OK, i followed the instructions and here is the new hijackthis log followed by the ewido log:
Logfile of HijackThis v1.99.1
Scan saved at 12:32:14 AM, on 6/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\imapi.exe
C:\Documents and Settings\Ray Salgado\Desktop\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R3 - URLSearchHook: (no name) - _{8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {0E88C273-CD34-31A8-EE3C-A690087E9A14} - C:\Program Files\cdapp\qynvloigfj.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\System32\ps1.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [98D0CE0C16B1] rundll32.exe D0CE0C16B1,D0CE0C16B1
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKCU\..\Run: [sf] C:\Program Files\sf\sf.exe
O4 - HKCU\..\Run: [sfita] C:\WINDOWS\sfita.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {EC51659D-721F-4CBF-9CEA-5E776D89CEA9} -
http://www.pacimedia...ll/pcs_0002.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 12:26:47 AM, 6/8/2005
+ Report-Checksum: 5C917DE4
+ Date of database: 6/8/2005
+ Version of scan engine: v3.0
+ Duration: 36 min
+ Scanned Files: 41538
+ Speed: 18.94 Files/Second
+ Infected files: 70
+ Removed files: 69
+ Files put in quarantine: 69
+ Files that could not be opened: 0
+ Files that could not be cleaned: 1
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\kack.exe -> TrojanDownloader.Qoologic.n -> Error during cleaning
C:\Documents and Settings\Ray Salgado\Cookies\ray salgado@66693905[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray salgado@adknowledge[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray salgado@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray salgado@burstnet[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray salgado@exitexchange[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray salgado@realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray salgado@targetnetworks[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray salgado@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Cookies\ray salgado@zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Local Settings\Temp\nst6.EXE -> Spyware.SmartPops -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Local Settings\Temp\temp.fr8D74 -> Trojan.Agent.db -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Local Settings\Temp\toc_0032.exe -> TrojanDownloader.Agent.jq -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Local Settings\Temp\toc_0035.exe -> TrojanDownloader.Agent.jq -> Cleaned with backup
C:\Documents and Settings\Ray Salgado\Local Settings\Temp\XSD\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Program Files\cdapp\qynvloigfj.exe -> Spyware.SmartPops -> Cleaned with backup
C:\Program Files\FwBarTemp\searchbar.exe -> TrojanDownloader.VB.eu -> Cleaned with backup
C:\Program Files\SurfSideKick 3\Ssk.exe -> Spyware.SurfSide -> Cleaned with backup
C:\Program Files\WeirdOnTheWeb\weirdontheweb.exe -> Spyware.WeirWeb -> Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> TrojanDownloader.Small.apm -> Cleaned with backup
C:\temporary\aun_0032.exe -> TrojanDownloader.Small.akz -> Cleaned with backup
C:\temporary\aun_0035.exe -> TrojanDownloader.Small.akz -> Cleaned with backup
C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll -> Spyware.EliteBar.af -> Cleaned with backup
C:\WINDOWS\Helper101.dll -> Spyware.Delf.r -> Cleaned with backup
C:\WINDOWS\qlimvjocg.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\system32\AUNPS2.dll -> Spyware.Small.ez -> Cleaned with backup
C:\WINDOWS\system32\auyaw.dat -> TrojanDownloader.Qoologic.n -> Cleaned with backup
C:\WINDOWS\system32\Cache\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab -> Cleaned with backup
C:\WINDOWS\system32\Cache\EDow_AS2.exe -> TrojanDownloader.Wintool.e -> Cleaned with backup
C:\WINDOWS\system32\Cache\HelperInstall.exe -> TrojanDropper.Delf.z -> Cleaned with backup
C:\WINDOWS\system32\Cache\optimize4.exe -> TrojanDownloader.Dyfuca.dx -> Cleaned with backup
C:\WINDOWS\system32\Cache\optimize5.exe -> TrojanDownloader.Dyfuca.dx -> Cleaned with backup
C:\WINDOWS\system32\Cache\smsca.exe -> TrojanDropper.Agent.kd -> Cleaned with backup
C:\WINDOWS\system32\Cache\ven_d1.exe -> TrojanDownloader.IstBar -> Cleaned with backup
C:\WINDOWS\system32\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab -> Cleaned with backup
C:\WINDOWS\system32\D0CE0C16B1.DLL -> Spyware.Agent.dh -> Cleaned with backup
C:\WINDOWS\system32\e6f1873b.dll -> TrojanDownloader.Braidupdate.d -> Cleaned with backup
C:\WINDOWS\system32\eliteewx32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\elitefeg32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\elitehxt32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\eliteuzl32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\elitevlv32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\elitewvx32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\system32\gxdkgaa.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\ixbioib.dll -> TrojanDownloader.Qoologic.q -> Cleaned with backup
C:\WINDOWS\system32\javex80.vxd/C:/WINDOWS/System32/nvms.dll -> Spyware.Bargainbuddy -> Cleaned with backup
C:\WINDOWS\system32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.ExactSearchBar -> Cleaned with backup
C:\WINDOWS\system32\kmqko.dll -> TrojanDownloader.Qoologic.q -> Cleaned with backup
C:\WINDOWS\system32\kzakuk.exe -> TrojanDownloader.Qoologic.n -> Cleaned with backup
C:\WINDOWS\system32\msxct.exe -> Spyware.BargainBuddy -> Cleaned with backup
C:\WINDOWS\system32\nsa8.dll -> Spyware.HotBar -> Cleaned with backup
C:\WINDOWS\system32\nsp98.dll -> Spyware.HotBar -> Cleaned with backup
C:\WINDOWS\system32\psis80ex.ax/C:/WINDOWS/System32/mscb.dll -> Spyware.BargainBuddy.i -> Cleaned with backup
C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/cb.exe -> Spyware.CashBack.b -> Cleaned with backup
C:\WINDOWS\system32\psis80ex.ax/C:/Program Files/CashBack/bin/flash.exe -> Spyware.CashBack.d -> Cleaned with backup
C:\WINDOWS\system32\redit.cpl -> TrojanDownloader.Qoologic.p -> Cleaned with backup
C:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p -> Cleaned with backup
C:\WINDOWS\system32\temperror32.dat -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINDOWS\tct101.dll -> TrojanDownloader.Dyfuca.eg -> Cleaned with backup
C:\WINDOWS\weird.exe -> Trojan.Imiserv.c -> Cleaned with backup
::Report End
Anything else I need to do?