Ok here is the ewido log then the hijackthis log.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 4:52:14 PM, 7/2/2005
+ Report-Checksum: 3B28F2BA
+ Date of database: 7/2/2005
+ Version of scan engine: v3.0
+ Duration: 36 min
+ Scanned Files: 31680
+ Speed: 14.35 Files/Second
+ Infected files: 91
+ Removed files: 91
+ Files put in quarantine: 91
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\Heather\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Heather\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@atdmt[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@fastclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Heather\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@p[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Heather\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Heather\Cookies\heather@valueclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Heather\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Heather\installer_MARKETING35.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
C:\WINDOWS\bsx32\ADTMI1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ADVC5.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ADVCTX2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIB9894.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIC29667.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASID12180.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIE17070.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIF29819.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIF4502.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIFWH29233.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIG21943.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIGT10102.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIH7853.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASII21469.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIL18549.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIOG19375.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIOT25456.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIPF1965.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIR21184.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIRE20082.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIS24110.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIS31590.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIT17011.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIT26116.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIW11211.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\ASIWS3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\BID1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\BingoRoom1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\CARD2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\CARS3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\DATE4.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\EECH1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\EML1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\FAST1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\FINC3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\FINC5.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\FLWR1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\HERBS1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\INK1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\JOBS4.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\MOVS2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\NEWS2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\SHOP2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\SPZ3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\TECH2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\UTONE2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\WWW3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bsx32\XTFL2.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINDOWS\bundles\HelperInstaller.exe -> TrojanDropper.Delf.z -> Cleaned with backup
C:\WINDOWS\bundles\saie1101.exe -> Spyware.180solutions -> Cleaned with backup
C:\WINDOWS\bundles\shopinst.exe -> TrojanDownloader.Small.wj -> Cleaned with backup
C:\WINDOWS\bundles\thin-8-1-x-x.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\EPXActiveX.ocx -> Spyware.Winsta -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\EPXActiveX.ocx -> Spyware.Winsta -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\search3.dll -> Spyware.MegaSearch -> Cleaned with backup
C:\WINDOWS\kxmizmcwap.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar.d -> Cleaned with backup
C:\WINDOWS\system32\0br1xh.exe -> Trojan.Delf.cf -> Cleaned with backup
C:\WINDOWS\system32\Cache\cxtpls_loader.exe -> Spyware.Apropos.b -> Cleaned with backup
C:\WINDOWS\system32\D0CE0C16B1.DLL -> Spyware.Agent.dh -> Cleaned with backup
C:\WINDOWS\system32\e6f1873b.dll -> TrojanDownloader.Braidupdate.d -> Cleaned with backup
C:\WINDOWS\system32\epx30104.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\epx30105.exe -> TrojanDownloader.Lastad.p -> Cleaned with backup
C:\WINDOWS\system32\in10b6s.dll -> Spyware.404Search.a -> Cleaned with backup
C:\WINDOWS\system32\k404SearchSetup_MS14.exe -> Spyware.404Search.a -> Cleaned with backup
C:\WINDOWS\system32\msshed32.exe -> TrojanDropper.Delf.ev -> Cleaned with backup
C:\WINDOWS\system32\newdevin.exe -> Spyware.BookedSpace.c -> Cleaned with backup
C:\WINDOWS\system32\o4eu.dll -> Trojan.Delf.cf -> Cleaned with backup
C:\WINDOWS\system32\SWRT01.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
C:\WINDOWS\system32\tjl1.exe -> TrojanDownloader.Small.xl -> Cleaned with backup
C:\WINDOWS\system32\uvtl.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\WinStat11.dll -> Spyware.Winsta -> Cleaned with backup
C:\WINDOWS\system32\xemuaeg05.dll -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\xtzzkij.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c -> Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 4:55:44 PM, on 7/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
c:\windows\system32\gsbllsy.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Documents and Settings\Heather\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drs...esearch.cgi?id=R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drs...esearch.cgi?id=R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://mail.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drs...esearch.cgi?id=R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drs...esearch.cgi?id=R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://websearch.drs...esearch.cgi?id=R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://websearch.drs...esearch.cgi?id=R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =
http://mail.yahoo.com/?.intl=usR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4A25D449-2BAA-4426-A992-D18CA70CF5A9} - C:\WINDOWS\system32\o4eu.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [hklfnfz] c:\windows\system32\gsbllsy.exe r
O4 - HKLM\..\RunOnce: [bajmh.exe] C:\WINDOWS\System32\bajmh.exe /k
O4 - HKCU\..\RunOnce: [bajmh.exe] C:\WINDOWS\System32\bajmh.exe /k
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1119999387283O16 - DPF: {666DDE35-E955-11D0-A707-000000521958} -
http://69.56.176.227/webplugin.cabO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)