OK heres the Ewido Report and Hijackthis Report
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 3:04:49 AM, 8/20/2005
+ Report-Checksum: 6CEF5BF3
+ Scan result:
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Clickspring -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Offer -> Spyware.eZula : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\83MAY7MM\!update-2114[1].0000 -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\83MAY7MM\!update-2154[1].0000 -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LMZCP2R\!update-2124[1].0000 -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LMZCP2R\!update-2134[1].0000 -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LMZCP2R\!update-2174[1].0000 -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LMZCP2R\!update-2204[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\8LMZCP2R\!update-2234[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CDHLVBFJ\!update-2104[1].0000 -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CDHLVBFJ\!update-2144[1].0000 -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CDHLVBFJ\!update-2144[2].0000 -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CDHLVBFJ\!update-2224[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Z3OVA0WQ\!update-2214[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Z3OVA0WQ\!update-2254[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\Z3OVA0WQ\!update-2274[1].0000 -> Spyware.MediaTickets : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Spencer\Application Data\Mozilla\Firefox\Profiles\1vm1559i.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Spencer\Cookies\spencer@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Spencer\Cookies\
[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Spencer\Cookies\spencer@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Spencer\Cookies\spencer@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Spencer\Cookies\
[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Spencer\Local Settings\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\ezPopStub.exe -> Adware.eZula : Cleaned with backup
C:\WINDOWS\system32\modgxyz.exe.tcf -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\sqlknt.exe.tcf -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\WINDOWS\Temp\ei.exe -> TrojanDownloader.Small.bgl : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\EXO8QVPQ\!update-2214[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 3:06:39 AM, on 8/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\U3BlbmNlcgAA\command.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Documents and Settings\Spencer\Desktop\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lppxll.exe reg_run
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -
https://h17000.www1....loadManager.ocxO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\U3BlbmNlcgAA\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)