Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Nail.exe [RESOLVED]

Started by ENVY88 , Aug 10 2005 07:13 PM

  • This topic is locked This topic is locked

#1
ENVY88
Posted 10 August 2005 - 07:13 PM

ENVY88

    Member

  • Member
  • PipPip
  • 17 posts
:) Hi, I guess i have same problem as some other people here, I got application in directory "C:/WINNT/Nail.exe" and I need it to be removed, I don't receive any pop-ups windows, I have tried Ad-Aware, Microsoft AntiSpyware, NoAdware programs, but its still there. Its killing me when I see unfamiliar or mean less processes running in my "Task Manager" which come up with a different name everytime after I click on "End Process" and its really making me angry now. ;)
Thanks. :tazz:

This is my HiJack This log.


Logfile of HijackThis v1.99.1
Scan saved at 2:11:47, on 11.08.2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINNT\System32\LVCOMSX.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\ctfmon.exe
C:\WINNT\System32\taskmgr.exe
C:\Program Files\Bluetooth Software\BTTray.exe
C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE
C:\WINNT\Explorer.exe
C:\Program Files\AOL 8.0\waol.exe
C:\Program Files\AOL 8.0\shellmon.exe
C:\WINNT\System32\qzzyuv.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
O2 - BHO: (no name) - {21345678-9abc-def0-0fed-cba987654321} - C:\WINNT\System32\msoffice.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [crkqhzl] C:\WINNT\System32\qzzyuv.exe r
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLitenew\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLitenew\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.na...pdatePortal.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB818460-6F2E-44DD-A9BC-14F10AC229EE}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

Advertisements

#2
Guse
Posted 10 August 2005 - 09:49 PM

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Heya and welcome to Geeks to Go, ENVY88. My name is Guse and I'll be helping you.

First off, you have a rather dubious spyware cleaner on your system called: AdwareAlert. Let's go to your Add/Remove Programs (Start | Settings | Control Panel | Add/Remove Programs) and uninstall the program. If you want a spyware scanner, I'll suggest a more reputable one at the end of the fixes.

Please run Notepad and copy the following text into a new file:

@ECHO OFF
cd\windows
Nail.exe /FULLREMOVE
sc config SvcProc start= disabled
sc stop SvcProc
sc delete SvcProc
attrib -s -r -h nail.exe
attrib -s -r -h svcproc.exe
del nail.exe
del svcproc.exe
exit

Save the file to the desktop as remove.bat and make sure the "Save as type" field says "All files".

Next, please reboot your computer in Safe Mode.
Once in Safe Mode, please double-click on remove.bat. A window should open and close very quickly --- this is normal.

Open HijackThis
Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
O2 - BHO: (no name) - {21345678-9abc-def0-0fed-cba987654321} - C:\WINNT\System32\msoffice.dll
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKLM\..\Run: [crkqhzl] C:\WINNT\System32\qzzyuv.exe r

Then close all open windows except for HijackThis and click Fix Checked.

Then, using Windows Explorer, find and delete the following items:

C:\WINNT\System32\qzzyuv.exe
C:\Program Files\AdwareAlert\ (<~~ entire folder)
C:\WINNT\System32\msoffice.dll

Restart your computer

Scan the computer here:
http://www.ewido.net/en/
Let it do a full run, than copy the log. Past it to a blank Notepad file and save it to post here.
Than let it rerun. Save that log too.

Post back here with a fresh log using HijackThis and both of the scan results.

Edited by Guse, 10 August 2005 - 09:49 PM.

  • 0

#3
ENVY88
Posted 11 August 2005 - 02:18 PM

ENVY88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Thank you for replying so quickly to me Guse. ;)
Well I did everything you told me to do in that post, but I think the files I was trying to remove are back. :tazz:

Sorry for the question but do I have to click on "Remove Infections"? or just do the both scans and just paste the logs here?

Here is my EWIDO scan results 1:


__________________________________________________
ewido security suite online scanner
http://www.ewido.net
__________________________________________________


Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@doubleclick[1].txt
Risk: Medium

Name: Spyware.Cookie.Bluestreak
Path: C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@bluestreak[1].txt
Risk: Medium

Name: Spyware.Cookie.2o7
Path: C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\[email protected][1].txt
Risk: Medium

Name: Spyware.Cookie.Abetterinternet
Path: C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@abetterinternet[2].txt
Risk: Medium

Name: Spyware.DesktopSpyAgent
Path: HKLM\SOFTWARE\KMiNT21
Risk: High

Name: Spyware.BetterInternet
Path: HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon
Risk: High

