okay, i think it worked this time! last time i had run in 'safe mode (with networking)', but this time i just ran it in normal 'safe mode', nothing included.
and here's the hijack log
Logfile of HijackThis v1.99.1
Scan saved at 4:28:43 PM, on 6/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\UltraVNC\WinVNC.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\PROGRA~1\AIM\aim.exe
C:\Program Files\QuickTime\qttask.exe
c:\windows\system32\cjsuio.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis!\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drs...esearch.cgi?id=R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drs...esearch.cgi?id=R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://news.bbc.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drs...esearch.cgi?id=R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drs...esearch.cgi?id=R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...ario&pf=desktopR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://websearch.drs...esearch.cgi?id=R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://websearch.drs...esearch.cgi?id=R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.250.145.3:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [EasyMessage] "C:\Program Files\Zango Messenger\em2.exe" -wait
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [kjgbsvs] c:\windows\system32\cjsuio.exe r
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {1BAD0830-AC09-44FA-8A44-5365AEB45D11} -
http://www.mtv.com/o...e/bin/setup.exeO16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -
http://wdownload.wea...Transporter.cab?
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://us.dl1.yimg.c...nst20040510.cabO16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Service Client v.3.4) -
http://ccon.futurema...lobal/msc34.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{9A3D36FE-304E-4E4C-A80F-8BD71FF0B0D2}: NameServer = 68.1.18.25,68.10.16.30
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - Unknown owner - C:\WINDOWS\System32\gearsec.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)
and the E log
+ Scan result:
C:\Documents and Settings\Jess\Cookies\jess@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jess\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Jess\Local Settings\Temp\!update.exe -> Spyware.PurityScan -> Cleaned with backup
C:\Documents and Settings\Jess\Local Settings\Temp\DWV\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Jess\Local Settings\Temp\EUL\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Jess\Local Settings\Temp\OFR\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Jess\Local Settings\Temp\RemoteUpdate.exe -> Spyware.PurityScan.w -> Cleaned with backup
C:\Documents and Settings\Jess\Local Settings\Temp\VGE\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@2713995[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@advert[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@advert[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@a[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@bluestreak[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@bravenet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@clickagents[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@exitexchange[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@geocities[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@imixserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@linksynergy[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@mediaplex[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@network[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@ping[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@p[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@rhapsody_east[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@S005-01-8-21-246403-98292[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@S005-01-9-18-233860-104299[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@S119579[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@S121711[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@S133621[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@spylog[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@targetnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\josie@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Josie\Local Settings\Temp\!update.exe -> Spyware.PurityScan -> Cleaned with backup
C:\Documents and Settings\Owner\Application Data\wtta.exe -> Spyware.PurityScan.w -> Cleaned with backup
C:\Documents and Settings\Scotty\Cookies\scotty@adknowledge[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Scotty\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Scotty\Cookies\scotty@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Scotty\Local Settings\Temp\!update.exe -> Spyware.PurityScan -> Cleaned with backup
C:\Documents and Settings\Scotty\Local Settings\Temp\nsx1F.tmp -> TrojanDownloader.Small.asf -> Cleaned with backup
C:\Documents and Settings\Scotty\Local Settings\Temporary Internet Files\Content.IE5\0HARCTEN\SeaWorldTycoon-dm[1].exe -> Spyware.Trymedia.a -> Cleaned with backup
C:\Documents and Settings\Scotty\Local Settings\Temporary Internet Files\Content.IE5\0HIFO5UF\abiuninst[1].exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Scotty\Local Settings\Temporary Internet Files\Content.IE5\0HIFO5UF\Poller[1].exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Scotty\Local Settings\Temporary Internet Files\Content.IE5\CPQB4DU3\!update-1900[1].0000 -> Spyware.PurityScan -> Cleaned with backup
C:\Documents and Settings\Scotty\Local Settings\Temporary Internet Files\Content.IE5\EVOFY54J\Nail[1].exe -> Trojan.Nail -> Cleaned with backup
C:\Program Files\apsi\wtta.exe -> Spyware.PurityScan -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\25AF0916-BB80-4749-950D-F3CEFD\379D2E51-E7CD-4031-BC6D-DCBB60 -> Spyware.Gator.c -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\25AF0916-BB80-4749-950D-F3CEFD\A964CD13-3C0E-4A57-B728-1E8F6B -> Spyware.Gator.c -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5A1C6689-0849-4D11-A2F5-D2A653\23168FE7-CE32-4F4E-A0EB-20A8F2 -> Trojan.Agent.db -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5D7D3814-1137-48E0-BFC2-6E7AD3\E16C5364-0E30-4236-A72C-9E94EF -> Spyware.MyWay.j -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5D7D3814-1137-48E0-BFC2-6E7AD3\E674604F-31D7-4AED-8B1F-B1B79B -> Spyware.MyWay.j -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6E13414C-13A8-4A14-84FD-A02EF0\D9C2FF2E-4578-42E1-82D7-27D33F -> Trojan.Agent.db -> Cleaned with backup
C:\Program Files\Norton AntiVirus\Quarantine\42E51BCE.class -> Trojan.Java.ClassLoader.c -> Cleaned with backup
C:\Program Files\Norton AntiVirus\Quarantine\50F377EE.class -> Trojan.Java.ClassLoader.c -> Cleaned with backup
C:\Program Files\Norton AntiVirus\Quarantine\56EF6358.class -> Trojan.Java.ClassLoader.c -> Cleaned with backup
C:\Program Files\Norton AntiVirus\Quarantine\57F06DA8.class -> Trojan.Java.ClassLoader.c -> Cleaned with backup
C:\Program Files\Norton AntiVirus\Quarantine\6D927F60.class -> Trojan.Java.ClassLoader.c -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Cleaned with backup
C:\WINDOWS\svcproc.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar.d -> Cleaned with backup
C:\WINDOWS\system32\dhyqdqy(2).exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\system32\DrPMon.dll -> Trojan.Agent.db -> Cleaned with backup
C:\WINDOWS\system32\Fоnts\winlogon.exe -> Spyware.PurityScan.bj -> Cleaned with backup
C:\WINDOWS\system32\zjcolwx.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\system32\ѕуmbols\winword.exe -> Spyware.PurityScan -> Cleaned with backup
C:\WINDOWS\system32\АрpPatch\wowexec.exe -> Spyware.PurityScan.bj -> Cleaned with backup
C:\WINDOWS\system32\Тasks\tracert.exe -> Spyware.PurityScan -> Cleaned with backup
C:\WINDOWS\system32\Таsks\msdtc.exe -> Spyware.PurityScan.bj -> Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c -> Cleaned with backup
C:\WINDOWS\trnriujpuhn.exe -> Spyware.BetterInternet -> Cleaned with backup
::Report End
i'm thinking maybe Nail.exe was running(and hijack couldn't terminate it) because i had networking enabled? (i'm running on Cable, so i'm always connected) anyway, i hope it worked this time. the 'jibberish' .exe is still there, renaming itself each time i end-task. awaiting feedback! thank you.