I ran panda scanner and HJT today and these are the latest logs.
Also his screen has gone green. dont know if thats related.
Incident Status Location
Adware:adware/dyfuca Not disinfected C:\Documents and Settings\y\Local Settings\Temp\cfout.txt
Adware:adware/commad Not disinfected C:\WINDOWS\SYSTEM32\atmtd.dll
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\y\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/maxifiles Not disinfected C:\mc-110-12-0000228.exe
Adware:adware/sqwire Not disinfected C:\installerwebnex.exe
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\teller2.chk
Adware:adware/superspider Not disinfected C:\WINDOWS\dl.html
Spyware:spyware/media-motor Not disinfected C:\WINDOWS\mm63.ocx
Adware:adware/vaultsearch Not disinfected C:\PROGRAM FILES\COMMON FILES\VCClient
Adware:adware/qoologic Not disinfected Windows Registry
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\y\Cookies\y@xiti[1].txt
Adware:Adware/BroadcastPC Not disinfected C:\DR21206.exe
Virus:W32/MultiOpen.A.worm Disinfected C:\WINDOWS\SYSTEM32\Rtdx118.dat
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\X944QHVH\mc-110-12-0000228[1].exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GLCCRGKK\installer[1].exe
Adware:Adware/BroadcastPC Not disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SLV3OG6Y\DR21206[1].exe
Spyware:Cookie/adultfriendfinder Not disinfected C:\WINDOWS\SYSTEM32\config\systemprofile\Cookies\system@adultfriendfinder[2].txt
Adware:Adware/CommAd Not disinfected C:\WINDOWS\TEMP\cmdinst.exe
Adware:Adware/Sqwire Not disinfected C:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs
Spyware:Spyware/SurfSideKick Not disinfected C:\Program Files\Common Files\VCClient\VCClient.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Program Files\Common Files\VCClient\VCMain.exe
Spyware:Spyware/SurfSideKick Not disinfected C:\Program Files\Common Files\VCClient\VCUpdate.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\l2mfix.exe[Process.exe]
Adware:Adware/Maxifiles Not disinfected C:\mc-110-12-0000228.exe
Adware:Adware/ClkOptimizer Not disinfected C:\installerwebnex.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\y\Desktop\l2mfix.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\y\Desktop\l2mfix\Process.exe
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\y\Cookies\y@xiti[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\y\Application Data\Mozilla\Firefox\Profiles\default.qic\cookies.txt[]
Logfile of HijackThis v1.99.1
Scan saved at 12:47:06 PM, on 3/3/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.google.com
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9BF85BC-FAA5-4DE9-B112-EAB68BB508C2}: NameServer = 213.40.2.19 213.40.2.20
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe