hi, that's great, thanks. here's the logs!
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 15:13:28, 29/07/2005
+ Report-Checksum: FA7037E5
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{04564B37-5E44-D8E8-F249-9707B1A1A423} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{194C97B0-BB08-6285-FA8C-33BA933986C9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{197A8D26-DFA5-F761-1F4B-4A8703447597} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1C57E571-0B87-8702-2AAF-E058D58BEE62} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1E94A47D-9941-8288-D05C-42C49063F351} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{280CA95C-CBA3-486E-5BCD-B3B542DA458A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2C874D56-A88C-3E88-B23F-99BEE8C67943} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{37369CEA-B348-3234-366F-2B553EEC81BB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4AB0ADE3-FF50-8957-06F6-429A5AAAC38F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{569A8D32-0108-F6A7-6EE3-9094FC97B318} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{59935BC1-5F4B-96F1-F3B6-C6B36821D102} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{59EE675B-6A9B-6F9E-50B2-F9D78BD7C3B7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7359F8C5-7626-32C9-DA3E-ECDBA6CDF831} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7658C68E-7ED4-8476-AC96-729091012307} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7DA446BF-5485-78F9-CC9A-2A02C93519E4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7E562404-C395-FEAE-9587-21D1288BA8BF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{95C43FF9-1045-B100-7E1E-8C9905C3936A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A229042B-0D56-44A6-85DB-13CF1C4E9FD6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A7737E2C-9C15-D4BE-4A5B-C15B7E8C41E9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AE9146BD-F3E6-13D0-911B-0CF28B2B624B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B36D5282-D413-F545-CF79-A6CE970CFEBB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B784881A-C236-6F52-D86B-285DC0FC4011} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B9E19DA8-10A7-4E21-2FBB-FDC66E0CC0B9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BCB6BE29-B6ED-ABB4-8D3B-2B4F81E0E595} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C53D27E6-2A68-7CD9-A09F-541EF27B2319} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D0FCA015-B4E3-172E-6BB2-432F74E2E4F5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D476235C-961C-D6D6-CAE8-B8289B91FF7B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D6C7DB36-C0AC-C91F-B408-61A55E5AB6C5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EC52F9A9-BFCA-611C-0CF2-D33A007A66FA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC7FFD6E-0897-B7D0-A319-768F3DA452CD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF9A5C46-DA40-2321-E19B-261681A78BB1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKU\.DEFAULT\Software\Httper -> Spyware.Httper : Cleaned with backup
HKU\.DEFAULT\Software\Httper\Settings -> Spyware.Httper : Cleaned with backup
HKU\S-1-5-21-2209913037-3409658263-1938137074-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKU\S-1-5-21-2209913037-3409658263-1938137074-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E562404-C395-FEAE-9587-21D1288BA8BF} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-2209913037-3409658263-1938137074-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EC52F9A9-BFCA-611C-0CF2-D33A007A66FA} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-2209913037-3409658263-1938137074-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC7FFD6E-0897-B7D0-A319-768F3DA452CD} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-18\Software\Httper -> Spyware.Httper : Cleaned with backup
HKU\S-1-5-18\Software\Httper\Settings -> Spyware.Httper : Cleaned with backup
C:\1.exe -> TrojanDropper.Delf.jm : Cleaned with backup
C:\Documents and Settings\Anthony Queen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-dbb525f-3d252db8.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\Anthony Queen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-4b9315b5-53b51cf1.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\Anthony Queen\Local Settings\Temp\SAVE-Cm-Sm-Tb.exe/Sync.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Anthony Queen\Local Settings\Temp\SAVE-Cm-Sm-Tb.exe/Search.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Anthony Queen\Local Settings\Temp\SAVE-Cm-Sm-Tb.exe/Save.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Anthony Queen\Local Settings\Temp\SAVE-Cm-Sm-Tb.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Anthony Queen\Local Settings\Temp\SAVE-Cm-Sm-Tb.exe/Weather.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Anthony Queen\Local Settings\Temp\SAVE-Cm-Sm-Tb.exe/Uninst.exe -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\Anthony Queen\Local Settings\Temp\svchost.exe -> Trojan.Agent.cl : Cleaned with backup
C:\mssysinf.exe -> TrojanDownloader.Small.gf : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\253FB0D2-D98F-42BB-83EB-5ED92F\47482E69-7339-4641-9159-6F3EF7 -> Trojan.Agent.cl : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5574C1AF-2D87-43C7-98D2-02CE29\77AFC054-99E0-431C-B225-9261DA -> Spyware.RK : Cleaned with backup
C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll -> Spyware.Comet : Cleaned with backup
C:\WINDOWS\dd.exe -> Trojan.Agent.cl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\fullgames.exe -> TrojanDownloader.PlayGames.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\videochat.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\ModemLog_Generic SoftK56.txt:rabvc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\n_kvjodw.txt -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINDOWS\Q1218156.exe -> TrojanDownloader.JS.Small.ac : Cleaned with backup
C:\WINDOWS\Q1371406.exe:jwwxt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\Q1371406.exe -> TrojanDownloader.JS.Small.ac : Cleaned with backup
C:\WINDOWS\Q581062.exe -> TrojanDownloader.JS.Small.ac : Cleaned with backup
C:\WINDOWS\Q717937.exe -> TrojanDownloader.JS.Small.ac : Cleaned with backup
C:\WINDOWS\Q8710296.exe -> TrojanDownloader.JS.Small.ac : Cleaned with backup
C:\WINDOWS\qbweb .dll -> Trojan.Agent.cl : Cleaned with backup
C:\WINDOWS\reeqff .dll -> Trojan.Agent.cl : Cleaned with backup
C:\WINDOWS\rkrkllk .dll -> Trojan.Agent.cl : Cleaned with backup
C:\WINDOWS\seyae.dll:cqkgq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SOUNDMAN.EXE:pfnoh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\svchos1at.exe -> TrojanDownloader.Agent.no : Cleaned with backup
C:\WINDOWS\system.ini:eurps -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\system32\BO2802040113.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\BO2804040113.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\system32\drivers\etc\hosts -> Trojan.Qhost.r : Cleaned with backup
C:\WINDOWS\system32\mbbi8016.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\twunk_32.exe:lewwb -> TrojanDownloader.Agent.bq : Cleaned with backup
Logfile of HijackThis v1.99.1
Scan saved at 17:39:27, on 29/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Anthony Queen\My Documents\security suite\ewidoctrl.exe
C:\Documents and Settings\Anthony Queen\My Documents\security suite\ewidoguard.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\ATI-CPanel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
C:\freeserve\freeserveconnectionkit\atdialler1.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.newsnow.c...ed/?name=CelticR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
F2 - REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\system32\pavdr.exe,C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Program Files\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 - HKCU\..\Run: [MainDownloads] C:\Documents and Settings\Anthony Queen\Application Data\MainDownloads[1].exe t
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Radio365Agent] C:\PROGRA~1\Live365\Radio365\Radio365TrayAgent.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler1.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRA~1\ADVANC~1\advancedsearchbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Advanced Searchbar - {57F02779-3D88-4958-8AD3-83C12D86ADC7} - C:\PROGRA~1\ADVANC~1\advancedsearchbar.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk/
O16 - DPF: ChatSpace Full Java Client 3.1.0.235 -
http://chat-a4.frees...va/cfs31235.cabO16 - DPF: ChatSpace Full Java Client 3.1.0.245 -
http://chat-a4.frees...va/cfs31245.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1120137770093O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -
http://www.live365.c...ers/play365.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{740C6DA0-3B38-4A87-801D-9DDC73700933}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Anthony Queen\My Documents\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Documents and Settings\Anthony Queen\My Documents\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe