okay, here are my 2 new reports.
i think it's ironic that ewido said there's no reason to panic.
i have been panicking for a couple weeks now. with each new failed attempt my panic grows.
my continued thanks...
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 7:33:40 PM, 8/1/2005
+ Report-Checksum: 5BD47E8C
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
C:\WINDOWS\SYSTEM32\pqoppa.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\PSof1.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitelrr32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitegdy32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\redtrsha.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\SYSTEM32\richup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\SYSTEM32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\SYSTEM32\wgvww.dat -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\kalkkfa.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\dxoddcx.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\erbee.dll -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\SYSTEM32\dist001.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsm10B.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\pop.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\exp -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINDOWS\SYSTEM32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitelos32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\temperror32.dat -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitemdy32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\cxtpls_loader.exe -> TrojanDownloader.Apropo.ae : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitebvx32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\jzjzmrsr.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\sbsxzp.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\pcs_0029.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\AuroraHandler.dll -> Adware.BetterInternet : Cleaned with backup
C:\!Submit\pqoppa.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Program Files\CasStub\casstub.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\Eudora2\attach\FL07Aa01.htm -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rutr.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Documents and Settings\Felicia Palsson\Cookies\felicia
palsson@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP293\A0027583.dll -> Spyware.WebEx : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP294\A0027603.exe -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP294\A0027607.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP294\A0027616.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP294\A0027620.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP294\A0027621.exe -> Spyware.CashBack : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP294\A0027632.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP294\A0027633.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP294\A0027634.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP294\A0027635.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP294\A0027636.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP294\A0027638.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP294\A0027639.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP294\A0027641.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP294\A0027646.exe -> TrojanDownloader.Qoologic.v : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP296\A0027669.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP296\A0027670.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP297\A0027679.exe -> TrojanDownloader.Intexp.c : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP301\A0028764.exe -> TrojanDownloader.Small.ayh : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP305\A0031154.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP311\A0031609.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{9463D75D-4D7D-4F6B-83EC-17EEA0F75395}\RP311\A0031610.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
D:\WINDOWS\Temporary Internet Files\Content.IE5\3EWZZTWP\size=1x1&affiliate=efanguide&channel=filmtv&subchannel=alsoplaying&Network=affiliates&rating=pg13[1].htm -> Spyware.BookedSpace : Cleaned with backup
D:\WINDOWS\Cookies\felicia
palsson@ehg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
D:\WINDOWS\Cookies\felicia
palsson@ilead.itrack[1].txt -> Spyware.Cookie.Itrack : Cleaned with backup
D:\WINDOWS\Cookies\felicia
palsson@ehg.hitbox[3].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
D:\WINDOWS\Cookies\felicia
palsson@ehg-uniontrib.hitbox[5].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
D:\Eudora_072005\attach\FL07Aa01.htm -> Spyware.BookedSpace : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 7:39:15 PM, on 8/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Felicia Palsson\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.independent.co.uk/
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pqoppa.exe reg_run
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2005\spy.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2005\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2005\spy.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -
https://support.microsoft.com/OAS/ActiveX/odc.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe