Author Topic: Also help with Nail.exe (Read 5980 times)

juanmamz · « **on:** July 06, 2005, 10:55:53 AM »

Hi. I had the same problem with nail.exe. I followed the instructions step by step, posted in this page:

http://www.thetechguide.com/forum/index.php?showtopic=18647

Now everything is working fine. The only proble is that the WINDOWS XP VISUALIZATION, OR THEME is not available. I tried to change it from screen properties, but nothing. It´s like it dissapeared. I downloaded new themes, and they only change icons, but the start menu, explorer and windows visualization are still the same.
Here´s my log.
Thanks for your time.

Logfile of HijackThis v1.99.1
Scan saved at 12:45:20 p.m., on 06/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\MSN Messenger\msnmsgr.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\BAckup\AMZ y JMMZ\Trabajos de juan\Programas\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
R3 - Default URLSearchHook is missing
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Archivos de programa\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spool Support Dynamic Link Library - {7358A750-A943-4A86-9C77-6FD6F4E02A17} - C:\WINDOWS\system32\spoollib.dll (file missing)
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARCHIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Archivos de programa\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Archivos de programa\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: Abrir todos los vínculos de esta página... - C:\Archivos de programa\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Añadir a la lista negra de anuncios - C:\Archivos de programa\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Bloquear todas las imágenes del mismo servidor - C:\Archivos de programa\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Buscar - C:\Archivos de programa\Avant Browser\Search.htm
O8 - Extra context menu item: Destacar - C:\Archivos de programa\Avant Browser\Highlight.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32B7DD3D-96A5-455C-A57F-E8834E064F6C}: NameServer = 200.45.191.35 200.45.191.40
O20 - Winlogon Notify: MCPClient - C:\ARCHIV~1\ARCHIV~1\Stardock\mcpstub.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

guestolo · « **Reply #1 on:** July 08, 2005, 12:07:34 AM »

Sorry for the delay
Can you do the following please
Do another scan with Hijackthis and put a check next to these entries:

R3 - Default URLSearchHook is missing
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Archivos de programa\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

O2 - BHO: Spool Support Dynamic Link Library - {7358A750-A943-4A86-9C77-6FD6F4E02A17} - C:\WINDOWS\system32\spoollib.dll (file missing)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Archivos de programa\MyWay\myBar\1.bin\MYBAR.DLL (file missing)

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart your computer
Back in Windows delete this folder if found
C:\Archivos de programa\MyWay <-this folder

Go to START>>RUN>>Type in msconfig
Under the General tab select NORMAL STARTUP
Apply it and close out but Don't restart your computer yet

Run another scan with Hijackthis and post a fresh log

Can you also do the following
Download Find.zip
Unzip the contents to desktop
Double click on Find.bat and post back the contents
Also Double click on Find1.bat and post the contents

EDIT>>Could you also Download and UNZIP to desktop
Find_It's.zip
Open the FindIt's folder and double click on the FindIt's.bat
Wait for the log and post it back here

juanmamz · « **Reply #2 on:** July 08, 2005, 07:31:26 AM »

I did everything. Nothing happened yet.
Here are the log files:

-2nd hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 09:27:31 a.m., on 08/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\BAckup\AMZ y JMMZ\Trabajos de juan\Programas\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARCHIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Archivos de programa\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WhenUSave] C:\ARCHIV~1\Save\Save.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Archivos de programa\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [iRiver Updater] C:\Archivos de programa\iRiver\iRiver Manager\Updater\Updater.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Archivos de programa\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CloneCDTray] "C:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - Startup: Clima en Tucson.url
O4 - Startup: Weather Channel.lnk = C:\Archivos de programa\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: Abrir todos los vínculos de esta página... - C:\Archivos de programa\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Añadir a la lista negra de anuncios - C:\Archivos de programa\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Bloquear todas las imágenes del mismo servidor - C:\Archivos de programa\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Buscar - C:\Archivos de programa\Avant Browser\Search.htm
O8 - Extra context menu item: Destacar - C:\Archivos de programa\Avant Browser\Highlight.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32B7DD3D-96A5-455C-A57F-E8834E064F6C}: NameServer = 200.45.191.35 200.45.191.40
O20 - Winlogon Notify: MCPClient - C:\ARCHIV~1\ARCHIV~1\Stardock\mcpstub.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