Name: Adware.BetterInternet
Path: [608] C:\WINNT\system32\DrPMon.dll
Risk: Medium

Name: Adware.BetterInternet
Path: [708] VM_00D70000
Risk: Medium

Name: Trojan.Agent.cp
Path: [1056] C:\WINNT\System32\yxjnfrl.exe
Risk: High

Name: Adware.BetterInternet
Path: [2128] C:\WINNT\eanvgzktgb.exe
Risk: Medium

Name: Adware.BetterInternet
Path: [2264] C:\WINNT\eanvgzktgb.exe
Risk: Medium

Name: Adware.BetterInternet
Path: [2328] C:\WINNT\eanvgzktgb.exe
Risk: Medium

Name: Adware.BetterInternet
Path: C:\WINNT\eanvgzktgb.exe
Risk: Medium

Name: Spyware.Cookie.Abetterinternet
Path: C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@abetterinternet[1].txt
Risk: Medium

Name: Adware.BetterInternet
Path: C:\Program Files\Microsoft AntiSpyware\Quarantine\FD3D8B7C-F8FD-40D5-8E14-30AF5B\37963664-A197-470C-816B-9A1B31
Risk: Medium

Name: TrojanDownloader.IstBar.kc
Path: C:\data
Risk: High


Scan EWIDO 2:



__________________________________________________
ewido security suite online scanner
http://www.ewido.net
__________________________________________________


Name: Spyware.Cookie.Doubleclick
Path: C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@doubleclick[1].txt
Risk: Medium

Name: Spyware.Cookie.Bluestreak
Path: C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@bluestreak[1].txt
Risk: Medium

Name: Spyware.Cookie.2o7
Path: C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\[email protected][1].txt
Risk: Medium

Name: Spyware.Cookie.Abetterinternet
Path: C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@abetterinternet[2].txt
Risk: Medium

Name: Spyware.DesktopSpyAgent
Path: HKLM\SOFTWARE\KMiNT21
Risk: High

Name: Spyware.BetterInternet
Path: HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon
Risk: High

Name: Adware.BetterInternet
Path: [608] C:\WINNT\system32\DrPMon.dll
Risk: Medium

Name: Adware.BetterInternet
Path: [708] VM_00D70000
Risk: Medium

Name: Trojan.Agent.cp
Path: [1056] C:\WINNT\System32\yxjnfrl.exe
Risk: High

Name: Adware.BetterInternet
Path: [2128] C:\WINNT\eanvgzktgb.exe
Risk: Medium

Name: Adware.BetterInternet
Path: [2264] C:\WINNT\eanvgzktgb.exe
Risk: Medium

Name: Adware.BetterInternet
Path: [2328] C:\WINNT\eanvgzktgb.exe
Risk: Medium

Name: Adware.BetterInternet
Path: [2300] C:\WINNT\eanvgzktgb.exe
Risk: Medium

Name: Adware.BetterInternet
Path: [2224] C:\WINNT\eanvgzktgb.exe
Risk: Medium

Name: Adware.BetterInternet
Path: C:\WINNT\eanvgzktgb.exe
Risk: Medium

Name: Spyware.Cookie.Bluestreak
Path: C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@bluestreak[1].txt
Risk: Medium

Name: Spyware.Cookie.Abetterinternet
Path: C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@abetterinternet[2].txt
Risk: Medium

Name: Spyware.Cookie.2o7
Path: C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\[email protected][1].txt
Risk: Medium

Name: Adware.BetterInternet
Path: C:\Program Files\Microsoft AntiSpyware\Quarantine\FD3D8B7C-F8FD-40D5-8E14-30AF5B\37963664-A197-470C-816B-9A1B31
Risk: Medium

Name: TrojanDownloader.IstBar.kc
Path: C:\data
Risk: High


And this is HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:18:28 PM, on 8/11/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\yxjnfrl.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINNT\System32\LVCOMSX.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Bluetooth Software\BTTray.exe
C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE
C:\WINNT\eanvgzktgb.exe
C:\Program Files\AOL 8.0\waol.exe
C:\Program Files\AOL 8.0\shellmon.exe
C:\WINNT\eanvgzktgb.exe
C:\WINNT\eanvgzktgb.exe
C:\WINNT\eanvgzktgb.exe
C:\WINNT\eanvgzktgb.exe
C:\HJT\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINNT\Nail.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [scwdkec] C:\WINNT\System32\yxjnfrl.exe r
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLitenew\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLitenew\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.na...pdatePortal.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB818460-6F2E-44DD-A9BC-14F10AC229EE}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#4
Guse
Posted 11 August 2005 - 02:26 PM

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
If you didn't tell it to clean the infections, rescan with Ewido and have it clean this time.

If you did have it clean, just tell me that and we'll move on.
  • 0

#5
ENVY88
Posted 11 August 2005 - 02:38 PM

ENVY88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I have just clicked on Remove Infections but the small message came up after few seconds saying not all infections can be removed download Ewido Security Sute and try again. :tazz:
  • 0

#6
Guse
Posted 11 August 2005 - 06:17 PM

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit ewido. DO NOT scan yet.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Download CleanUp
Install the program, dont run it yet, we will later.

Please download this file: Nailfix Utility
Save it to your desktop.
DO NOT run it yet.

Download dsrfix.zip
Save it to your desktop.
  • Unzip dsrfix.zip and extract it to your desktop.
  • This will create a new folder on your desktop named dsrfix.
  • Do Not open that folder yet.
Please download APT and unzip the contents to a new folder on your desktop.
  • Open the folder you just created and click on apt.exe and search in the window for C:\WINNT\svcproc.exe.
  • Open your C:\Windows\system32 folder and search for C:\WINNT\svcproc.exe.
    Don't delete it yet, just leave the system32 folder open so you can see the bad file.
  • In APT again, Select C:\WINNT\svcproc.exe and Click Kill3
  • Then immediately delete C:\WINNT\svcproc.exe from your system32 folder.
Close APT.

To reboot into SafeMode with Windows XP, you can follow these steps from Microsoft:

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, start tapping press F8 key.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Once in Safe Mode, please double-click on nailfix.exe.
Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Now open ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Now scan with HJT and place a checkmark next to each of the following items:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe


Close all open windows except for HJT, then click the Fix Checked button. Close HJT.

Now open the folder dsrfix on your desktop.
  • Double-Click on dsrfix.bat
  • A window will pop up briefly then close, this is normal.
Enable show hidden files and folders:

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK

Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp
Finally, restart your computer back into Normal Mode and please post a new HJT log, as well as the ewido report log from the Ewido scan by using Add Reply
  • 0

#7
ENVY88
Posted 11 August 2005 - 06:51 PM

ENVY88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
ok, I did everything you told me to, untill I came to the APT Application, the process "svcproc.exe" is not running in APT.

Edited by ENVY88, 11 August 2005 - 06:54 PM.

  • 0

#8
Guse
Posted 11 August 2005 - 08:19 PM

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
That's fine. Just skip that part and continue on.
  • 0

#9
ENVY88
Posted 12 August 2005 - 08:37 AM

ENVY88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Hiy again, well I went to the safe mode and tried to open "Nailfix.exe" application I get this message "Setup files are corrupted please obtain a new copy of the program" Even in normal mode whats happening?? :tazz:

Edited by ENVY88, 12 August 2005 - 08:39 AM.

  • 0

#10
Guse
Posted 12 August 2005 - 12:05 PM

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
I just tried it and got the same thing.

Click here for one that works. Sorry about that.

Remember how I told you to skip APT? Here's a replacement instruction for that section only... just run it now.

Please download APT and unzip the contents to a new folder on your desktop.
  • Open the folder you just created and click on apt.exe and search in the window for C:\WINNT\System32\yxjnfrl.exe .
  • Open your C:\Windows\system32 folder and search for yxjnfrl.exe. Don't delete it yet, just leave the system32 folder open so you can see the bad file.
  • In APT again, Select C:\WINNT\System32\yxjnfrl.exe and Click Kill3
  • Then immediately delete yxjnfrl.exe from your system32 folder.
Close APT.

Edited by Guse, 12 August 2005 - 12:06 PM.

  • 0

Advertisements

#11
ENVY88
Posted 12 August 2005 - 01:58 PM

ENVY88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Well... I guess mission accomplished for the things you told me to do Guse... Hehe ;) :tazz: Here is my logs:



EWIDO:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:28:52 PM, 8/12/2005
+ Report-Checksum: 1B02B0FC

+ Scan result:

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
C:\WINNT\eanvgzktgb.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\[email protected][1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\[email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\[email protected][1].txt -> Spyware.Cookie.Counted : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\[email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Tavaska.HOME-ZQAU5M1G1C\Cookies\tavaska@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041036.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041042.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041045.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041051.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041054.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041085.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041088.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041091.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041094.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041097.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041100.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041103.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041157.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041160.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041190.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041193.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041196.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041199.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041208.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041211.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041244.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041247.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041250.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041253.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041259.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041262.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041265.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041298.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041304.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041307.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041310.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041313.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041316.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041319.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041403.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041406.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041409.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041412.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041415.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041418.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041421.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041424.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041427.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041457.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041460.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041463.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041466.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041469.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041472.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041475.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041478.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041481.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00042104.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00042116.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00042117.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00042118.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00042119.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00040610.TXT -> Spyware.Cookie.Overture : Cleaned with backup
C:\Recycled\NPROTECT\00040611.TXT -> Spyware.Cookie.Overture : Cleaned with backup
C:\Recycled\NPROTECT\00040644.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040647.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040650.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040653.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040656.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040659.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040662.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040665.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040668.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040670.TXT -> Spyware.Cookie.Overture : Cleaned with backup
C:\Recycled\NPROTECT\00040671.TXT -> Spyware.Cookie.Overture : Cleaned with backup
C:\Recycled\NPROTECT\00040702.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040705.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040708.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040711.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040714.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040717.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040720.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040723.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040756.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040759.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040762.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040765.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040768.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040771.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040774.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040780.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040726.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040810.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040813.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040816.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040819.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040822.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040825.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040828.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040831.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040834.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040857.TXT -> Spyware.Cookie.Overture : Cleaned with backup
C:\Recycled\NPROTECT\00040865.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040868.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040871.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040874.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040877.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040880.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040883.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040886.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040889.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040919.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040922.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040925.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040928.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040931.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040934.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040937.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040940.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040943.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040946.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040976.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040979.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040982.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040985.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040988.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040991.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040994.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040997.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041000.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041030.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041033.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041039.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041048.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041106.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041136.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041139.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041142.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041145.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041148.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041151.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041154.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041202.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041205.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041241.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041256.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041295.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041301.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041349.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041352.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041355.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041358.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041361.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041364.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041367.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041370.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041373.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00040777.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041797.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00041831.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00041832.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00041833.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00041834.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00041842.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00041844 -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00041845 -> TrojanDownloader.IstBar.kc : Cleaned with backup
C:\Recycled\NPROTECT\00041855.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00041898.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00041899.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00041900.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00041901.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00041903.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00041904.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00041907.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00041922.EXE -> Adware.BetterInternet : Cleaned with backup
C:\Recycled\NPROTECT\00041506.TXT -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Recycled\NPROTECT\00041507.TXT -> Spyware.Cookie.Overture : Cleaned with backup


::Report End





HJT:


Logfile of HijackThis v1.99.1
Scan saved at 8:50:45 PM, on 8/12/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\explorer.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINNT\System32\LVCOMSX.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Bluetooth Software\BTTray.exe
C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLitenew\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLitenew\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.na...pdatePortal.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
  • 0

#12
Guse
Posted 12 August 2005 - 02:38 PM

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
Sorry about the confusion last time.

From first appearances, it seem like Nail is gone. There's just one last thing to do to make sure. First, start HijackThis and check the following entry:

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)

Then click Fix Checked. Then close HijackThis.

Next, Download FindIt's.zip to your desktop:
  • Create a new folder on your desktop
  • Unzip/extract the files inside that folder you created on your desktop.
  • Open the folder and run FindIt's.bat and wait for notepad to open a text file. It may take awhile so please be patient ...
  • Then post the results here along with a new HJT log by using Add Reply

Edited by Guse, 12 August 2005 - 02:39 PM.

  • 0

#13
ENVY88
Posted 12 August 2005 - 02:47 PM

ENVY88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Ok, but does that Find It's Notepad take more than 3 minuts to open ??? :tazz:
  • 0

#14
ENVY88
Posted 12 August 2005 - 02:57 PM

ENVY88

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
still havent opened :tazz:
Heres HJT log:



Logfile of HijackThis v1.99.1
Scan saved at 10:01:45 PM, on 8/12/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\explorer.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINNT\System32\LVCOMSX.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Bluetooth Software\BTTray.exe
C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\AOL 8.0\waol.exe
C:\Program Files\AOL 8.0\shellmon.exe
C:\HJT\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Bluetooth Software\BTTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLitenew\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLitenew\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse....iveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay10...es/MsnPUpld.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.na...pdatePortal.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB818460-6F2E-44DD-A9BC-14F10AC229EE}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Unknown owner - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINNT\svcproc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

Edited by ENVY88, 12 August 2005 - 03:01 PM.

  • 0

#15
Guse
Posted 12 August 2005 - 04:55 PM

Guse

    Visiting Staff

  • Member
  • PipPipPip
  • 624 posts
It took me just at 10 minutes to run it on my machine. Try again.

Also, did you remove the HJT log entry I specified in my last post?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP