First part if ewio log
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:36:44 AM, 6/19/2005
+ Report-Checksum: 65B76CFE
+ Date of database: 6/18/2005
+ Version of scan engine: v3.0
+ Duration: 1002 min
+ Scanned Files: 164893
+ Speed: 2.74 Files/Second
+ Infected files: 63
+ Removed files: 62
+ Files put in quarantine: 62
+ Files that could not be opened: 0
+ Files that could not be cleaned: 1
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
G:\
+ Scan result:
C:\Program Files\Zyxg\Wxkfmpi.exe -> Trojan.Small.cy -> Cleaned with backup
C:\Program Files\AutoUpdate\AutoUpdate.exe -> TrojanDownloader.Apropo.g -> Cleaned with backup
C:\Windows\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
G:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\dkkr.exe -> TrojanDownloader.Qoologic.n -> Error during cleaning
G:\Documents and Settings\Owner\Cookies\owner@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
G:\Documents and Settings\Prebble J\Cookies\prebble j@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
G:\Documents and Settings\Prebble J\Cookies\prebble j@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
G:\Documents and Settings\Prebble J\Cookies\prebble j@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
G:\Documents and Settings\Prebble J\Cookies\prebble
j@servedby.advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
G:\Program Files\ddd.exe -> TrojanDropper.Agent.hh -> Cleaned with backup
G:\Program Files\FwBarTemp\searchbar.exe -> TrojanDownloader.VB.eu -> Cleaned with backup
G:\Program Files\Internet Explorer\svchost.exe -> TrojanSpy.Agent.dq -> Cleaned with backup
G:\Program Files\Internet Optimizer\actalert.exe -> TrojanDownloader.Dyfuca.dp -> Cleaned with backup
G:\Program Files\Internet Optimizer\update\actalert.exe -> TrojanDownloader.Dyfuca.dp -> Cleaned with backup
G:\Program Files\Internet Optimizer\update\optimize313.exe -> TrojanDownloader.Dyfuca.dx -> Cleaned with backup
G:\Program Files\Internet Optimizer\update\rogue.exe -> Trojan.Small.cy -> Cleaned with backup
G:\Program Files\Media Access\MediaAccC.dll -> Spyware.WinAD.ag -> Cleaned with backup
G:\Program Files\Media Access\MediaAccess.exe -> Spyware.WinAD.am -> Cleaned with backup
G:\Program Files\Media Access\MediaAccK.exe -> Spyware.WinAD -> Cleaned with backup
G:\Program Files\sdf.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
G:\svcproc[1].exe -> Trojan.Stervis.c -> Cleaned with backup
G:\WINDOWS\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab -> Cleaned with backup
G:\WINDOWS\Downloaded Program Files\installer_MARKETING32.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
G:\WINDOWS\installer_SIAC.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
G:\WINDOWS\jstall.exe -> Trojan.Revop.b -> Cleaned with backup
G:\WINDOWS\nem220.dll -> TrojanDownloader.Dyfuca -> Cleaned with backup
G:\WINDOWS\optimize.exe -> TrojanDownloader.Dyfuca.dk -> Cleaned with backup
G:\WINDOWS\systb.dll -> Spyware.ImiBar.d -> Cleaned with backup
G:\WINDOWS\system\oxdoedxi.exe -> TrojanDownloader.Small.aly -> Cleaned with backup
G:\WINDOWS\system32\auto_update_uninstall.exe -> Spyware.Apropos -> Cleaned with backup
G:\WINDOWS\system32\ckkod.dll -> TrojanDownloader.Qoologic.q -> Cleaned with backup
G:\WINDOWS\system32\cnndoam.exe -> TrojanDownloader.Qoologic.q -> Cleaned with backup
G:\WINDOWS\system32\COMMCOS2.DLL -> Spyware.SafeSurfing -> Cleaned with backup
G:\WINDOWS\system32\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab -> Cleaned with backup
G:\WINDOWS\system32\dsldpa.exe -> Trojan.Revop.b -> Cleaned with backup
G:\WINDOWS\system32\exp.exe -> TrojanDownloader.Small.abd -> Cleaned with backup
G:\WINDOWS\system32\fyzjxa.exe -> Spyware.BetterInternet -> Cleaned with backup
G:\WINDOWS\system32\ide21201.vxd -> Spyware.MediaPass -> Cleaned with backup
G:\WINDOWS\system32\installer_MARKETING30.exe -> TrojanDownloader.Adload.a -> Cleaned with backup
G:\WINDOWS\system32\nsc3F.dll -> Spyware.HotBar -> Cleaned with backup
G:\WINDOWS\system32\piiogxr.dll -> TrojanDownloader.Qoologic.q -> Cleaned with backup
G:\WINDOWS\system32\poker.exe -> TrojanDownloader.Agent.nj -> Cleaned with backup
G:\WINDOWS\system32\PopOops.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
G:\WINDOWS\system32\PopOops2.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
G:\WINDOWS\system32\ps1.exe -> Spyware.Pacer.a -> Cleaned with backup
G:\WINDOWS\system32\qaawv.dat -> TrojanDownloader.Qoologic.n -> Cleaned with backup
G:\WINDOWS\system32\Qool.exe -> TrojanDropper.Win32.Small.wc -> Cleaned with backup
G:\WINDOWS\system32\redit.cpl -> TrojanDownloader.Qoologic.p -> Cleaned with backup
G:\WINDOWS\system32\regsync.exe -> Spyware.SafeSurfing -> Cleaned with backup
G:\WINDOWS\system32\rkkunz.exe -> TrojanDownloader.Qoologic.n -> Cleaned with backup
G:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p -> Cleaned with backup
G:\WINDOWS\system32\SWLAD1.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
G:\WINDOWS\system32\SWLAD2.dll -> Spyware.VirtualBouncer.g -> Cleaned with backup
G:\WINDOWS\system32\thin-138-1-x-x.exe -> Spyware.BetterInternet -> Cleaned with backup
G:\WINDOWS\system32\uci.exe -> TrojanDropper.Agent.hl -> Cleaned with backup
G:\WINDOWS\system32\umdtcplc.exe -> TrojanDownloader.Agent.ed -> Cleaned with backup
G:\WINDOWS\system32\vgaeman.exe -> TrojanDownloader.Apropo.ac -> Cleaned with backup
G:\WINDOWS\system32\wintask.exe -> TrojanDownloader.Small.abd -> Cleaned with backup
G:\WINDOWS\system32\wrapperouter.exe -> TrojanDropper.Agent.hl -> Cleaned with backup
G:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c -> Cleaned with backup
G:\WINDOWS\wsem303.dll -> TrojanDownloader.Dyfuca.dt -> Cleaned with backup
G:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup
::Report End
Second step of Ewio log
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 2:30:41 PM, 6/19/2005
+ Report-Checksum: BF6D5A83
+ Date of database: 6/18/2005
+ Version of scan engine: v3.0
+ Duration: 139 min
+ Scanned Files: 164899
+ Speed: 19.74 Files/Second
+ Infected files: 1
+ Removed files: 1
+ Files put in quarantine: 1
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
G:\
+ Scan result:
G:\WINDOWS\system32\zcatbwn.exe -> Spyware.BetterInternet -> Cleaned with backup
::Report End
hijack log
Logfile of HijackThis v1.99.1
Scan saved at 2:40:38 PM, on 6/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\Explorer.exe
G:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe G:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - G:\WINDOWS\systb.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [RCScheduleCheck] G:\Program Files\VCOM\Recovery Commander\RCSCHED.EXE -CHECK
O4 - HKLM\..\Run: [Fix-It AV] G:\PROGRA~1\VCOM\Fix-It\MemCheck.exe
O4 - HKLM\..\Run: [G:\WINDOWS\VCMnet11.exe] G:\WINDOWS\VCMnet11.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = G:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://G:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .MOV: G:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O23 - Service: ewido security suite control - ewido networks - G:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Fix-It Task Manager - V Communications, Inc. - G:\PROGRA~1\VCOM\Fix-It\mxtask.exe
Thanks