0

Hi all! I'm new, and I need help! I have this Aurora/ABI Network virus or whatever it is. I have run Hijackthis, here is the log file...HELP!! :-|

Logfile of HijackThis v1.99.1
Scan saved at 9:27:06 AM, on 06/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\AhnLab\Smart Update Utility\Ahnsdsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\HJT\HijackThis.exe
C:\Program Files\America Online 9.0b\waol.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn3\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn3\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0b\AOL.EXE" -b
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-5.9.2.31/canasta/canasta-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/applet-6.0.0.25/checkeredflag/checkeredflag-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-6.0.4.31/superbingo/superbingo-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.0.30/harvest/harvest-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.4.37/jigsaw/jigsaw-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.4.31/gin/gin-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-6.0.4.37/popfu/popfu-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0.30/holdem/holdem-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.0.30/whackdown/whackdown-ob-assets.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/clients/y/ut2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_63.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1435/ftp.coupons.com/v3122/cpbrkpie.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak01.pictures.aol.com/ygp/aol/plugin/screensaver/YGPPicScreensaver.9.0.1.2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/eng/words_2_0_0_36.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/eng/mahjong_2_0_0_18.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_22.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/eng/billard9_2_0_0_22.cab
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\Ahnsdsv.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe

Thanks guys!
Jessica

2
Contributors
5
Replies
6
Views
12 Years
Discussion Span
Last Post by dlh6213
0

Hi Jessica, welcome to DaniWeb :D

You will need to disconnect from the internet so you may wish to print these instructions.

Download Ewido Security Suite from here:
http://fileforum.betanews.com/detail/ewido_security_suite/1098736486/1

Install it, and while installing, under Additional Options, uncheck Install background guard and Install scan via context menu.

From the main Ewido screen, click on Update in the left menu, and then click the Start update button. After the update finishes (the status bar at the bottom will display Update successful), close the program (don't scan yet).

Download Nailfix from here:
http://www.noidea.us/easyfile/file.php?download=20050515010747824
Unzip it to your desktop, but do not run it yet.

Disconnect from the net and reboot into Safe Mode.

Double-click on the Nailfix.cmd that is on your desktop. Your desktop and icons will disappear and reappear, and a window should open and close very quickly -- this is normal.

Then run a full system scan with Ewido (note: you will be posting the log from this scan when back in normal mode).

Reboot normally.

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-5.9....a-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://checkeredflag.pogo.com/apple...g-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://superbingo.pogo.com/applet-6...o-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.2.0....t-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.4....w-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://gin.pogo.com/applet-6.0.4.31...n-ob-assets.cab
O16 - DPF: Pop Fu by pogo - http://popfu.pogo.com/applet-6.0.4....u-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.2.0....m-ob-assets.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.2.0....n-ob-assets.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/gam...nts/y/yt1_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.co...t/c381/chat.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/gam...ts/y/dtt1_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/gam...nts/y/nt1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/gam...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/gam...nts/y/ut2_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/pote_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...467&clcid=0x409
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/eng/cards_2_0_0_63.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/s...84/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1...22/cpbrkpie.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak01.pictures.aol.com/ygp/a...ver.9.0.1.2.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/M...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v1...ro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/s...,20/mcgdmgr.cab
O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/eng/words_2_0_0_36.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/shpo/default/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/de...aploader_v6.cab
O16 - DPF: {E23FABEE-12E3-33DA-DA12-195DAC123984} (GameDesire Mahjong) - http://67.15.101.3/g_bin/eng/mahjong_2_0_0_18.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_22.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/eng/billard9_2_0_0_22.cab

Be sure to close any open windows, other then hijackthis, before hitting Fix checked.

Go to the following locations and delete the highlighted files:

C:\WINDOWS\Nail.exe
C:\WINDOWS\svcproc.exe

Empty your Recycle Bin and reboot.

Close any open browser windows, scan with HJT, and post a new log along with the Ewido log.

Did you install Absolute Poker yourself?

0

Did you install Absolute Poker yourself?


Thank you for the instructions!!! Yes we did. Well, we had some problems with it last year, and got help from their tech support and everything has been great since then. Why you ask? lol

Jess

0

Ok Nailfix will NOT unzip. I got to double click it and it says it's corrupt. I went into safe mode to see if maybe I had to do it there, nope. Tried to run Ewido, but I guess you need the Nailfix to run that, because it wouldn't come up. HELPPPPPP me!! lol

Jess

0
Logfile of HijackThis v1.99.1
Scan saved at 2:15:59 PM, on 06/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
C:\Program Files\AhnLab\Smart Update Utility\Ahnsdsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system32\dtrrum.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\HJT\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn3\ycomp5_5_7_0.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn3\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\PROGRA~1\BILLPS~1\WINPAT~1\winpatrol.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\Ahnsdsv.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VetMsg.exe



---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:          1:52:55 PM, 06/22/2005
 + Report-Checksum:     B76CDB0F

 + Scan result:

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates
    C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\OptClean.exe -> Heuristic.Win32.Hijacker1
    C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpaolcom_setupSTUS\comps\coach\aolcinst.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Downloader
    C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\coach\aolcinst.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Downloader
    C:\Documents and Settings\All Users\Application Data\AOL Downloads\update_setup90\comps\coach\aolcinst.exe/data\player\aolnysev.exe -> Heuristic.Win32.Downloader
    C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@adremote.timeinc[1].txt[/email] -> Spyware.Cookie.Timeinc
    C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@cs.sexcounter[2].txt[/email] -> Spyware.Cookie.Sexcounter
    C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@element5[1].txt[/email] -> Spyware.Cookie.Element5
    C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@emarketmakers[2].txt[/email] -> Spyware.Cookie.Emarketmakers
    C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@everyone[2].txt[/email] -> Spyware.Cookie.Everyone
    C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@servedby.netshelter[2].txt[/email] -> Spyware.Cookie.Netshelter
    C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@techtracker[2].txt[/email] -> Spyware.Cookie.Techtracker
    C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@www.adwarereport[2].txt[/email] -> Spyware.Cookie.Adwarereport
    C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@www.aluriasoftware[1].txt[/email] -> Spyware.Cookie.Aluriasoftware
    C:\Documents and Settings\Valued Customer\Cookies\valued [email]customer@www.smarttargetting[1].txt[/email] -> Spyware.Cookie.Smarttargetting
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\30.tmp\thnall1ac.exe -> Spyware.BetterInternet
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\A.tmp\thnall1ac.exe -> Spyware.BetterInternet
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\AolCoach.cab/.\Data\player\aolnysev.exe -> Heuristic.Win32.Downloader
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@112.2o7[1].txt[/email] -> Spyware.Cookie.2o7
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@a.websponsors[1].txt[/email] -> Spyware.Cookie.Websponsors
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@about[1].txt[/email] -> Spyware.Cookie.About
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@adknowledge[2].txt[/email] -> Spyware.Cookie.Adknowledge
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@adreporting[2].txt[/email] -> Spyware.Cookie.Adreporting
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@ads.ah-ha[1].txt[/email] -> Spyware.Cookie.Ah-ha
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@ads.gorillanation[1].txt[/email] -> Spyware.Cookie.Gorillanation
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@aftrk[2].txt[/email] -> Spyware.Cookie.Aftrk
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@banner2.inet-traffic[2].txt[/email] -> Spyware.Cookie.Inet-traffic
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@bannerspace[1].txt[/email] -> Spyware.Cookie.Bannerspace
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@burstnet[2].txt[/email] -> Spyware.Cookie.Burstnet
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@captaincode[2].txt[/email] -> Spyware.Cookie.Captaincode
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@cheats.ign[2].txt[/email] -> Spyware.Cookie.Ign
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@com[2].txt[/email] -> Spyware.Cookie.Com
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@contexualsearch[1].txt[/email] -> Spyware.Cookie.Contexualsearch
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@cookie.tickle[1].txt[/email] -> Spyware.Cookie.Tickle
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@creativeby.viewpoint[2].txt[/email] -> Spyware.Cookie.Viewpoint
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@cz6.clickzs[2].txt[/email] -> Spyware.Cookie.Clickzs
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@dist.belnk[2].txt[/email] -> Spyware.Cookie.Belnk
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@e-2dj6wjloeiczcgq.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@edge.ru4[2].txt[/email] -> Spyware.Cookie.Ru4
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@emarketmakers[1].txt[/email] -> Spyware.Cookie.Emarketmakers
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@everyone[2].txt[/email] -> Spyware.Cookie.Everyone
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@go2net[1].txt[/email] -> Spyware.Cookie.Go2net
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@gostats[1].txt[/email] -> Spyware.Cookie.Gostats
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@hb.lycos[1].txt[/email] -> Spyware.Cookie.Lycos
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@hydroderm.increaseyourhealth[1].txt[/email] -> Spyware.Cookie.Increaseyourhealth
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@ign[2].txt[/email] -> Spyware.Cookie.Ign
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@insightexpress[1].txt[/email] -> Spyware.Cookie.Insightexpress
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@ivwbox[1].txt[/email] -> Spyware.Cookie.Ivwbox
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@livestat[1].txt[/email] -> Spyware.Cookie.Livestat
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@maxpages[2].txt[/email] -> Spyware.Cookie.Maxpages
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@mediamgr.ugo[1].txt[/email] -> Spyware.Cookie.Ugo
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@metareward[1].txt[/email] -> Spyware.Cookie.Metareward
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@milfseeker[2].txt[/email] -> Spyware.Cookie.Milfseeker
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@musiciansfriend[1].txt[/email] -> Spyware.Cookie.Musiciansfriend
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@mywebsearch[1].txt[/email] -> Spyware.Cookie.Mywebsearch
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@offeroptimizer[1].txt[/email] -> Spyware.Cookie.Offeroptimizer
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@programs.wegcash[1].txt[/email] -> Spyware.Cookie.Wegcash
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@ps2.ign[1].txt[/email] -> Spyware.Cookie.Ign
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@rightmedia[1].txt[/email] -> Spyware.Cookie.Rightmedia
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@sageanalyst[1].txt[/email] -> Spyware.Cookie.Sageanalyst
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@secure.increaseyourhealth[1].txt[/email] -> Spyware.Cookie.Increaseyourhealth
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@sextoysex[1].txt[/email] -> Spyware.Cookie.Sextoysex
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@stats.klsoft[1].txt[/email] -> Spyware.Cookie.Klsoft
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@stats2.clicktracks[1].txt[/email] -> Spyware.Cookie.Clicktracks
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@theuseful[1].txt[/email] -> Spyware.Cookie.Theuseful
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@uproar[1].txt[/email] -> Spyware.Cookie.Uproar
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@vgstrategies.about[2].txt[/email] -> Spyware.Cookie.About
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@webpower[1].txt[/email] -> Spyware.Cookie.Webpower
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@whitepages[2].txt[/email] -> Spyware.Cookie.Whitepages
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@ww3.sextoysex[1].txt[/email] -> Spyware.Cookie.Sextoysex
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@www.funone[2].txt[/email] -> Spyware.Cookie.Funone
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@www.gamepro[1].txt[/email] -> Spyware.Cookie.Wwwgamepro
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@www.kmart[1].txt[/email] -> Spyware.Cookie.Wwwkmart
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@www.myaffiliateprogram[1].txt[/email] -> Spyware.Cookie.Myaffiliateprogram
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@www.pch[1].txt[/email] -> Spyware.Cookie.Wwwpch
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@www.xposed[1].txt[/email] -> Spyware.Cookie.Xposed
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@www.xzoomy[1].txt[/email] -> Spyware.Cookie.Xzoomy
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@xuppa[2].txt[/email] -> Spyware.Cookie.Xuppa
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyghcjchoqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4egdjgfqaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoujcjkepg6dj6x9ny-1seq-2-2.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliogazekoasdj6x9ny-1seq-2-2.stats.esomniture[1].txt[/email] -> Spyware.Cookie.Esomniture
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmykicjiloqidj6x9ny-1seq-2-2.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Cookies\valued [email]customer@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyakczmaogqdj6x9ny-1seq-2-2.stats.esomniture[2].txt[/email] -> Spyware.Cookie.Esomniture
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\EJJ\aurareco.exe -> Spyware.BetterInternet
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\Temporary Internet Files\Content.IE5\HJBHJ1B8\CAO96X78.htm -> TrojanDownloader.FlingStone
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\v3temp\Disk1\Data1.cab/v3engine.sys -> Heuristic.Win32.Hijacker1
    C:\Documents and Settings\Valued Customer\Local Settings\Temp\v3temp\Disk1\Engine\WinNT\V3Engine.sys -> Heuristic.Win32.Hijacker1
    C:\Downloads\LemonadeTycoonSetup-dm[1].exe -> Spyware.Trymedia
    C:\Program Files\BearShare\MediaTicket.exe -> Spyware.MediaTickets.f
    C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetTray.exe -> Heuristic.Win32.Backdoor4
    C:\Program Files\Common Files\AOL\ACS\acsd.exe -> Heuristic.Win32.Keylogger
    C:\Program Files\Common Files\AOL\ACS\acssetup.exe -> Heuristic.Win32.Keylogger
    C:\Program Files\WildTangent\Components\wtDownloader0200.dll -> Heuristic.Win32.Downloader
    C:\WINDOWS\jakwkkf.exe -> Spyware.BetterInternet
    C:\WINDOWS\system32\in10b6s.dll -> Spyware.404Search
    C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent
    C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll -> Spyware.WildTangent
    C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll -> Spyware.WildTangent
    C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent
    C:\WINDOWS\zmukgoqwetg.exe -> Spyware.BetterInternet


::Report End

Edited by mike_2000_17: Fixed formatting

0

Most of the 'Poker' games installed on users computers were installed without their knowledge, and most come accompanied with adware and/or spyware; this is why I asked. Perhaps yours doesn't come with this 'junk,' or maybe you're okay with whatever ads, etc. it does include.

Go to Add/Remove Programs in your Control Panel and remove (if present):

BearShare
WildTangent

Delete the Nailfix you have now and try downloading it again; you may not have gotten a complete download. Then follow the previous instructions for both Nailfix and Ewido again.

Have HJT fix this entry:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Delete these files:

C:\WINDOWS\Nail.exe
C:\windows\system32\dtrrum.exe

Delete these folders:

C:\Program Files\BearShare
C:\Program Files\WildTangent
C:\WINDOWS\wt

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves), don't exclude the Valued Customer folder:

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

Go to Start, Run, and type in cleanmgr, and then click OK. Select the drive XP is on, and check the boxes for Downloaded Program Files (move any files you wish to keep out of this folder first), Temporary Internet Files, Recycle Bin, Temporary Files, Temporary Offline Files, Offline Files, (and Compress old files & Catalog files for the Content Indexer if you wish), and then click OK. Click Yes to confirm you want these files deleted. It may take awhile for this to run, please be patient.

Empty your Recycle Bin and reboot normally.

Please post new HJT and Ewido logs.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.