Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HJT Log - Infect by nail.exe [RESOLVED]


  • This topic is locked This topic is locked

#1
amylia

amylia

    New Member

  • Member
  • Pip
  • 6 posts
ermm hello, this is my first time here and i get to know this site by searching through google. i've try various way to remove nail.exe but i don't know if i managed to remove it all. here's my log :

Logfile of HijackThis v1.99.1
Scan saved at 3:41:55 AM, on 6/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Amylia\Application Data\Mozilla\Profiles\default\xzbbv19t.slt\prefs.js)
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [bffhscaozl] C:\WINDOWS\System32\kegakbb.exe
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PLoader] c:\program files\umsd\umsd.exe sys_auto_run C:\program files\UMSD
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [alchem] C:\WINDOWS\alchem.exe
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize313.exe"
O4 - HKLM\..\Run: [Udvrd] C:\Program Files\Hiezmey\Xtvhjtx.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [wkqakv] c:\windows\system32\hffhynx.exe
O4 - HKLM\..\Run: [lljyei] c:\windows\system32\kvcbzi.exe r
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolba...0006_cracks.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c106.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolba...0006_cracks.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093716924790
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://download.35mb...nloadapplet.cab
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

i'm really really desperate. anyone xould help me please?

Edited by amylia, 19 June 2005 - 02:41 AM.

  • 0

Advertisements


#2
TomNJ

TomNJ

    Visiting Staff

  • Member
  • PipPipPip
  • 436 posts
Hello, And welcome to GeeksToGo!!! :tazz:

Sorry for the delay in response as we have been very busy lately.

Since your original post is over a week old, could you please post a fresh Hijack This log for review.

If you have already gotten your machine fixed, please respond here and let us know.

Thanks Tom
  • 0

#3
amylia

amylia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
hello, this is my second time posting here as per requested.
would somebdy please kindly help me? this is my log:

Logfile of HijackThis v1.99.1
Scan saved at 6:24:49 PM, on 7/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: IncrediFindBHO Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Amylia\Application Data\Mozilla\Profiles\default\xzbbv19t.slt\prefs.js)
O2 - BHO: NavErrRedir Class - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - (no file)
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll (file missing)
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll (file missing)
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [bffhscaozl] C:\WINDOWS\System32\kegakbb.exe
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PLoader] c:\program files\umsd\umsd.exe sys_auto_run C:\program files\UMSD
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize313.exe"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [wkqakv] c:\windows\system32\hffhynx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolba...0006_cracks.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c106.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolba...0006_cracks.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093716924790
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://download.35mb...nloadapplet.cab
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

thanks for yor help ^^


Edited by Staff Member; I merged your other topic with this one, since you have an reply here. Please stick in one thread and refrain from posting multiple topics. Thank you.
Sorry Tom, you can continue with this :tazz:

Edited by Rawe, 15 July 2005 - 05:01 AM.

  • 0

#4
TomNJ

TomNJ

    Visiting Staff

  • Member
  • PipPipPip
  • 436 posts
Hello and welcome to Geeks To Go.

Lets start out with some general scans and see if we cant clean things up a little.

+++++ Step 1 +++++

Please download Ewido security suite it is a trial version of the program.
  • Install Ewido security suite
  • Launch Ewido, there should be an icon on your desktop double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
+++++ Step 2 +++++

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++ Step 3 +++++

Update HiJackThis
  • Open HiJackThis
  • Click Open the Misc Tools Section
  • Click Check for update online
+++++ Step 4 +++++

After that, I will need to see two different logs from HiJackThis. The first is the normal log like you posted here. To get the other one, follow these directions.

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Post back with those logs and we can continue from there.
  • 0

#5
amylia

amylia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hello, I'm really sorry about the double post. I thought that you have to open a new post if you want to post a new log. I'm really soor >_< . Anyway here's the log that you asked me to do.

