ok, ii did all that was asked.... here's the Ewido scan
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:30:15 PM, 11/28/2005
+ Report-Checksum: DE972F36
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
[216] C:\WINDOWS\q1561335.dll -> TrojanDownloader.Delf.zu : Cleaned with backup
[760] C:\WINDOWS\q1561335.dll -> TrojanDownloader.Delf.zu : Error during cleaning
C:\Documents and Settings\User\Cookies\
[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\User\Cookies\
[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\User\Cookies\
[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\User\Cookies\
[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\User\Cookies\
[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\User\Cookies\
[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\User\Cookies\
[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\User\Cookies\
[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\User\Cookies\
[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\User\Cookies\
[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\User\Cookies\
[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\User\Cookies\
[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\User\Cookies\user@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\edif.exe -> TrojanDownloader.Small.bwr : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\fflf.exe -> TrojanDropper.Agent.abu : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\gepjnomd.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\re3hdr.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\se.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temp\spywareno23.exe -> Not-A-Virus.Hoax.Renos.z : Cleaned with backup
C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\4XYZ8D27\gdnUS1402[1].exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\ntfull.exe -> Trojan.LowZones.df : Cleaned with backup
C:\Program Files\WinHound\CWrapper.dll -> Adware.PSGuard : Cleaned with backup
C:\Program Files\WinHound\WinHound.exe -> Adware.PSGuard : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\gdnUS1402.exe -> TrojanDownloader.Small.ayl : Cleaned with backup
C:\WINDOWS\q1561335.dll -> TrojanDownloader.Delf.zu : Cleaned with backup
C:\WINDOWS\re3hdr.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\WINDOWS\system32\2w5d.dll -> Trojan.Kolweb.f : Cleaned with backup
C:\WINDOWS\system32\ccne.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\Hdlejdib.exe -> Backdoor.Padodor.ax : Cleaned with backup
C:\WINDOWS\system32\icasServ.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\intell32.exe -> Spyware.PSGuard : Cleaned with backup
C:\WINDOWS\system32\Kfonejbk.dll -> Backdoor.Padodor : Cleaned with backup
C:\WINDOWS\system32\links.exe -> Trojan.LowZones.df : Cleaned with backup
C:\WINDOWS\system32\mspostsp.exe -> Trojan.Inject.i : Cleaned with backup
C:\WINDOWS\system32\msupdate32.dll -> TrojanDownloader.Agent.aab : Cleaned with backup
C:\WINDOWS\system32\re3hdr.sys -> Trojan.Kolweb.g : Cleaned with backup
C:\WINDOWS\system32\v3hb.exe -> Trojan.Kolweb.g : Cleaned with backup
C:\winstall.exe -> Not-A-Virus.Hoax.Renos.z : Cleaned with backup
::Report End
and here's the HJT log
Logfile of HijackThis v1.99.1
Scan saved at 5:35:58 PM, on 11/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\User\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.xanga.com/private/home.aspxO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Literati -
http://download.game...nts/y/tt3_x.cabO16 - DPF: Yahoo! Poker -
http://download.game...nts/y/pt3_x.cabO16 - DPF: {2B36F775-8CF5-4489-B454-2D1B80984CF2} (FXPluginCtl Object) -
http://www.powerflas...in/powerres.cabO16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://software-dl.r...ip/RdxIE601.cabO16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) -
http://eu-housecall....ivex/hcImpl.cabO16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) -
http://www.bigfishga...mjolauncher.cabO16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) -
http://cdn.digitalci....1.11_en_dl.cabO16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) -
http://www.windowsec...scan/axscan.cabO20 - Winlogon Notify: st3 - C:\WINDOWS\q1561335.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe