Hi John,
Thank you so much for your reply; I just got through executing your help instructions and here are my three new logs;
1. EWIDO RESULTS:-
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 12:17:39 AM, 9/25/2005
+ Report-Checksum: 5C9CF86F
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
[3132] C:\WINDOWS\iisvers.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\auntie Ann\Cookies\auntie ann@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\auntie Ann\Cookies\auntie ann@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\auntie Ann\Cookies\auntie ann@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\auntie Ann\Cookies\auntie ann@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\auntie Ann\Cookies\auntie
[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\
[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\
[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\
[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Guest\Local Settings\Temp\A0A1.tmp/jawa32.ocx -> Spyware.Suggestor : Cleaned with backup
C:\Documents and Settings\Guest\Local Settings\Temp\B1B1.tmp/jawa32.ocx -> Spyware.Suggestor : Cleaned with backup
C:\Documents and Settings\Guest\Local Settings\Temp\D1D1.tmp/jawa32.ocx -> Spyware.Suggestor : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\WINDOWS\iisvers.exe -> Spyware.Hijacker.Generic : Cleaned with backup
::Report End
2. ESCAN VIRUS LOG
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\G024H4C5\31194[1].htm infected by "Exploit.HTML.IframeBof" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\MPKZAXCF\WinFixer2005ScannerInstall[1].exe tagged as not-a-virus:Downloader.Win32.Agent.c. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042541.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042542.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042543.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042544.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042545.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042546.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042547.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042548.exe tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042549.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042550.exe tagged as not-a-virus:AdWare.Esyndic.a. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042551.dll tagged as not-a-virus:AdWare.Esyndic.a. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042552.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042553.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042554.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042555.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042556.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042557.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042558.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042559.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042560.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042561.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042562.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042563.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042564.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042565.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042566.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042567.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042568.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042569.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042570.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042571.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042572.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042573.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042574.dll tagged as not-a-virus:AdWare.MediaTickets.c. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042575.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042576.dll tagged as not-a-virus:AdWare.SaveNow.ab. No Action Taken.
File C:\System Volume Information\_restore{35A4A879-B4E1-4F85-811E-93C3722DA63B}\RP295\A0042577.dll tagged as not-a-virus:AdWare.Midadle.e. No Action Taken.
3. HIJACKTHIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 9:02:29 AM, on 9/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://g.msn.com/0SEENUS/SAOS01R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ecYiWLzg] C:\documents and settings\auntie ann\local settings\temp\ecYiWLzg.exe
O4 - HKLM\..\Run: [o338b9hi] C:\documents and settings\auntie ann\local settings\temp\o338b9hi.exe
O4 - HKLM\..\Run: [oX3hRey] C:\documents and settings\auntie ann\local settings\temp\oX3hRey.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [AntiPopUp] C:\Program Files\AntiPopUp\AntiPopUp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - Unknown owner - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Thanks again for your help!
Nissy.