The online scan :

-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Saturday, July 16, 2005 12:59:36
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 15/07/2005
Kaspersky Anti-Virus database records: 130674
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 115550
Number of viruses found: 12
Number of infected objects: 50
Number of suspicious objects: 0
Duration of the scan process: 7028 sec

Infected Object Name - Virus Name
C:\WINDOWS\system32\drivers\etc\3.hosts Infected: Trojan.Win32.Qhost.f
C:\WINDOWS\system32\drivers\etc\2.hosts Infected: Trojan.Win32.Qhost.f
C:\WINDOWS\system32\drivers\etc\1.hosts Infected: Trojan.Win32.Qhost.f
C:\WINDOWS\system32\drivers\etc\hosts.bak Infected: Trojan.Win32.Qhost.f
C:\WINDOWS\system32\in3.dll/data0003 Infected: Trojan-Downloader.Win32.Keenval.e
C:\WINDOWS\system32\in3.dll/data0004 Infected: Trojan-Downloader.Win32.Keenval.e
C:\WINDOWS\system32\in3.dll Infected: Trojan-Downloader.Win32.Keenval.e
C:\WINDOWS\system32\setup_incred_3.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.e
C:\WINDOWS\system32\setup_incred_3.exe/data0004 Infected: Trojan-Downloader.Win32.Keenval.e
C:\WINDOWS\system32\setup_incred_3.exe Infected: Trojan-Downloader.Win32.Keenval.e
C:\WINDOWS\browserxtras\pn\remove.exe/data0002/data0003 Infected: Trojan-Downloader.Win32.Keenval.f
C:\WINDOWS\browserxtras\pn\remove.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval.f
C:\WINDOWS\browserxtras\pn\remove.exe Infected: Trojan-Downloader.Win32.Keenval.f
C:\Documents and Settings\Amylia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv303.jar-12ef7cba-63b2a78e.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Amylia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv303.jar-12ef7cba-63b2a78e.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Amylia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv684.jar-6c93babb-17ccea70.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Amylia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv684.jar-6c93babb-17ccea70.zip Infected: Trojan-Downloader.Java.OpenStream.c
C:\Documents and Settings\Amylia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-a5399d2-19040488.zip/Beyond.class Infected: Trojan.Java.ClassLoader.ai
C:\Documents and Settings\Amylia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-a5399d2-19040488.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.ai
C:\Documents and Settings\Amylia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-a5399d2-19040488.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.ai
C:\Documents and Settings\Amylia\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count3.jar-a5399d2-19040488.zip Infected: Trojan.Java.ClassLoader.ai
C:\Program Files\Norton AntiVirus\Quarantine\7025647C.htm Infected: Trojan-Downloader.JS.Psyme.an
C:\Program Files\Norton AntiVirus\Quarantine\705F583B.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\705F583B.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\705F583B.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\705F583B.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\705F583B.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\290A4CA7.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\290A4CA7.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\290A4CA7.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\290A4CA7.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\290A4CA7.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\5222196A.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\5222196A.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\5222196A.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\5222196A.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\70702A29.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\70702A29.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\70702A29.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\70702A29.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\70702A29.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\05F322A4.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\05F322A4.zip/InsecureClassLoader.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\05F322A4.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Program Files\Norton AntiVirus\Quarantine\05F322A4.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\05F322A4.zip Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Program Files\Norton AntiVirus\Quarantine\707A281E.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\707A281E.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton AntiVirus\Quarantine\707A281E.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Program Files\Norton AntiVirus\Quarantine\707A281E.zip Infected: Trojan-Downloader.Java.OpenConnection.aa

Scan process completed.


The HJT log :

Logfile of HijackThis v1.99.1
Scan saved at 1:17:35 PM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Amylia\Application Data\Mozilla\Profiles\default\xzbbv19t.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [bffhscaozl] C:\WINDOWS\System32\kegakbb.exe
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PLoader] c:\program files\umsd\umsd.exe sys_auto_run C:\program files\UMSD
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize313.exe"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [wkqakv] c:\windows\system32\hffhynx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093716924790
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://download.35mb...nloadapplet.cab
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


THe HJT Uninstall :

3ivx D4 4.5.1 (remove only)
AAC Parser (remove only)
AC3+DTS XForm (remove only)
AC3Filter (remove only)
ACDSee 7.0 PowerPack
Ace DVD Audio Extractor 1.1.12
Ad-Aware SE Personal
Adobe Photoshop 7.0
Adobe Reader 6.0
Adobe Reader Japanese Fonts
ADSL Ethernet Modem Utility
ADSL USB Modem
ADSL USB Modem Network Adapter
Ahead InCD EasyWrite Reader
Apache HTTP Server 2.0.54
Aspi Installer
Auto Gordian Knot 1.25
AviSynth 2.5
Azureus
BitTornado 0.3.12
CD Audio Reader Filter (remove only)
CDCheck (remove only)
CDXA Image Reader Filter (SVCD/XCD) (remove only)
CoCSoft Stream Down 3.3
CoreFLAC Audio Decoder+Source Filter (remove only)
DFE-530TX Driver
Direct Show Ogg Vorbis Filter (remove only)
DirectShow subtitle filter colleciton (remove only)
DivX
DivX Player
Easy CD-DA Extractor 7.1
Easy Video Splitter 1.28
Enable S3 for USB Device
ewido security suite
ffdshow (remove only)
Gordian Knot Rip Pack 0.28.7
HijackThis 1.99.1
Huffyuv AVI lossless video codec (Remove Only)
InCD
Inspector Parker Deluxe
J2SE Runtime Environment 5.0 Update 2
Java 2 Runtime Environment, SE v1.4.2_04
Kaspersky Anti-Virus Web Scanner
Kazaa 2.7.2
K-Lite Codec Pack 2.26 Full
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Shockwave Player
Mah Jong Quest
Marvell Miniport Driver
Matroska (remove only)
Matroska Pack (remove only)
Maxthon Browser (remove only)
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
mIRC
Morgan Stream Switcher
Mozilla Firefox (1.0.4)
MSN Messenger 7.0
MUSICMATCHR Jukebox
Nav Subscription year 2002 - 2003 for Win95 to XP
Nero 6
Nero Media Player
NeroVision Express 2
Netscape (7.2)
Norton AntiVirus 2003 Professional Edition
Norton WMI Update
NVIDIA Display Driver
pshskin.zip
QuickTime
RealMedia (remove only)
RealPlayer
RTP for RM2K (Png, Wav, Midi, Fonts)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
SHOUTcast Source (remove only)
SmartFTP Client
Spybot - Search & Destroy 1.3.1 TX
StuffIt Standard
taka_tasuki.zip
tasukiflame.zip
tasukiskin.zip
The ABI Network- A Division of Direct Revenue
Ulead GIF Animator 5 TBYB
VideoLAN VLC media player 0.8.1
VobSub v2.23 (Remove Only)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime Beta
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
WinRAR archiver
WinZip
XviD MPEG-4 Video Codec
XviD Video Codec 24062003-1 (Koepi's developer build)
Yahoo! Internet Mail
Yahoo! Messenger
YSIGet

I don't know whether you want the report for ewido so i'll just include it too :

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:20:57 AM, 7/16/2005
+ Report-Checksum: 66C00073

+ Scan result:

:mozilla.10:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Amylia\Application Data\Mozilla\Firefox\Profiles\ktn12hek.default\cookies.txt -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.21:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.22:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.24:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.47:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.48:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.51:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.52:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.55:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
-> : Error during cleaning
:mozilla.57:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.58:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.59:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.60:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.61:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.66:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.67:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.70:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.71:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.72:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.114:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.117:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.118:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.120:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.121:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.127:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.132:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.133:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.134:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.135:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.136:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.137:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.138:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.181:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.186:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.187:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.188:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.189:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.202:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.203:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.204:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.205:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.206:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.207:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.208:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.209:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.210:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.211:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.212:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.213:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.214:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.215:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.216:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
-> : Error during cleaning
:mozilla.218:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.219:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.226:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.227:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.228:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.229:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.230:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.231:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.232:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.233:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.234:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.235:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.236:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.237:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.238:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.239:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.240:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.241:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Paypopup : Cleaned with backup
:mozilla.243:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.244:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.245:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.246:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.284:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.285:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.286:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.290:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.345:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.399:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.400:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.402:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.403:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.404:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.423:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.445:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.453:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.454:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.455:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.456:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.473:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.504:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.506:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.507:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.522:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.563:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.565:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.567:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.581:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.582:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.589:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.590:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.651:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.652:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.653:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.654:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.673:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.674:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.702:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.703:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.704:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.705:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.760:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.761:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.762:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
-> : Error during cleaning
:mozilla.805:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.806:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.812:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.813:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.814:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.815:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.816:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.817:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.845:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.905:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.937:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.938:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.939:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.940:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.941:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.942:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.943:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.944:C:\FOUND.001\FILE0002.CHK -> Spyware.Cookie.Hitbox : Cleaned with backup


::Report End


Thanks for your time and help
  • 0

#6
TomNJ

TomNJ

    Visiting Staff

  • Member
  • PipPipPip
  • 436 posts
OK here we go again. PLease follow the instructions below

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize313.exe"
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe


Click on Fix Checked when finished and exit HijackThis.

[*]Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\iexplore.exe Make sure delete the file in this directory ONLY.
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Internet Optimizer\optimize313.exe
C:\Program Files\Common Files\GMT\GMT.exe


Exit Explorer, and reboot as normal afterwards.

Post back a fresh HijackThis log and we will take another look.

Edited by TomNJ, 16 July 2005 - 08:54 AM.

  • 0

#7
amylia

amylia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ok here's the new log :

Logfile of HijackThis v1.99.1
Scan saved at 11:28:19 PM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Amylia\Application Data\Mozilla\Profiles\default\xzbbv19t.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [bffhscaozl] C:\WINDOWS\System32\kegakbb.exe
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PLoader] c:\program files\umsd\umsd.exe sys_auto_run C:\program files\UMSD
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [wkqakv] c:\windows\system32\hffhynx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093716924790
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://download.35mb...nloadapplet.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#8
TomNJ

TomNJ

    Visiting Staff

  • Member
  • PipPipPip
  • 436 posts
[*]Please set your system to show
all files; please see here if you're unsure how to do this.

[*]Press Control-Alt-Del to enter the Task Manager.

Click on the Processes tab and end the following processes:

C:\WINDOWS\system32\conime.exe

Exit the Task Manager when finished.

[*]Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
O4 - HKLM\..\Run: [bffhscaozl] C:\WINDOWS\System32\kegakbb.exe
O4 - HKLM\..\Run: [wkqakv] c:\windows\system32\hffhynx.exe
O9 - Extra button: (no name) - {7F241C00-DAB6-11d5-AAA8-0001028DF1BC} - file://C:\Program Files\EbatesMoeMoneyMaker\System\Temp\ebates_script0.htm (file missing) (HKCU)


Click on Fix Checked when finished and exit HijackThis.

[*]Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\system32\conime.exe
C:\WINDOWS\System32\kegakbb.exe
c:\windows\system32\hffhynx.exe


Exit Explorer, and reboot as normal afterwards.

Post back a fresh HijackThis log and we will take another look. Also please let me know how your system is running.
  • 0

#9
amylia

amylia

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
here is it :

Logfile of HijackThis v1.99.1
Scan saved at 12:07:46 AM, on 7/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Amylia\Application Data\Mozilla\Profiles\default\xzbbv19t.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [PowerS] C:\WINDOWS\PowerS.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [PLoader] c:\program files\umsd\umsd.exe sys_auto_run C:\program files\UMSD
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093716924790
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla...ller/dwnldr.cab
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://download.35mb...nloadapplet.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Local Service - Unknown owner - C:\Program Files\STOPzilla!\szntsvc.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


my computer is running ok i guess, its just that it shuts down really slow and when i try to close my bittorrent there's always an error when its shut down
  • 0

#10
TomNJ

TomNJ

    Visiting Staff

  • Member
  • PipPipPip
  • 436 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP