thank you for taking the time to help me out. i really appreciate it. here are the scan logs....
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 10:03:47 PM, 5/25/2005
+ Report-Checksum: 9C0EF436
+ Date of database: 5/25/2005
+ Version of scan engine: v3.0
+ Duration: 149 min
+ Scanned Files: 328824
+ Speed: 36.71 Files/Second
+ Infected files: 70
+ Removed files: 70
+ Files put in quarantine: 70
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@29105253[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@457[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@bannerads[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@geocities[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@gostats[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@html[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@indiads[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@S005-01-8-15-233860-97119[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@specificpop[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@valueclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\
[email protected][1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Cookies\steve@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temp\bb.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temp\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temp\iinstall.exe -> TrojanDownloader.IstBar.jj -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temp\SZA\aurareco.exe -> Spyware.BetterInternet.f -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temp\uninstall.exe -> TrojanDownloader.IstBar.gi -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temp\VCB\aurareco.exe -> Spyware.BetterInternet.f -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temp\~DP2127.exe -> TrojanDropper.Delf.fd -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temporary Internet Files\Content.IE5\034RM3OB\istdownload[1].exe -> TrojanDownloader.IstBar.jj -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temporary Internet Files\Content.IE5\034RM3OB\svcproc[1].exe -> Trojan.Stervis.c -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temporary Internet Files\Content.IE5\0X2Z0163\power_remove[1].exe -> TrojanDownloader.IstBar.gi -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temporary Internet Files\Content.IE5\45A789EF\sahagent[1].exe -> Spyware.Sahat.m -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temporary Internet Files\Content.IE5\A5SXI1GX\aurora[1].exe -> Spyware.BetterInternet.c -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temporary Internet Files\Content.IE5\GBEHWB69\sidefind[1].exe -> TrojanDownloader.IstBar.jd -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temporary Internet Files\Content.IE5\LNFR1DGE\Nail[1].exe -> Trojan.Nail -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temporary Internet Files\Content.IE5\RA4FF5O1\istsvc[1].exe -> TrojanDownloader.IstBar -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temporary Internet Files\Content.IE5\UXSBEXI5\powerscan[1].exe -> Spyware.PowerScan.d -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temporary Internet Files\Content.IE5\V9GG9B3P\DrPMon[1].dll -> Trojan.Agent.db -> Cleaned with backup
C:\Documents and Settings\Steve.YOUR-URC7U2P9YF\Local Settings\Temporary Internet Files\Content.IE5\XFZNH9WE\bb[1].exe -> TrojanDownloader.Adload.a -> Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ysbactivex.dll -> TrojanDownloader.IstBar -> Cleaned with backup
C:\WINDOWS\Downloaded Program Files\YSBactivex.dll -> TrojanDownloader.IstBar -> Cleaned with backup
C:\WINDOWS\epzbrpzqj.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar.d -> Cleaned with backup
C:\WINDOWS\system32\xzxfuw.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c -> Cleaned with backup
C:\WINDOWS\wupdsnff.exe -> Spyware.BetterInternet.f -> Cleaned with backup
C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 10:39:14 PM, on 5/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\kem.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drs...esearch.cgi?id=R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://espn.go.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drs...esearch.cgi?id=R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [otjazu] c:\windows\system32\vogtbe.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0.1
AOL Instant Messenger
ATI Control Panel
ATI Display Driver
CCleaner (remove only)
CopyPod (remove only)
DVD Shrink 3.2
ewido security suite
Hijackthis 1.99.1
HijackThis 1.99.1
InterVideo WinDVD 4
iPod Updater 2004-11-15
iTunes
Java 2 Runtime Environment, SE v1.4.2
LiveReg (Symantec Corporation)
LiveUpdate 2.0 (Symantec Corporation)
Logitech SetPoint
Macromedia Shockwave Player
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
middle_man
mIRC
myTunes Redux 1.0
Nero OEM
QuickTime
Realtek AC'97 Audio
Shareaza version 2.1.0.0
Smart Link 56K Modem
Spybot - Search & Destroy 1.3
Symantec AntiVirus
Synaptics Pointing Device Driver
The ABI Network- A Division of Direct Revenue
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
ZoneAlarm Pro
thanks again!