.pdbox.co.kr
O15 - Trusted Zone: http://www.pdbox.co.kr
O15 - Trusted Zone: http://*.pdbox.co.kr
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 81.222.131.59
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O16 - DPF: 799BB2EC-572A-42A9-84AD-112806F4F551 -
O16 - DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter16 Class) - http://www.netmarble.net/game/nmstarter/NMStarter16.cab
O16 - DPF: {2AE5077E-2BCD-4B77-9D19-237C882BD6AF} - http://www.monario.com/ActiveX/monariofiledownload.cab
O16 - DPF: {35B93CED-4B24-4FA7-B143-B4F5BBBA9F7A} (BugsPatcher Control) - http://gamepatch.bugs.co.kr/BugsPatcher.cab
O16 - DPF: {48ED5A74-A5A6-4EDE-AAC5-42D697FC3F19} (cyberX Control) - http://www.cyberoro.com/download/cyber.cab
O16 - DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} (XIsOro Control) - http://www.cyberoro.com/download/OroCheck.cab
O16 - DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} (HanGamePlugin19 Class) - http://down.hangame.com/dist/activex...mePlugin19.cab
O16 - DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} (Imweb Control) - http://activexdown.paran.com/paranac...data/imweb.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} - http://ahnlabdownload.nefficient.co....firewall20.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.co.kr/install/bugsLoader20040811.cab
O16 - DPF: {B2AEC562-9C98-459D-A596-6850EB2CE623} - http://www.omi.co.kr/search/chart_pa...omparison4.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary...o.cab27571.cab
O16 - DPF: {B9DD5FFF-776D-4E53-93D3-A4463E63AD86} (CN°OAOA￠¼OCA·I±×·￥) - http://cdn.hangame.com/hangame/messe.../HanWebMsg.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary...t.cab27591.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://gameguard.nefficient.co.kr/gr...rypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B194D895-CE3A-40D7-8D35-A58D582028FD}: NameServer = 4.2.2.1 4.2.2.2
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\ewidoctrl.exe
O23 - Service: IMJPMIG8.3 - Unknown owner - C:\WINDOWS\System32\IMJPMIG8_3.exe" -service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NS (MSLLR) - Unknown owner - C:\WINDOWS\System32\ns.exe" -service (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

ysb21189

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

24 posts
since May 2005

Permalink

May 12th, 2005

Re: need help with aurora popups

Hi ysb21189, welcome to DaniWeb

You've got HijackThis in a Temp folder (C:\Documents and Settings\Owner\Local Settings\Temp\_AZTMP0_\HijackThis.exe) and it needs to be in it's own permanent folder, like c:\HJT\hijackthis.exe, so it -- and the backups it will create -- don't get accidently deleted.

After you've moved it, close any open browser windows, scan with hijackthis and post a new log please.

dlh6213

Team Colleague

Reputation Points: 63

Solved Threads: 213

Posting Maven

Offline

2,962 posts
since Jul 2004

Permalink

May 12th, 2005

Re: need help with aurora popups

Can I ask how you managed to get hijackthis into a temporary folder using a self-extracting zip file that unzips the .exe into C:\Program Files\HijackThis?

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Online

12,165 posts
since Feb 2004

Permalink

May 12th, 2005

Re: need help with aurora popups

ok i downloaded it to a permanent folder after uninstalling it. heh i dont know what i did the first time....

Logfile of HijackThis v1.99.1
Scan saved at 5:20:12 PM, on 5/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
c:\windows\system32\kxfmgol.exe
C:\WINDOWS\System32\conime.exe
C:\Documents and Settings\Owner\My Documents\bryan\edwido\security

suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no

file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no

file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:

\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c

:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C18517DA-CA70-46CE-86F4-882F6B62E975} - C:\PROGRA~

1\UBIZNA~1\MyKey\bms.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:

\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: (no name) - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - (no file)
O3 - Toolbar: ¸¶AIA°¿oμa(&K) - {46D387E9-41FC-4F71-A7C3-B0BEB3568F00} - C:

\PROGRA~1\UBIZNA~1\MyKey\keyband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common

Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon

2k.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver

3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program

Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program

Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04

\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32

\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /

Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32

\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32

\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32

\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
O4 - HKLM\..\Run: [scvhost] scvhost.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoft.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft

Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [NS] ns.exe
O4 - HKLM\..\Run: [IMJPMIG8.3] IMJPMIG8_3.exe
O4 - HKLM\..\Run: [hojwrl] c:\windows\system32\kxfmgol.exe
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [scvhost] scvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoft.exe
O4 - HKLM\..\RunServices: [NS] ns.exe
O4 - HKLM\..\RunServices: [IMJPMIG8.3] IMJPMIG8_3.exe
O4 - HKLM\..\RunServices: [Windows Helpers] windowhelpers.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [kbdur] C:\WINDOWS\system32\kbdur.exe
O4 - HKCU\..\Run: [rate.exe] C:\WINDOWS\System32\i11r54n4.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common

Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI

1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program

files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:

\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C

608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ¸®¼A¡ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:

\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program

Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:

\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.gopd.co.kr
O15 - Trusted Zone: http://*.gopd.co.kr
O15 - Trusted Zone: http://cfolder.nownuri.net
O15 - Trusted Zone: http://client.nownuri.net
O15 - Trusted Zone: http://club.nownuri.net
O15 - Trusted Zone: http://help.nownuri.net
O15 - Trusted Zone: http://helpdesk.nownuri.net
O15 - Trusted Zone: http://join.nownuri.net
O15 - Trusted Zone: http://mplug.nownuri.net
O15 - Trusted Zone: http://pdsfind1.nownuri.net
O15 - Trusted Zone: http://www.nownuri.net
O15 - Trusted Zone: http://*.nownuri.net
O15 - Trusted Zone: http://adrenalin.pdbox.co.kr
O15 - Trusted Zone: http://bbs.pdbox.co.kr
O15 - Trusted Zone: http://bbs2.pdbox.co.kr
O15 - Trusted Zone: http://bbs3.pdbox.co.kr
O15 - Trusted Zone: http://bbs4.pdbox.co.kr
O15 - Trusted Zone: http://client.pdbox.co.kr
O15 - Trusted Zone: http://cp.pdbox.co.kr
O15 - Trusted Zone: http://find.pdbox.co.kr
O15 - Trusted Zone: http://ftp2.pdbox.co.kr
O15 - Trusted Zone: http://gopd.pdbox.co.kr
O15 - Trusted Zone: http://help.pdbox.co.kr
O15 - Trusted Zone: http://mboard.pdbox.co.kr
O15 - Trusted Zone: http://media.cp.pdbox.co.kr
O15 - Trusted Zone: http://mfind.pdbox.co.kr
O15 - Trusted Zone: http://my.pdbox.co.kr
O15 - Trusted Zone: http://point.pdbox.co.kr
O15 - Trusted Zone: http://shop.pdbox.co.kr
O15 - Trusted Zone: http://side.pdbox.co.kr
O15 - Trusted Zone: http://www.pdbox.co.kr
O15 - Trusted Zone: http://*.pdbox.co.kr
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 81.222.131.59
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O16 - DPF: 799BB2EC-572A-42A9-84AD-112806F4F551 -
O16 - DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter16 Class) -

http://www.netmarble.net/game/nmstarter/NMStarter16.cab
O16 - DPF: {2AE5077E-2BCD-4B77-9D19-237C882BD6AF} - http://www.monario.com

/ActiveX/monariofiledownload.cab
O16 - DPF: {35B93CED-4B24-4FA7-B143-B4F5BBBA9F7A} (BugsPatcher Control) - http

://gamepatch.bugs.co.kr/BugsPatcher.cab
O16 - DPF: {48ED5A74-A5A6-4EDE-AAC5-42D697FC3F19} (cyberX Control) - http://

www.cyberoro.com/download/cyber.cab
O16 - DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} (XIsOro Control) - http://

www.cyberoro.com/download/OroCheck.cab
O16 - DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} (HanGamePlugin19 Class) -

http://down.hangame.com/dist/activex...mePlugin19.cab
O16 - DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} (Imweb Control) - http://

activexdown.paran.com/paranactivex/data/imweb.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://

download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://

cafeimg.hanmail.net/cab9/dmcc2.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} - http://ahnlabdownload.

nefficient.co.kr/plugin/myfirewall/myfirewall20.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://

player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://

player.bugs.co.kr/install/bugsLoader20040811.cab
O16 - DPF: {B2AEC562-9C98-459D-A596-6850EB2CE623} - http://www.omi.co.kr/

search/chart_package/comparison4.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.

msn.com/binary/ZIntro.cab27571.cab
O16 - DPF: {B9DD5FFF-776D-4E53-93D3-A4463E63AD86} (CN°OAOA￠¼OCA·I±×·￥

) - http://cdn.hangame.com/hangame/messe.../HanWebMsg.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.

msn.com/binary/Bankshot.cab27591.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://

player.bugs.co.kr/install/bugsLoader20041018.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://gameguard.

nefficient.co.kr/grigon/gamegard/nProtect/keycrypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B194D895-CE3A-40D7-8D35-A58D

582028FD}: NameServer = 4.2.2.1 4.2.2.2
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2

evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and

Settings\Owner\My Documents\bryan\edwido\security suite\ewidoctrl.exe
O23 - Service: IMJPMIG8.3 - Unknown owner - C:\WINDOWS\System32\IMJPMIG8_

3.exe" -service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: NS (MSLLR) - Unknown owner - C:\WINDOWS\System32\ns.exe" -

service (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.

exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:

\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:

\WINDOWS\svcproc.exe

ysb21189

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

24 posts
since May 2005

Permalink

May 12th, 2005

Re: need help with aurora popups

Hi ysb21189,

The formatting of the last HJT log you posted came out a bit weird in terms of line breaks and spacings, making it rather difficult to read. Could you try to repost that log so that it appears like your your first log formatting-wise?

Thanks.

DMR

Team Colleague

Reputation Points: 221

Solved Threads: 369

Wombat At Large

Offline

6,439 posts
since Dec 2003

Permalink

May 12th, 2005

Re: need help with aurora popups

Logfile of HijackThis v1.99.1
Scan saved at 9:30:10 PM, on 5/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\ALCXMNTR.EXE
c:\windows\system32\dvkvlum.exe
C:\WINDOWS\System32\conime.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C18517DA-CA70-46CE-86F4-882F6B62E975} - C:\PROGRA~1\UBIZNA~1\MyKey\bms.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: (no name) - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - (no file)
O3 - Toolbar: ¸¶AIA°¿oμa(&K) - {46D387E9-41FC-4F71-A7C3-B0BEB3568F00} - C:\PROGRA~1\UBIZNA~1\MyKey\keyband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
O4 - HKLM\..\Run: [scvhost] scvhost.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoft.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [NS] ns.exe
O4 - HKLM\..\Run: [IMJPMIG8.3] IMJPMIG8_3.exe
O4 - HKLM\..\Run: [fgpsge] c:\windows\system32\dvkvlum.exe
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [scvhost] scvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoft.exe
O4 - HKLM\..\RunServices: [NS] ns.exe
O4 - HKLM\..\RunServices: [IMJPMIG8.3] IMJPMIG8_3.exe
O4 - HKLM\..\RunServices: [Windows Helpers] windowhelpers.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [kbdur] C:\WINDOWS\system32\kbdur.exe
O4 - HKCU\..\Run: [rate.exe] C:\WINDOWS\System32\i11r54n4.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ¸®¼A¡ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.gopd.co.kr
O15 - Trusted Zone: http://*.gopd.co.kr
O15 - Trusted Zone: http://cfolder.nownuri.net
O15 - Trusted Zone: http://client.nownuri.net
O15 - Trusted Zone: http://club.nownuri.net
O15 - Trusted Zone: http://help.nownuri.net
O15 - Trusted Zone: http://helpdesk.nownuri.net
O15 - Trusted Zone: http://join.nownuri.net
O15 - Trusted Zone: http://mplug.nownuri.net
O15 - Trusted Zone: http://pdsfind1.nownuri.net
O15 - Trusted Zone: http://www.nownuri.net
O15 - Trusted Zone: http://*.nownuri.net
O15 - Trusted Zone: http://adrenalin.pdbox.co.kr
O15 - Trusted Zone: http://bbs.pdbox.co.kr
O15 - Trusted Zone: http://bbs2.pdbox.co.kr
O15 - Trusted Zone: http://bbs3.pdbox.co.kr
O15 - Trusted Zone: http://bbs4.pdbox.co.kr
O15 - Trusted Zone: http://client.pdbox.co.kr
O15 - Trusted Zone: http://cp.pdbox.co.kr
O15 - Trusted Zone: http://find.pdbox.co.kr
O15 - Trusted Zone: http://ftp2.pdbox.co.kr
O15 - Trusted Zone: http://gopd.pdbox.co.kr
O15 - Trusted Zone: http://help.pdbox.co.kr
O15 - Trusted Zone: http://mboard.pdbox.co.kr
O15 - Trusted Zone: http://media.cp.pdbox.co.kr
O15 - Trusted Zone: http://mfind.pdbox.co.kr
O15 - Trusted Zone: http://my.pdbox.co.kr
O15 - Trusted Zone: http://point.pdbox.co.kr
O15 - Trusted Zone: http://shop.pdbox.co.kr
O15 - Trusted Zone: http://side.pdbox.co.kr
O15 - Trusted Zone: http://www.pdbox.co.kr
O15 - Trusted Zone: http://*.pdbox.co.kr
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 81.222.131.59
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O16 - DPF: 799BB2EC-572A-42A9-84AD-112806F4F551 -
O16 - DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter16 Class) - http://www.netmarble.net/game/nmstarter/NMStarter16.cab
O16 - DPF: {2AE5077E-2BCD-4B77-9D19-237C882BD6AF} - http://www.monario.com/ActiveX/monariofiledownload.cab
O16 - DPF: {35B93CED-4B24-4FA7-B143-B4F5BBBA9F7A} (BugsPatcher Control) - http://gamepatch.bugs.co.kr/BugsPatcher.cab
O16 - DPF: {48ED5A74-A5A6-4EDE-AAC5-42D697FC3F19} (cyberX Control) - http://www.cyberoro.com/download/cyber.cab
O16 - DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} (XIsOro Control) - http://www.cyberoro.com/download/OroCheck.cab
O16 - DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} (HanGamePlugin19 Class) - http://down.hangame.com/dist/activex...mePlugin19.cab
O16 - DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} (Imweb Control) - http://activexdown.paran.com/paranac...data/imweb.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} - http://ahnlabdownload.nefficient.co....firewall20.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.co.kr/install/bugsLoader20040811.cab
O16 - DPF: {B2AEC562-9C98-459D-A596-6850EB2CE623} - http://www.omi.co.kr/search/chart_pa...omparison4.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary...o.cab27571.cab
O16 - DPF: {B9DD5FFF-776D-4E53-93D3-A4463E63AD86} (CN°OAOA￠¼OCA·I±×·￥) - http://cdn.hangame.com/hangame/messe.../HanWebMsg.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary...t.cab27591.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://gameguard.nefficient.co.kr/gr...rypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B194D895-CE3A-40D7-8D35-A58D582028FD}: NameServer = 4.2.2.1 4.2.2.2
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\ewidoctrl.exe
O23 - Service: IMJPMIG8.3 - Unknown owner - C:\WINDOWS\System32\IMJPMIG8_3.exe" -service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NS (MSLLR) - Unknown owner - C:\WINDOWS\System32\ns.exe" -service (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

ysb21189

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

24 posts
since May 2005

Permalink

May 13th, 2005

Re: need help with aurora popups

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please run Notepad and copy the following text into a new file:

Quote ...

@ECHO OFF
cd %windir%
Nail.exe /FULLREMOVE
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h nail.exe
attrib -s -r -h svcproc.exe
del nail.exe
del svcproc.exe
cd %windir%\system32
attrib -s -r -h DrPMon.dll
del DrPMon.dll
exit

Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files".

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

Once in Safe Mode, please double-click on remove.bat. A window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Post the log from the scan here for me.

Then please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

crunchie

Moderator

Featured Poster

Reputation Points: 1142

Solved Threads: 982

Most Valuable Poster

Online

12,165 posts
since Feb 2004

Permalink

May 14th, 2005

Re: need help with aurora popups

ok i did exactly as u told me(even printed the directions...)

here is the Ewido report:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:42:39 PM, 5/14/2005
+ Report-Checksum: B77E2EC

+ Date of database: 5/14/2005
+ Version of scan engine: v3.0

+ Duration: 57 min
+ Scanned Files: 145110
+ Speed: 42.33 Files/Second
+ Infected files: 13
+ Removed files: 13
+ Files put in quarantine: 13
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\

+ Scan result:
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-stampsdotcom.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@geocities[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\temp.frE7E1 -> Trojan.Agent.db -> Cleaned with backup
C:\WINDOWS\cwcvfskqtvc.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Cleaned with backup
C:\WINDOWS\system32\urknvwv.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\xvimhpx.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\tool1.exe -> Trojan.LowZones.y -> Cleaned with backup
C:\WINDOWS\zipped.tmp/your_details.doc .exe -> Worm.NetSky.x -> Cleaned with backup

::Report End

and here is the HJT log after restarting:
Logfile of HijackThis v1.99.1
Scan saved at 12:50:43 PM, on 5/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\System32\conime.exe
C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497}_ - (no file)
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C18517DA-CA70-46CE-86F4-882F6B62E975} - C:\PROGRA~1\UBIZNA~1\MyKey\bms.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: (no name) - {9E3849D6-41EF-4B2F-86B7-632EF90758E4} - (no file)
O3 - Toolbar: ¸¶AIA°¿oμa(&K) - {46D387E9-41FC-4F71-A7C3-B0BEB3568F00} - C:\PROGRA~1\UBIZNA~1\MyKey\keyband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
O4 - HKLM\..\Run: [scvhost] scvhost.exe
O4 - HKLM\..\Run: [Microsoft Update] Microsoft.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [imekrmig7.0] "C:\Program Files\Common Files\Microsoft Shared\IME\IMKR7\IMEKRMIG.EXE"
O4 - HKLM\..\Run: [NS] ns.exe
O4 - HKLM\..\Run: [IMJPMIG8.3] IMJPMIG8_3.exe
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [scvhost] scvhost.exe
O4 - HKLM\..\RunServices: [Microsoft Update] Microsoft.exe
O4 - HKLM\..\RunServices: [NS] ns.exe
O4 - HKLM\..\RunServices: [IMJPMIG8.3] IMJPMIG8_3.exe
O4 - HKLM\..\RunServices: [Windows Helpers] windowhelpers.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [kbdur] C:\WINDOWS\system32\kbdur.exe
O4 - HKCU\..\Run: [rate.exe] C:\WINDOWS\System32\i11r54n4.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ¸®¼A¡ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.gopd.co.kr
O15 - Trusted Zone: http://*.gopd.co.kr
O15 - Trusted Zone: http://cfolder.nownuri.net
O15 - Trusted Zone: http://client.nownuri.net
O15 - Trusted Zone: http://club.nownuri.net
O15 - Trusted Zone: http://help.nownuri.net
O15 - Trusted Zone: http://helpdesk.nownuri.net
O15 - Trusted Zone: http://join.nownuri.net
O15 - Trusted Zone: http://mplug.nownuri.net
O15 - Trusted Zone: http://pdsfind1.nownuri.net
O15 - Trusted Zone: http://www.nownuri.net
O15 - Trusted Zone: http://*.nownuri.net
O15 - Trusted Zone: http://adrenalin.pdbox.co.kr
O15 - Trusted Zone: http://bbs.pdbox.co.kr
O15 - Trusted Zone: http://bbs2.pdbox.co.kr
O15 - Trusted Zone: http://bbs3.pdbox.co.kr
O15 - Trusted Zone: http://bbs4.pdbox.co.kr
O15 - Trusted Zone: http://client.pdbox.co.kr
O15 - Trusted Zone: http://cp.pdbox.co.kr
O15 - Trusted Zone: http://find.pdbox.co.kr
O15 - Trusted Zone: http://ftp2.pdbox.co.kr
O15 - Trusted Zone: http://gopd.pdbox.co.kr
O15 - Trusted Zone: http://help.pdbox.co.kr
O15 - Trusted Zone: http://mboard.pdbox.co.kr
O15 - Trusted Zone: http://media.cp.pdbox.co.kr
O15 - Trusted Zone: http://mfind.pdbox.co.kr
O15 - Trusted Zone: http://my.pdbox.co.kr
O15 - Trusted Zone: http://point.pdbox.co.kr
O15 - Trusted Zone: http://shop.pdbox.co.kr
O15 - Trusted Zone: http://side.pdbox.co.kr
O15 - Trusted Zone: http://www.pdbox.co.kr
O15 - Trusted Zone: http://*.pdbox.co.kr
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 81.222.131.59
O15 - Trusted IP range: 81.222.131.59 (HKLM)
O16 - DPF: 799BB2EC-572A-42A9-84AD-112806F4F551 -
O16 - DPF: {00001016-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter16 Class) - http://www.netmarble.net/game/nmstarter/NMStarter16.cab
O16 - DPF: {2AE5077E-2BCD-4B77-9D19-237C882BD6AF} - http://www.monario.com/ActiveX/monariofiledownload.cab
O16 - DPF: {35B93CED-4B24-4FA7-B143-B4F5BBBA9F7A} (BugsPatcher Control) - http://gamepatch.bugs.co.kr/BugsPatcher.cab
O16 - DPF: {48ED5A74-A5A6-4EDE-AAC5-42D697FC3F19} (cyberX Control) - http://www.cyberoro.com/download/cyber.cab
O16 - DPF: {48FE89A0-486C-48DF-9DEC-BED22BDC6057} (XIsOro Control) - http://www.cyberoro.com/download/OroCheck.cab
O16 - DPF: {5876CAD0-1636-42EA-AC50-4C06F3196089} (HanGamePlugin19 Class) - http://down.hangame.com/dist/activex...mePlugin19.cab
O16 - DPF: {799BB2EC-572A-42A9-84AD-112806F4F551} (Imweb Control) - http://activexdown.paran.com/paranac...data/imweb.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/cab9/dmcc2.cab
O16 - DPF: {9BDBC41E-C335-4263-83C0-ECE78EE28A33} - http://ahnlabdownload.nefficient.co....firewall20.cab
O16 - DPF: {9BED3AC7-E6D4-43E7-B8A1-1FA502F639E1} (XTools Control) - http://player.bugs.co.kr/install/mv/XTools.cab
O16 - DPF: {A1CCCFF4-0DF9-4FFC-99A3-A37A0F3D8E18} (p3bgset Class) - http://player.bugs.co.kr/install/bugsLoader20040811.cab
O16 - DPF: {B2AEC562-9C98-459D-A596-6850EB2CE623} - http://www.omi.co.kr/search/chart_pa...omparison4.CAB
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary...o.cab27571.cab
O16 - DPF: {B9DD5FFF-776D-4E53-93D3-A4463E63AD86} (CN°OAOA￠¼OCA·I±×·￥) - http://cdn.hangame.com/hangame/messe.../HanWebMsg.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} - http://messenger.zone.msn.com/binary...t.cab27591.cab
O16 - DPF: {BF628973-1E86-4D0E-B42C-EDDECFFABDBC} (Bugs AoD Class) - http://player.bugs.co.kr/install/bugsLoader20041018.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} - http://gameguard.nefficient.co.kr/gr...rypt/npkcx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B194D895-CE3A-40D7-8D35-A58D582028FD}: NameServer = 4.2.2.1 4.2.2.2
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Owner\My Documents\bryan\edwido\security suite\ewidoctrl.exe
O23 - Service: IMJPMIG8.3 - Unknown owner - C:\WINDOWS\System32\IMJPMIG8_3.exe" -service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NS (MSLLR) - Unknown owner - C:\WINDOWS\System32\ns.exe" -service (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

ysb21189

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

24 posts
since May 2005

Page 1
2
3
4
5
Next

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: seriously infected computer

Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Slow computer.. HJLog.. PLease Diagnose

DaniWeb Message

Cancel Changes

User Name
Password