Hi Trevuren,
Here is my Ewido scan log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 6:36:36 AM, 11/10/2005
+ Report-Checksum: 58FBD1E9
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{946B0485-8F8C-4C35-A6E7-D2115E3B0B4F} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\DHTMLAccess.HTMLAccess\CLSID\\ -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\DHTMLAccess.HTMLAccess.1\CLSID\\ -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Proto.handler -> Spyware.LopDotCom : Cleaned with backup
HKLM\SOFTWARE\Classes\Proto.handler\CLSID -> Spyware.LopDotCom : Cleaned with backup
HKLM\SOFTWARE\Classes\Proto.handler\CLSID\\ -> Spyware.LOP : Cleaned with backup
HKLM\SOFTWARE\Classes\Proto.handler\CurVer -> Spyware.LopDotCom : Cleaned with backup
HKLM\SOFTWARE\Classes\Proto.handler.1 -> Spyware.LopDotCom : Cleaned with backup
HKLM\SOFTWARE\Classes\Proto.handler.1\CLSID\\ -> Spyware.LOP : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1202660629-1682526488-854245398-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-1202660629-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-F09C-02B4-6EC2-AD0300000000} -> Spyware.Transponder : Cleaned with backup
HKU\S-1-5-21-1202660629-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000006B1-19B5-414A-849F-2A3C64AE6939} -> Spyware.VX2 : Cleaned with backup
HKU\S-1-5-21-1202660629-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1202660629-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKU\S-1-5-21-1202660629-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-1202660629-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-1202660629-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} -> Spyware.SearchCentrix : Cleaned with backup
HKU\S-1-5-21-1202660629-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-1202660629-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-1202660629-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-1202660629-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-1202660629-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-1202660629-1682526488-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0} -> Spyware.Webhancer : Cleaned with backup
C:\Documents and Settings\Cristina\Cookies\cristina@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Cristina\Cookies\cristina@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Cristina\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Cristina\Cookies\
[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Cristina\Cookies\
[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Cristina\Cookies\
[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Cristina\Cookies\
[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Cristina\Cookies\
[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\local
[email protected][1].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc518.cab/polall1b.exe -> Trojan.Agent.ay : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc525\aurareco.exe -> Adware.BetterInternet : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\cristina@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\cristina@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\
[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\cristina@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\cristina@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\cristina@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\cristina@centrport[2].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\cristina@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\
[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\cristina@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\cristina@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\cristina@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\cristina@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\cristina@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\
[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\cristina@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\cristina@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\cristina@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\
[email protected][2].txt -> Spyware.Cookie.Lop : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc529\
[email protected][2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc679.tmp -> Spyware.Wintools : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc680.tmp -> Spyware.Wintools : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc681.tmp -> Spyware.Wintools : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc682.tmp -> Spyware.Wintools : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc683.tmp -> Spyware.Wintools : Cleaned with backup
C:\RECYCLER\S-1-5-21-1202660629-1682526488-854245398-1003\Dc684.tmp -> Spyware.Wintools : Cleaned with backup
C:\WINDOWS\systb.exe -> Trojan.Imiserv.c : Cleaned with backup
::Report End
.... and my Hijack this log:
Logfile of HijackThis v1.99.1
Scan saved at 6:41:15 AM, on 11/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfru07.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.c...//www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://sympatico.msn.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://hispeed.rogers.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://us.rd.yahoo.c...//www.yahoo.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Rogers Hi-Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [qpistlb] c:\windows\system32\cnyrlw.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HotSync Manager.LNK = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: AOL Instant Messenger - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\nutafun4.dll' missing
O14 - IERESET.INF: START_PAGE_URL=http://hispeed.rogers.com
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} -
https://components.v...ive_xb_360.htmlO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://by20fd.bay20....es/MsnPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1127565244470O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) -
http://www.ravantivi...n/ravonline.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Thanks again,
Cristina.