- Find log:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"ThemeActive"="0"

- Find1 log:

El volumen de la unidad C no tiene etiqueta.
El n£mero de serie del volumen es: F42F-0F93

Directorio de C:\WINDOWS\Resources\Themes

05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
05/07/2005 02:17 a.m. <DIR> Aquatica
10/10/2002 01:14 p.m. 5.847 Aquatica.Theme
11/01/2002 09:15 a.m. 5.990 Bland XP.Theme
05/07/2005 02:19 a.m. <DIR> BlandXP
05/07/2005 02:27 a.m. <DIR> Destiny
23/05/2003 07:33 p.m. 1.117 Destiny.Theme
05/07/2005 02:26 a.m. <DIR> Longhorn
14/05/2002 01:49 p.m. 2.333 Longhorn 4 Readme.txt
05/07/2005 02:26 a.m. 2.595 Longhorn 4 Uninstall.log
13/05/2002 07:00 p.m. 6.240 Longhorn.theme
04/07/2005 12:52 a.m. <DIR> Luna
24/08/2001 01:00 p.m. 1.222 Luna.theme
05/07/2005 02:22 a.m. <DIR> New Silver XP
04/07/2005 11:28 a.m. <DIR> Plus! Aquarium
04/07/2005 11:29 a.m. <DIR> Plus! da Vinci
04/07/2005 11:29 a.m. <DIR> Plus! Nature
04/07/2005 11:29 a.m. <DIR> Plus! Space
24/08/2001 01:00 p.m. 3.025 Windows Classic.theme
05/07/2005 02:20 a.m. <DIR> Windows MAX V4
05/08/2002 04:52 p.m. 4.080 Windows MAX V4.theme
9 archivos 32.449 bytes

Directorio de C:\WINDOWS\Resources\Themes\Aquatica

05/07/2005 02:17 a.m. <DIR> .
05/07/2005 02:17 a.m. <DIR> ..
10/10/2002 01:07 p.m. 1.302.528 Aquatica.msstyles
05/07/2005 02:17 a.m. <DIR> Font
05/07/2005 02:17 a.m. <DIR> Icons
10/10/2002 01:24 p.m. 978 Readme.txt
05/07/2005 02:17 a.m. <DIR> Screenshots
05/07/2005 02:17 a.m. <DIR> Shell
05/07/2005 02:17 a.m. <DIR> User Icon
05/07/2005 02:17 a.m. <DIR> Wallpaper
2 archivos 1.303.506 bytes

Directorio de C:\WINDOWS\Resources\Themes\Aquatica\Font

05/07/2005 02:17 a.m. <DIR> .
05/07/2005 02:17 a.m. <DIR> ..
23/03/1997 09:35 a.m. 46.864 Digital.TTF
1 archivos 46.864 bytes

Directorio de C:\WINDOWS\Resources\Themes\Aquatica\Icons

05/07/2005 02:17 a.m. <DIR> .
05/07/2005 02:17 a.m. <DIR> ..
18/09/2002 10:04 a.m. 109.446 Control Panel.ico
18/09/2002 09:52 a.m. 109.446 Help.ico
18/09/2002 10:29 a.m. 109.446 Internet Explorer.ico
18/09/2002 10:27 a.m. 109.446 My Computer.ico
18/09/2002 10:26 a.m. 109.446 My Documents.ico
18/09/2002 10:45 a.m. 109.446 My Network.ico
18/09/2002 10:44 a.m. 109.446 Printers and Faxes.ico
18/09/2002 10:17 a.m. 109.446 Run.ico
18/09/2002 10:15 a.m. 109.446 Search.ico
18/09/2002 09:56 a.m. 109.446 Trash Empty.ico
18/09/2002 10:19 a.m. 109.446 Trash Full.ico
11 archivos 1.203.906 bytes

Directorio de C:\WINDOWS\Resources\Themes\Aquatica\Screenshots

05/07/2005 02:17 a.m. <DIR> .
05/07/2005 02:17 a.m. <DIR> ..
10/10/2002 06:28 p.m. 185.256 AQ_Large.jpg
10/10/2002 06:28 p.m. 40.941 AQ_Small.jpg
2 archivos 226.197 bytes

Directorio de C:\WINDOWS\Resources\Themes\Aquatica\Shell

05/07/2005 02:17 a.m. <DIR> .
05/07/2005 02:17 a.m. <DIR> ..
05/07/2005 02:17 a.m. <DIR> NormalColor
0 archivos 0 bytes

Directorio de C:\WINDOWS\Resources\Themes\Aquatica\Shell\NormalColor

05/07/2005 02:17 a.m. <DIR> .
05/07/2005 02:17 a.m. <DIR> ..
10/10/2002 12:20 p.m. 756.736 shellstyle.dll
1 archivos 756.736 bytes

Directorio de C:\WINDOWS\Resources\Themes\Aquatica\User Icon

05/07/2005 02:17 a.m. <DIR> .
05/07/2005 02:17 a.m. <DIR> ..
04/04/2002 09:50 a.m. 6.966 Aquatica.bmp
1 archivos 6.966 bytes

Directorio de C:\WINDOWS\Resources\Themes\Aquatica\Wallpaper

05/07/2005 02:17 a.m. <DIR> .
05/07/2005 02:17 a.m. <DIR> ..
09/10/2002 09:34 p.m. 189.272 Aquatica.jpg
1 archivos 189.272 bytes

Directorio de C:\WINDOWS\Resources\Themes\BlandXP

05/07/2005 02:19 a.m. <DIR> .
05/07/2005 02:19 a.m. <DIR> ..
11/01/2002 08:33 a.m. 1.491.088 BlandXP.msstyles
05/07/2005 02:19 a.m. <DIR> Shell
11/01/2002 09:08 a.m. 122.409 XP Desert.JPG
2 archivos 1.613.497 bytes

Directorio de C:\WINDOWS\Resources\Themes\BlandXP\Shell

05/07/2005 02:19 a.m. <DIR> .
05/07/2005 02:19 a.m. <DIR> ..
05/07/2005 02:19 a.m. <DIR> NormalColor
0 archivos 0 bytes

Directorio de C:\WINDOWS\Resources\Themes\BlandXP\Shell\NormalColor

05/07/2005 02:19 a.m. <DIR> .
05/07/2005 02:19 a.m. <DIR> ..
23/08/2001 12:00 p.m. 368.128 shellstyle.dll
1 archivos 368.128 bytes

Directorio de C:\WINDOWS\Resources\Themes\Destiny

05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
23/05/2003 08:24 p.m. 1.781.760 Destiny.msstyles
05/07/2005 02:27 a.m. <DIR> Font
05/07/2005 02:27 a.m. <DIR> Icons
05/07/2005 02:27 a.m. <DIR> Screenshots
05/07/2005 02:27 a.m. <DIR> Shell
05/07/2005 02:27 a.m. <DIR> User Icon
05/07/2005 02:27 a.m. <DIR> Wallpaper
1 archivos 1.781.760 bytes

Directorio de C:\WINDOWS\Resources\Themes\Destiny\Font

05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
23/03/1997 09:35 a.m. 46.864 Digital.TTF
1 archivos 46.864 bytes

Directorio de C:\WINDOWS\Resources\Themes\Destiny\Icons

05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
19/05/2003 12:02 a.m. 162.566 Control Panel.ico
19/05/2003 12:02 a.m. 162.566 Internet Explorer.ico
19/05/2003 12:02 a.m. 162.566 My Computer.ico
19/05/2003 12:02 a.m. 162.566 My Documents.ico
19/05/2003 12:02 a.m. 162.566 My Network.ico
22/05/2003 08:09 p.m. 516 Permission.txt
19/05/2003 12:02 a.m. 162.566 Printers and Faxes.ico
25/07/2002 03:43 p.m. 56.150 Printers.ico
19/05/2003 12:02 a.m. 159.990 Recycle Empty.ico
19/05/2003 12:02 a.m. 159.990 Recycle Full.ico
10 archivos 1.352.042 bytes

Directorio de C:\WINDOWS\Resources\Themes\Destiny\Screenshots

05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
24/05/2003 07:51 a.m. 108.995 DY_Large.jpg
24/05/2003 07:52 a.m. 25.903 DY_Small.jpg
2 archivos 134.898 bytes

Directorio de C:\WINDOWS\Resources\Themes\Destiny\Shell

05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
05/07/2005 02:27 a.m. <DIR> NormalColor
0 archivos 0 bytes

Directorio de C:\WINDOWS\Resources\Themes\Destiny\Shell\NormalColor

05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
23/05/2003 02:17 p.m. 1.696.768 shellstyle.dll
1 archivos 1.696.768 bytes

Directorio de C:\WINDOWS\Resources\Themes\Destiny\User Icon

05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
24/05/2003 07:46 a.m. 6.966 Destiny User Icon.bmp
1 archivos 6.966 bytes

Directorio de C:\WINDOWS\Resources\Themes\Destiny\Wallpaper

05/07/2005 02:27 a.m. <DIR> .
05/07/2005 02:27 a.m. <DIR> ..
23/05/2003 08:26 p.m. 66.506 Destiny.JPG
1 archivos 66.506 bytes

Directorio de C:\WINDOWS\Resources\Themes\Longhorn

05/07/2005 02:26 a.m. <DIR> .
05/07/2005 02:26 a.m. <DIR> ..
05/07/2005 02:26 a.m. <DIR> bootscreen
05/07/2005 02:26 a.m. <DIR> icons
05/07/2005 02:26 a.m. <DIR> logonscreen
13/05/2002 05:16 p.m. 1.417.360 Longhorn.msstyles
05/07/2005 02:26 a.m. <DIR> wallpapers
1 archivos 1.417.360 bytes

Directorio de C:\WINDOWS\Resources\Themes\Longhorn\bootscreen

05/07/2005 02:26 a.m. <DIR> .
05/07/2005 02:26 a.m. <DIR> ..
14/05/2002 12:51 p.m. 153.718 bootscreen.bmp
1 archivos 153.718 bytes

Directorio de C:\WINDOWS\Resources\Themes\Longhorn\icons

05/07/2005 02:26 a.m. <DIR> .
05/07/2005 02:26 a.m. <DIR> ..
03/04/2000 01:13 p.m. 3.638 mycomputer.ico
13/05/2002 07:03 p.m. 2.238 mydocs.ico
13/05/2002 06:57 p.m. 4.286 network.ico
07/01/2002 12:59 a.m. 15.086 recycle_empty.ico
07/01/2002 01:03 a.m. 15.086 recycle_full.ico
5 archivos 40.334 bytes

Directorio de C:\WINDOWS\Resources\Themes\Longhorn\logonscreen

05/07/2005 02:26 a.m. <DIR> .
05/07/2005 02:26 a.m. <DIR> ..
29/10/2001 12:37 a.m. 1.311.744 logonui.exe
1 archivos 1.311.744 bytes

Directorio de C:\WINDOWS\Resources\Themes\Longhorn\wallpapers

05/07/2005 02:26 a.m. <DIR> .
05/07/2005 02:26 a.m. <DIR> ..
13/05/2002 07:40 p.m. 156.917 Longhorn - Road.jpg
1 archivos 156.917 bytes

Directorio de C:\WINDOWS\Resources\Themes\Luna

04/07/2005 12:52 a.m. <DIR> .
04/07/2005 12:52 a.m. <DIR> ..
22/12/2004 01:38 a.m. <DIR> Shell
0 archivos 0 bytes

Directorio de C:\WINDOWS\Resources\Themes\Luna\Shell

22/12/2004 01:38 a.m. <DIR> .
22/12/2004 01:38 a.m. <DIR> ..
22/12/2004 01:39 a.m. <DIR> Homestead
22/12/2004 01:39 a.m. <DIR> Metallic
22/12/2004 01:38 a.m. <DIR> NormalColor
0 archivos 0 bytes

Directorio de C:\WINDOWS\Resources\Themes\Luna\Shell\Homestead

22/12/2004 01:39 a.m. <DIR> .
22/12/2004 01:39 a.m. <DIR> ..
24/08/2001 01:00 p.m. 362.496 shellstyle.dll
1 archivos 362.496 bytes

Directorio de C:\WINDOWS\Resources\Themes\Luna\Shell\Metallic

22/12/2004 01:39 a.m. <DIR> .
22/12/2004 01:39 a.m. <DIR> ..
24/08/2001 01:00 p.m. 362.496 shellstyle.dll
1 archivos 362.496 bytes

Directorio de C:\WINDOWS\Resources\Themes\Luna\Shell\NormalColor

22/12/2004 01:38 a.m. <DIR> .
22/12/2004 01:38 a.m. <DIR> ..
24/08/2001 01:00 p.m. 361.472 shellstyle.dll
1 archivos 361.472 bytes

Directorio de C:\WINDOWS\Resources\Themes\New Silver XP

05/07/2005 02:22 a.m. <DIR> .
05/07/2005 02:22 a.m. <DIR> ..
17/08/2002 03:59 p.m. 1.601.680 Luna.msstyles
05/07/2005 02:22 a.m. <DIR> Shell
1 archivos 1.601.680 bytes

Directorio de C:\WINDOWS\Resources\Themes\New Silver XP\Shell

05/07/2005 02:22 a.m. <DIR> .
05/07/2005 02:22 a.m. <DIR> ..
05/07/2005 02:22 a.m. <DIR> NormalColor
0 archivos 0 bytes

Directorio de C:\WINDOWS\Resources\Themes\New Silver XP\Shell\NormalColor

05/07/2005 02:22 a.m. <DIR> .
05/07/2005 02:22 a.m. <DIR> ..
27/08/2001 09:00 p.m. 364.032 shellstyle.dll
1 archivos 364.032 bytes

Directorio de C:\WINDOWS\Resources\Themes\Plus! Aquarium

04/07/2005 11:28 a.m. <DIR> .
04/07/2005 11:28 a.m. <DIR> ..
10/09/2001 02:00 p.m. 23.798 Plus! AqRecEmpty.ico
10/09/2001 02:00 p.m. 25.214 Plus! AqRecFull.ico
2 archivos 49.012 bytes

Directorio de C:\WINDOWS\Resources\Themes\Plus! da Vinci

04/07/2005 11:29 a.m. <DIR> .
04/07/2005 11:29 a.m. <DIR> ..
10/09/2001 02:00 p.m. 25.214 Plus! DVRecEmpty.ico
10/09/2001 02:00 p.m. 25.214 Plus! DVRecFull.ico
2 archivos 50.428 bytes

Directorio de C:\WINDOWS\Resources\Themes\Plus! Nature

04/07/2005 11:29 a.m. <DIR> .
04/07/2005 11:29 a.m. <DIR> ..
10/09/2001 02:00 p.m. 25.214 Plus! NaRecEmpty.ico
10/09/2001 02:00 p.m. 25.214 Plus! NaRecFull.ico
2 archivos 50.428 bytes

Directorio de C:\WINDOWS\Resources\Themes\Plus! Space

04/07/2005 11:29 a.m. <DIR> .
04/07/2005 11:29 a.m. <DIR> ..
10/09/2001 02:00 p.m. 25.214 Plus! SpRecEmpty.ico
10/09/2001 02:00 p.m. 25.214 Plus! SpRecFull.ico
2 archivos 50.428 bytes

Directorio de C:\WINDOWS\Resources\Themes\Windows MAX V4

05/07/2005 02:20 a.m. <DIR> .
05/07/2005 02:20 a.m. <DIR> ..
04/08/2002 05:27 p.m. 346.003 MAX.jpg
05/07/2005 02:20 a.m. <DIR> Shell
16/08/2002 09:05 p.m. 3.149.968 Windows MAX V4.msstyles
2 archivos 3.495.971 bytes

Directorio de C:\WINDOWS\Resources\Themes\Windows MAX V4\Shell

05/07/2005 02:20 a.m. <DIR> .
05/07/2005 02:20 a.m. <DIR> ..
05/07/2005 02:20 a.m. <DIR> NormalColor
0 archivos 0 bytes

Directorio de C:\WINDOWS\Resources\Themes\Windows MAX V4\Shell\NormalColor

05/07/2005 02:20 a.m. <DIR> .
05/07/2005 02:20 a.m. <DIR> ..
15/03/2002 07:58 p.m. 774.656 shellstyle.dll
1 archivos 774.656 bytes

Total de archivos en la lista:
73 archivos 21.436.497 bytes
119 dirs 6.528.815.104 bytes libres

- Findit´s log:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"ThemeActive"="0"

Thanks for the time.

Pittsburgh · « **Reply #3 on:** July 08, 2005, 11:21:55 AM »

Log removed,
Please, Read this
~guestolo~

guestolo · « **Reply #4 on:** July 09, 2005, 02:36:37 AM »

Can you do the following please
Open Hijackthis>>Open Misc tools sections>>Open Uninstall Manager
Click the SAVE LIST button
Save the list to desktop
Copy and paste the list back here

Also, Can you please do the next step
Do a SEARCH on your computer for
the following in bold
Luna.msstyles

Let me know the locations you find it in and size of file

juanmamz · « **Reply #5 on:** July 09, 2005, 09:31:17 AM »

Here ir the information you asked. Thanks again.

-Uninstall list:

ACDSee 6.0 PowerPack
ACDSee 6.0 Standard
Actualización de seguridad para Windows XP (KB883939)
Actualización de seguridad para Windows XP (KB890046)
Actualización de seguridad para Windows XP (KB896358)
Actualización de seguridad para Windows XP (KB896422)
Actualización de seguridad para Windows XP (KB896428)
Actualización para Windows XP (KB898461)
Ad-Aware SE Personal
Adobe Acrobat 5.0
Audiator3
AutoCAD 2006 - Español
Autodesk DWF Viewer
AVG Free Edition
Azureus
BSPlayer
CleanUp!
CloneCD
Codec Pack de ELISOFT v14.0
ColorNick v2 plugin for Messenger Plus!
DAEMON Tools
Desktop Weather by The Weather Channel
DesktopX Professional
eDonkey2000
El Mago de Oz
ewido security suite
File Transfer Plus 1.1 RELEASE
Guía YPF 2004
HAM
Hattrick Coach Professional 2.6.20
Hattrick Control 0.93
Hattrick Forever
HijackThis 1.99.1
iRiver Manager
IsoBuster 1.6
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
Jasc Paint Shop Photo Album 5
Longhorn Theme 4
Longman Dictionary of American English
Macromedia Flash 5
Macromedia Shockwave Player
Messenger Plus! 3
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 1.1 Spanish Language Pack
Microsoft Office Professional Edition 2003
Microsoft Plus! para Windows XP
Mozilla Firefox (1.0.4)
MPAM1 - Contar y Agrupar
MSN Messenger 7.0
Musicmatch® Jukebox
My Search Bar
Nero Suite
NVIDIA Drivers
PC Inspector smart recovery
Pinnacle Instant PhotoAlbum
Pipo
QuickTime
Realtek AC'97 Audio
Recover My Files
Revisión de Windows XP - KB834707
Revisión de Windows XP - KB867282
Revisión de Windows XP - KB873333
Revisión de Windows XP - KB873339
Revisión de Windows XP - KB885250
Revisión de Windows XP - KB885835
Revisión de Windows XP - KB885836
Revisión de Windows XP - KB886185
Revisión de Windows XP - KB887472
Revisión de Windows XP - KB887742
Revisión de Windows XP - KB888113
Revisión de Windows XP - KB888302
Revisión de Windows XP - KB890047
Revisión de Windows XP - KB890175
Revisión de Windows XP - KB890859
Revisión de Windows XP - KB890923
Revisión de Windows XP - KB891781
Revisión de Windows XP - KB893066
Revisión de Windows XP - KB893086
StuffPlug-NG (Messenger Plus! Plugins)
Subtitle Workshop 2.51
Test Drive 5
TypingMaster Pro
Uninstall 180search Assistant
Unlocker 1.6.5
Vamos a Leer con Pipo 2
veotv
Weather Services
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
WinISO 5.3
WinRAR archiver
WinZip
XoftSpy 3.44

- Location of Luna.msstyles:

c:\WINDOWS\Resources\Themes\New Silver XP
Size: 1565 Kb

guestolo · « **Reply #6 on:** July 10, 2005, 10:03:40 AM »

Sorry for the delay
Can you do the following please

Download and UNZIP to desktop Fix.zip
So you now have Fix.reg extracted
[attachment=288:attachment]
Double click on Fix.reg and allow to add or merge to the registry

Access your Add/Remove programs via Control Panel
Remove
MySearchBar
Uninstall 180search Assistant Please allow Internet Connection
Follow the prompts closely to ensure your uninstalling

Restart your computer

Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.

I need to to manually navigate to this folder
C:\WINDOWS\$NtServicePackUninstall$
Look closely, there are many that look similiar

Open the $NtServicePackUninstall$ folder
In it look for this file name
luna.msstyles
You should see it with SP2 installed
Right click on luna.msstyles and choose COPY from the menu

Next: Navigate to the next folder
C:\WINDOWS\Resources\Themes\Luna
Open and it paste luna.msstyles into the Luna folder

Go back to your Display properties in your Control Panel and try changing settings under the Appearance and Themes tabs

You have Xoftspy installed, it's not on the bad list but is not recommended
If you didn't pay for it I would suggest that you uninstall it
You have eDonkey2000 installed
It comes bundled with Spyware
The newest version (1.2 or later) is Spyware free
If your running an older version I would uninstall your version and install the latest
or don't reinstall it at all
or use an alternative
Suggested p2p file sharing programs that are supposedly clean
* WinMX (recommended)
* Shareaza
* E-Mule
* Gnucleus
* Blubster 1.2.3 (Later versions include adware)
* Soulseek
* BitTorrent (See warning below about open source clients)
* Direct Connect
* Mute
* Limewire (Current versions of Limewire are clean. Older versions bundled spyware)
* ABC Bittorrent Client
* DC++
* KCEasy
* Azureus
* BitComet
* BitTornado
* E-Donkey AKA Overnet (Versions prior to 1.2 available on June 1, '05 bundle adware. 1.2 is clean)
* Torrent Search
* TorrentStorm
* Zultrax (No spyware. No uninstaller either)
* Qnext
* BitSpirit
* Waste
* EarthStation5
* Burst! BitTorrent Client
* AudioGnome
* CQ_EX
* Filetopia
* mldonkey
* MediaSeek Lite (Another program, MediaSeek, by the same company does bundle adware)
* Ares Lite (Ares Lite is clean. Ares from the same company is not)
* BadBlue (No spyware, but requires a registration including name and email address. Not recommended)
* giFT
* Phex
* TrustyFiles (Does install a "casino" bookmark on the desktop.)

You should also do the following
Download and Install Spybot 1.4 from
HERE
or HERE
Don't activate the Tea Timer when installing, it's a great feature but can get in the way
of any fixes we may still have to do
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and download all updates
Click the Search & Destroy button on the left
Check for Problems---When the Scan is complete
FIX all selected promblems in RED

RESTART the computer to finish the cleaning process

Can you repost one last hijackthis log later

juanmamz · « **Reply #7 on:** July 10, 2005, 01:10:58 PM »

I had some problems while following your instructions.
First of all, when i go to ADD AND REMOVE PROGRAMES, i click on "My Search Bar", but there is a mistake with "mybar.dll" and it doesn't dissapear. I went directly to the folder in PROGRAMES FILES, but the folder is not there.

Another problem is that i do not have a folder called C:\WINDOWS\$NtServicePackUninstall$
The file you mentioned is here: C:\WINDOWS\Resources\Themes\New Silver XP

I did not want to continue with the instructions without doing the previous steps before.

Bye, and thanks again.

guestolo · « **Reply #8 on:** July 10, 2005, 05:01:31 PM »

Carry on with the rest of the instructions
Let me know if MySearch bar is still in Add/Remove programs after you have finished everything that you can do

juanmamz · « **Reply #9 on:** July 10, 2005, 05:25:31 PM »

I continued with the instructions. Spybot did not find anything. I read the note, and I'll ask for the file and notify you about the results (It is a spanish version of Windows XP). I will also send it to you (if it works, you don't want a file that does not work).

Here is the hijack log. Tell me if everything is OK.
Thanks again.

Logfile of HijackThis v1.99.1
Scan saved at 07:20:30 p.m., on 10/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\BAckup\AMZ y JMMZ\Trabajos de juan\Programas\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARCHIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PSDrvCheck] "C:\Archivos de programa\Pinnacle\Instant PhotoAlbum\programs\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Archivos de programa\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - Global Startup: Acelerador de inicio de AutoCAD.lnk = C:\Archivos de programa\Archivos comunes\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: Abrir todos los vínculos de esta página... - C:\Archivos de programa\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Añadir a la lista negra de anuncios - C:\Archivos de programa\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Bloquear todas las imágenes del mismo servidor - C:\Archivos de programa\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Buscar - C:\Archivos de programa\Avant Browser\Search.htm
O8 - Extra context menu item: Destacar - C:\Archivos de programa\Avant Browser\Highlight.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Archivos de programa\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab
O20 - Winlogon Notify: MCPClient - C:\ARCHIV~1\ARCHIV~1\Stardock\mcpstub.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Archivos de programa\Archivos comunes\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

juanmamz · « **Reply #10 on:** July 10, 2005, 11:55:11 PM »

I asked for the file, replaced it and now everything is ok. I posted a new hijack log so that you finally check everything.
I can't attach the file you need, so give me an e-mail where i can send you the file (600 Kb, with winrar).
Thanks a lot for the time.

guestolo · « **Reply #11 on:** July 11, 2005, 06:51:51 PM »

Do you still have anything from Stardock's installed?

If not, can you do the following please

Do another scan with Hijackthis and put a check next to these entries:

O20 - Winlogon Notify: MCPClient - C:\ARCHIV~1\ARCHIV~1\Stardock\mcpstub.dll (file missing)

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart your computer

You can delete this folder if found
C:\Archivos de programa\Save <-this folder

If everything is running well
Could you do the following please
You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature

Once back in Windows and System Restore is reenabled

You should set up protection against future attacks

SpywareBlaster 3.4 by JavaCool
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"

IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"
IE-Spyad is compatible with SP2 as well
Avant uses the IE engine, so it should help with it's protection as well
Along with SpywareBlaster

I pm'ed you my email address, I would like very much to have that file
Thank you

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #12 on:** July 11, 2005, 06:55:52 PM »

I overlooked this earlier, but just for a double check
I don't think we'll see any problems
But could you do what I asked previously after you have done the above

Here's the instructions again
Could you also Download and UNZIP to desktop
Find_It's.zip
Open the FindIt's folder and double click on the FindIt's.bat
Wait for the log and post it back here

juanmamz · « **Reply #13 on:** July 13, 2005, 06:25:00 AM »

I'm going to be absent for a few days, so i will post the log later. One of the links you posted is not working.
I sent you the file you asked.
See you in a few days.

chimie · « **Reply #14 on:** July 13, 2005, 10:23:35 AM »

FYI,

You can find free removal software for nail.exe at this location.
simple to use.

Code: [Select]

LINK REMOVED
Find.zip has nothing to do with the FIX, it's for discovery
~guestolo~

Find.zip does not work very well. Nail.exe comes back.

Chimie

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />

guestolo · « **Reply #15 on:** July 13, 2005, 07:31:57 PM »

Thanks for the file juan

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />
Let me know what link wouldn't work for you

Guest · « **Reply #16 on:** July 18, 2005, 08:55:57 AM »

Here is the "Findit's" log file.
Bye. Thanks.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"WCreatedUser"="1"
"ThemeActive"="1"
"LoadedBefore"="1"
"LastUserLangID"="3082"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,72,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,\
00,54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,6c,00,75,00,6e,00,61,00,5c,00,\
6c,00,75,00,6e,00,61,00,2e,00,6d,00,73,00,73,00,74,00,79,00,6c,00,65,00,73,\
00,00,00
"ColorName"="NormalColor"
"SizeName"="NormalSize"

Guest · « **Reply #17 on:** July 18, 2005, 09:06:32 AM »

Do you think i have to check every box of SpywareBlaster 3.4?
Do i have to keep the programe running? Can i close it? Will it protect my computer if it is not running?

Thanks. Bye.

juanmamz · « **Reply #18 on:** July 18, 2005, 02:35:19 PM »

"guest" is me.

guestolo · « **Reply #19 on:** July 18, 2005, 09:45:44 PM »

Quote

Do you think i have to check every box of SpywareBlaster 3.4?

No, you don't actually have to check every box in SpywareBlaster
Those are optional
SpywareBlaster does not and won't run in the backgroung
It set registry entries and blocks bad activex controls
As I mentioned
Check for updates and afterwards click the "Enable all protection"
Do this after every update
I didn't ask you to enable all of it's protections

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Can you delete all zip files I asked you too download
and reg files
You didn't supply the log I wanted
Please do the following

Could you also Download and UNZIP to desktop
Find__It's.zip
Download this, you don't have it yet
Open the FindIt's folder and double click on the FindIt's.bat
Wait for the log and post it back here

News:

Author Topic: Also help with Nail.exe (Read 5980 times)

Guest

Guest