I have followed your instruction, which I am very grateful for. I believe I have completed everything in the proper manner.
The following is the Ewido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 8:05:35 PM, 10/18/2005
+ Report-Checksum: FC40AE24
+ Scan result:
:mozilla.20:C:\Documents and Settings\Dustin\Application Data\Mozilla\Firefox\Profiles\f47sjgq9.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Dustin\Application Data\Netscape\NSB\Profiles\v0rkgkjp.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Dustin\Application Data\Netscape\NSB\Profiles\v0rkgkjp.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Dustin\Application Data\Netscape\NSB\Profiles\v0rkgkjp.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Dustin\Cookies\dustin@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP677\A0109119.dll -> TrojanDownloader.Dyfuca.cn : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP677\A0109123.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP678\A0110123.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP679\A0110311.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP680\A0110417.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP681\A0110432.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP681\A0110444.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP681\A0110452.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP682\A0110461.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP682\A0110470.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP683\A0110479.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP683\A0110487.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP683\A0110507.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP683\A0110515.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP684\A0110628.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP684\A0110659.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP684\A0111659.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP684\A0111682.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP685\A0112682.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP685\A0112687.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP685\A0112713.exe -> Trojan.Qhost.dv : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP685\A0112714.exe -> Spyware.Msnagent : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP685\A0112715.exe -> Spyware.FindSpy : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP685\A0112716.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\System Volume Information\_restore{8AB34088-DE9C-4C5D-817C-02250330B4A5}\RP685\A0112722.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\WINDOWS\system32\bndmod.exe.ren -> Spyware.FindSpy : Cleaned with backup
C:\WINDOWS\system32\csrdw.exe -> TrojanDownloader.Agent.uj : Cleaned with backup
C:\WINDOWS\system32\hlmicro.exe.ren -> Spyware.Msnagent : Cleaned with backup
C:\WINDOWS\system32\hwiper.exe.ren -> Trojan.Qhost.dv : Cleaned with backup
::Report End
Here is the Kaspersky log:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, October 18, 2005 20:58:07
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 19/10/2005
Kaspersky Anti-Virus database records: 154894
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 46057
Number of viruses found: 7
Number of infected objects: 42
Number of suspicious objects: 1
Duration of the scan process: 2352 sec
Infected Object Name - Virus Name
C:\Documents and Settings\Dustin\Local Settings\Application Data\Identities\{DF66003D-9EA9-4F6D-BD66-BC3B6AC031E3}\Microsoft\Outlook Express\Deleted Items.dbx/[From
[email protected]][Date Mon, 23 Feb 2004 22:09:55 -0500]/UNNAMED/part2.exe Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Dustin\Local Settings\Application Data\Identities\{DF66003D-9EA9-4F6D-BD66-BC3B6AC031E3}\Microsoft\Outlook Express\Deleted Items.dbx/[From
[email protected]][Date Mon, 23 Feb 2004 22:09:55 -0500]/UNNAMED Infected: Email-Worm.Win32.Mydoom.e
C:\Documents and Settings\Dustin\Local Settings\Application Data\Identities\{DF66003D-9EA9-4F6D-BD66-BC3B6AC031E3}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Mydoom.e
C:\Program Files\Norton AntiVirus\Quarantine\046245A6.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\046F6D98.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\0BC93A81.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\0BD00E79.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\0D972FAE.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\188E2D2E.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\1FE308FA.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\200757E3.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\200E2BDC.class Infected: Trojan.Java.ClassLoader.f
C:\Program Files\Norton AntiVirus\Quarantine\21346D88.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\233A1CE0.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\249470C7.htm Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\257E1A34.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\266E7C31.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\267B2423.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\29E86F81.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\29EE437A.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\2E960A32.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\32CB4DEA.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\32D875DB.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\35AF211C.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\36EF58FD.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\36F52CF6.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\451C3FE2.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\4C820708.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\50843A12.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\50916203.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\50A505A3.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\50AF0398.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\525F3B4C.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\526C633E.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\5A3B70D7.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\6682590C.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\66922AFA.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\6A135869.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\75D6197A.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\7FA82426.htm Infected: Exploit.HTML.Mht
C:\stasxx.chm/on-line.exe Infected: Trojan.Win32.Dialer.ce
C:\stasxx.chm Infected: Trojan.Win32.Dialer.ce
C:\WINDOWS\system32\drivers\etc\1.hosts Infected: Trojan.Win32.Qhost
Scan process completed.
Here is the new Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 9:06:09 PM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Aliant\Net Assistant\bin\mpbtn.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LimeShop] wjview /cp:p "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Aliant\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [dmrzz.exe] C:\WINDOWS\system32\dmrzz.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O4 - Global Startup: Net Assistant.lnk = C:\Program Files\Aliant\Net Assistant\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1128984285750O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe