Jump to content
Sign in to follow this  
Guest MikeyMike

just making sure i am not infected

Recommended Posts

Guest MikeyMike

I am new here and not to suure if i posted this in the write place....sorry if i didnt..

 

Ive been having a few problems lately, mostly with this auroa (sp?) thing coming up alot..its just a small web browser, and I have been getting a few notices from my virus scan that says it could not delete a trojan... here is my HJT log....

 

Logfile of HijackThis v1.99.1

Scan saved at 4:13:50 PM, on 6/29/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\System32\gearsec.exe

c:\Program Files\Norton AntiVirus\navapsvc.exe

c:\Program Files\Norton AntiVirus\SAVScan.exe

C:\WINDOWS\System32\svchost.exe

c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

C:\WINDOWS\Explorer.exe

c:\windows\system32\eigsaao.exe

C:\windows\system\hpsysdrv.exe

C:\WINDOWS\System32\hphmon05.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\NetAssistant\bin\mpbtn.exe

C:\Program Files\Kazaa Lite\clean.kmd

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Ty\Desktop\Ty's Stuff\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: ICOOExternal Class - {0519A9C9-064A-4cbc-BC47-D0EACD581477} - C:\Program Files\ICOO Loader\addons\icooue.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: ICOODManager Class - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - C:\Program Files\ICOO Loader\addons\icoou.dll

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {D2003837-CDA7-E79C-4D69-9251605A6928} - C:\Program Files\cdmweb\ojhoqpqdyw.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [htryfqc] c:\windows\system32\eigsaao.exe r

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl

O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe

O8 - Extra context menu item: &Search - http://ka.bar.need2find.com/KA/menusearch.html?p=KA

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://ext.vanhoutte.com/hr/msrdp.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://www.scotiaapplause.com/viewer/activ...tivexviewer.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{31C1739F-77DE-4BB2-9ABE-38E8E5C2519D}: NameServer = 206.47.244.56 206.47.244.14

O18 - Protocol: icoo - {86FE362E-74FA-4F71-8B69-B94D28880628} - C:\Program Files\ICOO Loader\addons\icoou.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Share this post


Link to post
Share on other sites

You may want to print out or make a copy of these instructions before starting, because you will not be able to connect to the internet during most of this fix.

 

Please download, install, and update the free version of Ewido trojan scanner:

 

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.

From the main ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful")

Exit Ewido. DO NOT scan yet.

 

Click here and download and install this disk cleanup utility called Cleanup! Don't run it yet.

It will get rid of any malware which may be hiding in your temp folders.

You will also regain a massive amount of disk space.

Here is a tutorial which describes its usage.

 

 

Download the Nail/Aurora Spyware Fix from NoIdea.US.

 

Unzip it to the desktop but do NOT run yet.

 

Reboot in safe mode.

 

Once in Safe Mode, please double-click on nailfix.cmd that you unzipped earlier.

 

Next, run Ewido again.

Click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....

If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

 

Then run HijackThis, click Scan, and place a checkmark by the following item:

 

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

 

Close all open windows except for HijackThis and click Fix Checked.

 

Now, run Cleanup

Finally, restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Share this post


Link to post
Share on other sites
Guest MikeyMike

Thanks for the reply and the help, im not that smart, but i think i did everything correctly (sorry it took me so long, had to go out of town)

 

---------------------------------------------------------

ewido security suite - Scan report

---------------------------------------------------------

 

+ Created on: 8:39:33 PM, 7/7/2005

+ Report-Checksum: F663B671

 

+ Date of database: 6/30/2005

+ Version of scan engine: v3.0

 

+ Duration: 66 min

+ Scanned Files: 183951

+ Speed: 46.29 Files/Second

+ Infected files: 46

+ Removed files: 46

+ Files put in quarantine: 46

+ Files that could not be opened: 0

+ Files that could not be cleaned: 0

 

+ Binder: Yes

+ Crypter: Yes

+ Archives: Yes

 

+ Scanned items:

C:\

D:\

 

+ Scan result:

C:\Documents and Settings\Darlene\Cookies\darlene@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Darlene\Cookies\darlene@geocities[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Owner\Cookies\owner@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Rebecca and Chris\Cookies\rebecca and chris@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Rebecca and Chris\Cookies\rebecca and chris@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Rebecca and Chris\Cookies\rebecca and chris@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Rebecca and Chris\Cookies\rebecca and chris@www.altnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@adtrak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@cgi-bin[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@ehg-cbs.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@ehg-trader.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@exitexchange[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@guide.real[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@sexsearchcom[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@targetnetworks[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@visit.theglobeandmail[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Cookies\scott@www.altnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup

C:\Documents and Settings\Scott\Local Settings\Temp\Del1F.tmp -> TrojanDownloader.Small.asf -> Cleaned with backup

C:\Documents and Settings\Scott\Local Settings\Temp\res20.tmp -> Spyware.180Solutions -> Cleaned with backup

C:\Documents and Settings\Scott\Local Settings\Temp\res5F.tmp -> Spyware.180Solutions.g -> Cleaned with backup

C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\1IC67LPO\count5[1].htm -> TrojanDownloader.VBS.Psyme.ap -> Cleaned with backup

C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\GVVDEOM4\zangoinstaller[1].exe -> Spyware.180Solutions -> Cleaned with backup

C:\Documents and Settings\Scott\Local Settings\Temporary Internet Files\Content.IE5\INEBML27\stubinstaller5041[1].ex_ -> TrojanDownloader.Small.asf -> Cleaned with backup

C:\Program Files\Common Files\zwzu\zwzum.exe -> TrojanDownloader.TSUpdate.k -> Cleaned with backup

C:\Program Files\Kazaa Lite\supertrick.txt -> Trojan.Qhost.av -> Cleaned with backup

C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL -> Spyware.MyWebSearch -> Cleaned with backup

C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Spyware.180Solutions -> Cleaned with backup

C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b -> Cleaned with backup

C:\WINDOWS\rlfuene.exe -> TrojanDownloader.IstBar.ij -> Cleaned with backup

C:\WINDOWS\schymgvzq.exe -> Spyware.BetterInternet -> Cleaned with backup

C:\WINDOWS\system32\bbchk.exe -> Spyware.Bargainbuddy -> Cleaned with backup

C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost.av -> Cleaned with backup

C:\WINDOWS\system32\vmfqnl.exe -> Spyware.BetterInternet -> Cleaned with backup

C:\WINDOWS\wt\wtupdates\Webd\4.0.0\files\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup

C:\WINDOWS\wt\wtupdates\Webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup

C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent.b -> Cleaned with backup

 

 

::Report End

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 8:42:08 PM, on 7/7/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

c:\windows\system32\ujzhbw.exe

C:\Documents and Settings\All Users\Documents\Virus stuff\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...lion&pf=desktop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: ICOOExternal Class - {0519A9C9-064A-4cbc-BC47-D0EACD581477} - C:\Program Files\ICOO Loader\addons\icooue.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: ICOODManager Class - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - C:\Program Files\ICOO Loader\addons\icoou.dll

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {D2003837-CDA7-E79C-4D69-9251605A6928} - C:\Program Files\cdmweb\ojhoqpqdyw.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"

O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

O4 - HKLM\..\Run: [surfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKLM\..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

O4 - HKLM\..\Run: [qunsos] c:\windows\system32\ujzhbw.exe r

O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab

O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://ext.vanhoutte.com/hr/msrdp.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - https://www.scotiaapplause.com/viewer/activ...tivexviewer.cab

O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab

O18 - Protocol: icoo - {86FE362E-74FA-4F71-8B69-B94D28880628} - C:\Program Files\ICOO Loader\addons\icoou.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Share this post


Link to post
Share on other sites

Should you need instructions for ;

Showing hidden files and folders in Windows.

Reboot in safe mode.

How to set up a HijackThis folder correctly to make backups.

Scan with Spybot S&D and Ad-Aware

Click the links above.

Please download and install this disk cleanup utility called Cleanup! Don't run it yet.

Alternate download link.

It will get rid of any malware which may be hiding in your temp folders.

You will also regain a massive amount of disk space.

Here is a tutorial which describes its usage.

Reboot in safe mode.

Close all Browser and Program Windows and have HijackThis fix the following.

Do this by checking the box beside each and then clicking on Fix checked.

 

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: ICOOExternal Class - {0519A9C9-064A-4cbc-BC47-D0EACD581477} - C:\Program Files\ICOO Loader\addons\icooue.dll

O2 - BHO: ICOODManager Class - {465A59EC-20E5-4fca-A38A-E5EC3C480218} - C:\Program Files\ICOO Loader\addons\icoou.dll

O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL (file missing)

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {D2003837-CDA7-E79C-4D69-9251605A6928} - C:\Program Files\cdmweb\ojhoqpqdyw.dll (file missing)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [iST Service] C:\Program Files\ISTsvc\istsvc.exe

 

Then click start>my computer>local disk

(then follow the path) or Using Windows Explorer, locate the following files/folders, and delete them:

Delete the following file(s) listed.

C:\WINDOWS\Nail.exe

 

Delete the folder(s) listed

C:\Program Files\ICOO Loader

C:\Program Files\Need2Find

C:\Program Files\ISTsvc

Run Cleanup!

Reboot and Rescan with HJT and post a new log here.

Also please describe how your computer behaves now.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×