First of all, thank you so much for helping me! I've run into a few problems during the 'cleaning' proces. The log report of Ewido is in Dutch, but it's quite clear; it didn't find anything and nothing was deleted.
The two entries below were no longer in the scan results of HijackThis (I removed the R3 and F2), I saved the log:
Logfile of HijackThis v1.99.1
Scan saved at 18:41:08, on 6-6-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\Internet\NORTON~1\navapw32.exe
C:\Internet\DU Meter\DUMeter.exe
C:\System\Microsoft AntiSpyware\gcasServ.exe
C:\Multimedia\Quick\iTunesHelper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\System\Temp\security suite\ewidoctrl.exe
C:\System\Temp\security suite\ewidoguard.exe
C:\System\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Internet\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Temp 1\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.nl/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.nl/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Internet\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Internet\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\INTERNET\DAP\dapiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\Internet\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DU Meter] C:\Internet\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [gcasServ] "C:\System\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Multimedia\Quick\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: &Download with &DAP - C:\INTERNET\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\INTERNET\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\INTERNET\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) -
http://www.skylineso...stallPlugIn.cabO16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) -
http://download.zone...ee/cm/ICSCM.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) -
https://gto.postbank.nl/GTO/PBGNX.cabO23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\System\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\System\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\System\Temp\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\System\Temp\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Internet\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\System\SiSoftware Sandra Professional 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\System\SiSoftware Sandra Professional 2005.SR1\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Then I encountered a real problem, I couldn't remove The ABI Network software. When I tried my browser opened and the following message was displayed:
- The ABI Network contextual advertising software is installed on this machine because you have received software free of charge through an ABI distributor.
- To support your free software and to help keep the product free, please do not uninstall the ABI Network software.
- It is not "spyware," does not collect any personal information about you, and is not malicious.
- If you do choose to uninstall the ABI Network software, it can be safely and completely removed by going to www.mypctuneup.com to get the uninstall tool.
I did not do this (yet). I first want your advise, because to me it's strange that I can't remove software from my own pc and have to use another tool (with more x-ware?)
The rest of the process was succesfully and below you'll find the Hijacklog and Uninstall log:
Logfile of HijackThis v1.99.1
Scan saved at 23:53:05, on 6-6-2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\System\Temp\security suite\ewidoctrl.exe
C:\System\Temp\security suite\ewidoguard.exe
C:\Internet\NORTON~1\navapw32.exe
C:\Internet\DU Meter\DUMeter.exe
C:\Multimedia\Quick\iTunesHelper.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Internet\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\System\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.nl/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.nl/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Internet\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Internet\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\INTERNET\DAP\dapiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\Internet\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [DU Meter] C:\Internet\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [gcasServ] "C:\System\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Multimedia\Quick\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O8 - Extra context menu item: &Download with &DAP - C:\INTERNET\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\INTERNET\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\INTERNET\DAP\DAP.EXE
O16 - DPF: {18D9C485-7EEC-4395-95DA-DC3875B10E81} (TEInstallPlugIn) -
http://www.skylineso...stallPlugIn.cabO16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) -
http://download.zone...ee/cm/ICSCM.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {DE591B16-A452-11D6-AED1-0001030A4E46} (PBGNX Control) -
https://gto.postbank.nl/GTO/PBGNX.cabO23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\System\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\System\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\System\Temp\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\System\Temp\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Internet\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\System\SiSoftware Sandra Professional 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\System\SiSoftware Sandra Professional 2005.SR1\RpcSandraSrv.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
Ad-Aware SE Personal
Adobe Acrobat 5.0
AntiVir/XP
AoA DVD Ripper
ArcSoft VideoImpression 1.6FP
Arles Image Web Page Creator 5.0
ASUSTeK ASUSDVD
Azureus
Boilsoft ASF Converter 1.61
Civilization II Multiplayer
CleanUp!
Creative DVD Audio Plugin for Audigy Series
Creative PC-CAM Center
Creative WebCam Monitor
Creative WebCam NX Pro Driver (1.02.03.0218)
Creative WebCam NX Pro Handboek (Nederlands)
DivX Player
Download Accelerator Plus
Download Accelerator Plus Beta
DU Meter
DVD Shrink 3.2
dvdSanta 3.42
ewido security suite
EZ Mp3 Wav Converter
FinePixViewer Ver.2.0
Forté Agent
FUJIFILM USB Driver
Genius v3.2.2
HijackThis 1.99.1
InCD
InterActual Player
InterVideo WinDVD 4
InterVideo WinDVD 6
Ipswitch WS_FTP Home
IrfanView (remove only)
iTunes
Java 2 Runtime Environment, SE v1.4.2_06
Kazaa Lite K++ v2.4.3
LeechFTP
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Logitech Desktop Messenger
Logitech MouseWare 9.79
Macromedia Shockwave Player
MediaWare Solutions MyFlix v3.0.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Office 2000 Premium
Microsoft Rise Of Nations
Motherboard Monitor 5
Mozilla Firefox (1.0.4)
MSN Messenger 7.0
MSXML4 Parser
NASA World Wind 1.3
Nero 6 Ultra Edition
Nero Media Player
NeroMIX
NeroVision Express 3
NetLimiter 1.30 (remove only)
Norton AntiVirus 2002
Norton Ghost
Norton WMI Update
NVIDIA Display Driver
PowerQuest PartitionMagic 8.0 Demo
QuickTime
RealPlayer
Registry Mechanic
Remove DivX Pro Codec
Rise of Nations Thrones and Patriots
Roll
SeaWorld Adventure Parks Tycoon 3D
Security Task Manager 1.6d
SiSoftware Sandra Professional 2005.SR1 (Win64/32/CE)
Skype 1.1
SmartFTP
Spybot - Search & Destroy 1.3
Stronghold 2
SWAT 4
TerraExplorer
The ABI Network- A Division of Direct Revenue
The Sims Deluxe Edition
Weer Actueel
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Registry Guide 2003
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
It looks to my laymen's eyes that Nail is gone, and for as long as I've been working on this reply there were no unwanted pop-ups or security warnings. I guess the only question remains is how to get rid of the ABI software in a safe way.
Again, thank you so much for your time and effort. Looking forward to your reply.
Edited by XantrX, 06 June 2005 - 04:19 PM.