I have suddenly got LOTS of pop-ups and other weird things. I can't even log onto Windows through my main user name. When I run Ad-aware and Spy-bot, they can find the problems but not fix them. Any advice would be greatly appreciated. (I ran hijackthislog and tried to attach the results but got an error message that it was an invalid file type. I'm not sure what I did wrong.)

When you run Hijackthis, choose the option to create a log. The log will open up in notepad. Either:


Click on edit and then select all and then click on edit and then copy
Rt click in the log and choose the option to select all. Then click on edit and then copy


return here, reply to the post. Place the mouse cursor in the post click on edit and the paste. The log will appear in the post. Click submit post.

Logfile of HijackThis v1.99.1

Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\xcoppsrv.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\System32\wintask.exe
C:\Program Files\Moviewer\urlpstui.exe
C:\PROGRA~1\VBouncer\VirtualBouncer.exe
C:\WINDOWS\System32\PSof1.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\mpjkrj.exe
C:\WINDOWS\System32\vidctrl\vidctrl.exe
C:\WINDOWS\System32\vidctrl\vidctrl.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Nick\Desktop\hijackthis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://69.28.210.175/media/1
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate .jar" com.motive.firmwareUpdater.client.SprintModemUpdat e
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\System32\exp.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\System32\wintask.exe
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [PSof1] C:\WINDOWS\System32\PSof1.exe
O4 - HKLM\..\Run: [mifdgc] C:\WINDOWS\System32\mifdgc.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINDOWS\System32\mpjkrj.exe reg_run
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [dnam] C:\WINDOWS\system32\d140113.a.Stub.EXE
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [whbtzt] C:\WINDOWS\System32\aqzlaeo.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Defender Pro Firewall.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Sprint virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: VIN.net Clients - [url]http://app2.outtask.com/vinnet/clients/152.9/vin2-116.CAB[/url]
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - [url]http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124198155461[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124198136617[/url]
O16 - DPF: {8AF9A654-6644-46AD-A344-34B71839659E} (Fix Class) - [url]http://www.stlu.com/plugins/Plugin0501.0106/fixst.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - [url]https://intranet.mscdirect.com/TN5250/matn5250.cab[/url]
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - [url]http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab[/url]
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\MCPISTUB.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGVpZ2ggQW5uZQAA\command.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

You have Aurora which is a major mess... On the good news side, Ad-Aware has just released a beta fix for it that seems to work... Try this:

BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference.

First, download Ewido Security Suite (http://www.ewido.net/en/download/).

Next, download Lavasoft's Ad-Aware (http://www.download.com/Ad-Aware-SE-Personal-Edition/3000-8022_4-10045910.html) and the VX2 Cleaner Plug-in (http://www.lavasoft.de/software/addons/vx2cleaner.shtml). Install Ad-Aware using the default options, then unzip the VX2 plugin to the directory C:\Program Files\Lavasoft\Ad-Aware SE Personal\Plugins. There should be two files in the Plugins directory called "vx2cleaner.dll" and "vx2cleaner.dlx" when properly installed.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column. Select VX2 Cleaner V2.0 and click Run Tool. Click "OK", then, if something is found, click "Clean" as in the directions given. Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again. This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next. Once the scan finishes, click "Next" again. Select all objects found (right click anywhere in the list of found objects and click "Select All Objects"). Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next". Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

For a final cleanup, please install and run Ewido.
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

From the main ewido screen, click on update in the left menu, then click the Start update button.

After the update finishes (the status bar at the bottom will display "Update successful")

Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.


Please finish up by rebooting your system once more, and posting a new HijackThis log and the log from the Ewido scan.

Budfred, This handles Epolvy as well???????????????? Is is Epolvy just an evolved form of Aurora and that's all we'll be seeing for a while?

classicsoftware,

This is still beta, so we are checking to see if it will handle Epolvy, but the indications are that it does... Epolvy is being bundled with Nail consistently now to protect and reinstall it... If this works, you can bet there will be a new menace bundled with it soon... Dinst/DSR are also bundled... The malware pukes seem to be using bundling as standard procedure these days...

FerrisLeigh,

Please be sure to include the entire Header info on HJT when you post the next log... We are taking risks without it...

I followed your instructions - had to go in through safe mode to do it. I still can't sign onto Windows as the primary user. I get lots of error messages and it finally crashes. (Let me know if you want specifics.) However I can still get on through the secondary userid or through safe mode. When I sign on as the secondary user I now get a message that "windows cannot find 'C:\windows\nail.exe'. But it will let me on and let me online. Still getting popups. I will attach Hijackthis and Ewido. (Ewido is too long to attach with this post. I'll make two or more posts to get it all in.) Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 12:20:00 PM, on 8/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Moviewer\urlpstui.exe
C:\WINDOWS\System32\xcoppsrv.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\Documents and Settings\Nick\Desktop\hijackthis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://69.28.210.175/media/1
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Kaspersky Anti-Virus Lite] C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [SprintModemUpdate] javaw.exe -cp "C:\Program Files\Motive\FirmwareUpdater\lib\SprintModemUpdate .jar" com.motive.firmwareUpdater.client.SprintModemUpdat e
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [dnam] C:\WINDOWS\system32\d140113.a.Stub.EXE
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKLM\..\Run: [tpekupc] C:\WINDOWS\System32\wzdeguo.exe r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: Defender Pro Firewall.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Sprint virtual assistant.lnk = C:\Program Files\Sprint DSL virtual assistant\bin\matcli.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: VIN.net Clients - [url]http://app2.outtask.com/vinnet/clients/152.9/vin2-116.CAB[/url]
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - [url]http://www.miniclip.com/puzzlepirates/miniclipGameLoader.dll[/url]
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124198155461[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url]http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124198136617[/url]
O16 - DPF: {8AF9A654-6644-46AD-A344-34B71839659E} (Fix Class) - [url]http://www.stlu.com/plugins/Plugin0501.0106/fixst.cab[/url]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]
O16 - DPF: {A6A216EB-4F7C-11D5-8438-0000B456BA3D} (Matn5250 Control) - [url]https://intranet.mscdirect.com/TN5250/matn5250.cab[/url]
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - [url]http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab[/url]
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\WHNTRUST.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGVpZ2ggQW5uZQAA\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\Program Files\Defender\Defender Pro Anti-Virus\AvpM.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

The Ewido report is 32000 characters long. Should I cut it up into four posts?
Thanks.

Yes, cut it up into 4 posts....

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:04:11 PM, 8/24/2005
+ Report-Checksum: 8F110D71

+ Scan result:

HKLM\SOFTWARE\MaxSpeed -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\Surf SideKick -> Spyware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
[224] C:\WINDOWS\system32\WHNTRUST.DLL -> Spyware.Look2Me : Error during cleaning
[620] C:\WINDOWS\system32\mlxactps.dll -> Spyware.Look2Me : Error during cleaning
[696] C:\WINDOWS\system32\mlxactps.dll -> Spyware.Look2Me : Error during cleaning
C:\!PeperFix\Cxe0o.exe -> TrojanDownloader.VB.em : Cleaned with backup
C:\!PeperFix\Dfmc1bU0.exe -> TrojanDownloader.VB.em : Cleaned with backup
C:\!PeperFix\Kyjnpex.exe -> TrojanDownloader.VB.em : Cleaned with backup
C:\!PeperFix\Nwvd1.exe -> TrojanDownloader.VB.em : Cleaned with backup
C:\!PeperFix\PikQWgDx.exe -> TrojanDownloader.VB.em : Cleaned with backup
C:\!PeperFix\Zkr60G.exe -> TrojanDownloader.VB.em : Cleaned with backup
C:\!PeperFix\ZzhGa.exe -> TrojanDownloader.VB.em : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tikd.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@cityclub.gamingpromo[2].txt -> Spyware.Cookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@cratebarrel.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@e-2dj6wfkiajazmgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@e-2dj6wjkokjdjolo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@e-2dj6wjkokkdpsbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@e-2dj6wjkowocpwep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@e-2dj6wjl4skdzcap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@e-2dj6wjlisicpwlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@e-2dj6wjny-1jajgg.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@free.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@gamingpromo[2].txt -> Spyware.Cookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@vip.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\bcrosby2959@earthlink.net\Cooki es\leigh anne@www2.enigmasoftwaregroup[1].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\leighacrosby@earthlink.net\Cook ies\leigh anne@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\leighacrosby@earthlink.net\Cook ies\leigh anne@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\leighacrosby@earthlink.net\Cook ies\leigh anne@cityclub.gamingpromo[2].txt -> Spyware.Cookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\leighacrosby@earthlink.net\Cook ies\leigh anne@cratebarrel.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\leighacrosby@earthlink.net\Cook ies\leigh anne@e-2dj6wjny-1jajgg.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\leighacrosby@earthlink.net\Cook ies\leigh anne@gamingpromo[1].txt -> Spyware.Cookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\leighacrosby@earthlink.net\Cook ies\leigh anne@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Application Data\Earthlink\6.0\leighacrosby@earthlink.net\Cook ies\leigh anne@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temp\180SAAX.cab/clientax.dll -> Spyware.180Solutions : Error during cleaning
C:\Documents and Settings\Leigh Anne\Local Settings\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temp\clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temp\Del17.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temp\Del1B.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temp\Del22.tmp -> Spyware.180Solutions : Cleaned with backup

C:\Documents and Settings\Leigh Anne\Local Settings\Temp\Del25.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temp\HLInstaller3.exe -> Spyware.iSearch : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temp\i61.tmp -> TrojanDownloader.Totavel.a : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temp\i6D.tmp -> TrojanDownloader.Totavel.a : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temp\nsh_107.exe -> Spyware.Downloadware : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temp\nsh_114.exe -> Spyware.Downloadware : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temp\res26.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temp\res29.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temporary Internet Files\Content.IE5\4LG7SR8V\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temporary Internet Files\Content.IE5\7QCFRPW5\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temporary Internet Files\Content.IE5\818XIF0D\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temporary Internet Files\Content.IE5\ETC3212H\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temporary Internet Files\Content.IE5\ETC3212H\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temporary Internet Files\Content.IE5\ETC3212H\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temporary Internet Files\Content.IE5\G92BOX63\nsh_114[1].exe -> Spyware.Downloadware : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temporary Internet Files\Content.IE5\OYEOP5IP\trk_0026[1].exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temporary Internet Files\Content.IE5\S26PW6SW\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temporary Internet Files\Content.IE5\SLSXMJ0X\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temporary Internet Files\Content.IE5\WH4F4JWJ\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temporary Internet Files\Content.IE5\WH4F4JWJ\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temporary Internet Files\Content.IE5\WXATIAEX\abiuninst[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Leigh Anne\Local Settings\Temporary Internet Files\Content.IE5\WXATIAEX\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@ehg-classifiedventures.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Nick\Cookies\nick@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Nick\Local Settings\Temp\Del14.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Nick\Local Settings\Temp\Del15.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Nick\Local Settings\Temp\DelC.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Nick\Local Settings\Temp\DelD.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Nick\Local Settings\Temp\DelE.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Nick\Local Settings\Temp\DelF.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\AF09ST0R\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\MVMVE5K5\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Program Files\CasStub\casstub.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1006\Dc558.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1006\Dc570.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1006\Dc574.txt -> Spyware.Cookie.Gamingpromo : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1006\Dc578.txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1006\Dc586.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1006\Dc596.txt -> Spyware.Cookie.Gamingpromo : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1006\Dc650.txt -> Spyware.Cookie.Burstnet : Cleaned with backup

C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc10.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc14.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc16.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc18.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc22.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc28.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc31.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc32.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc37.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc41.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc49.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc53.txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc56.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc57.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc58.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc59.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-1376643981-2669302297-488748980-1007\Dc8.txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0028781.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0028907.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0028908.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0028911.exe -> TrojanDropper.Agent.lu : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0028912.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0028919.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0029908.exe -> TrojanDownloader.QDown.z : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0029915.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0029927.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0030906.exe -> TrojanDownloader.Qoologic.v : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0030911.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0030914.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0030920.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0031909.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0031912.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0031916.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0032909.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0032910.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0032918.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0032920.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0032929.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0033918.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0033919.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0033930.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0033932.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0033937.dll -> Spyware.EliteBar : Cleaned with backup

C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0034933.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0034936.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0034941.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0035933.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0035934.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0035936.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0035945.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0035948.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0036945.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0036952.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0037944.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0037945.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0038944.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0039944.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0039946.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0039952.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0040944.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0040946.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0040951.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0041944.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0041945.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0041955.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0041958.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0041962.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP104\A0041972.exe -> Spyware.PurityScan : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP105\A0044985.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP105\A0044988.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP106\A0046994.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP106\A0049026.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP106\A0050032.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP106\A0050033.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP106\A0050034.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP106\A0050035.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP106\A0050038.EXE -> Spyware.VirtualBouncer.j : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP106\A0050042.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP106\A0050043.exe -> Spyware.Adstart : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP106\A0050045.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP106\A0050046.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP106\A0050047.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP106\A0050048.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP106\A0050049.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP106\A0050062.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP106\A0051074.dll -> Spyware.EliteBar : Cleaned with backup
C:\TEMP\Installer.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\etb\nt_hide63.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\SYSTEM\sohwmrdqex.exe -> TrojanDownloader.Small.ayh : Cleaned with backup
C:\WINDOWS\SYSTEM32\AUNPS2.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\CAPESNPN.exe -> Spyware.AdSrve : Cleaned with backup
C:\WINDOWS\SYSTEM32\CIC08510.exe -> Spyware.AdSrve : Cleaned with backup

C:\WINDOWS\SYSTEM32\CLBCATEX.exe -> Spyware.VB : Cleaned with backup
C:\WINDOWS\SYSTEM32\CLRSRV.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\CXBINET.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\DGRGUI.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\dist001.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\WINDOWS\SYSTEM32\DOAO36.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\DVLAY.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\exp.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINDOWS\SYSTEM32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\hcsetup.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\HWD.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\HyperLinker2.exe -> Spyware.iSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\ILRNONCE.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\IOSENG.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\izss.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\jJvart.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\KDDKAZ.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\MCLS31.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\MCPISTUB.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mifdgf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\SYSTEM32\mmc70.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mpc70.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\mpjkrj.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\WINDOWS\SYSTEM32\mwc70u.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\MZRDDM.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsj40.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsvsvc\nsv.ocx -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsvsvc\nsvs.dll -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsvsvc\nsvsvc.exe -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\nswru.dll -> TrojanDownloader.Qoologic.t : Cleaned with backup
C:\WINDOWS\SYSTEM32\nurszht.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\omncbnd.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\WINDOWS\SYSTEM32\ozbc16gt.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\PSof1.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\SYSTEM32\redit.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\SYSTEM32\RUSPPP.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\SYSTEM32\uci.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\SYSTEM32\uiperpn.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\WINDOWS\SYSTEM32\VHR.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\vidctrl\vidctrl.exe -> Spyware.DelphinMediaViewer : Cleaned with backup
C:\WINDOWS\SYSTEM32\vkaqp.dat -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\WINDOWS\SYSTEM32\WHHNETBS.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\wintask.exe -> TrojanDownloader.Small.abd : Cleaned with backup
C:\WINDOWS\SYSTEM32\WMNIPSEC.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\WMW32.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\WRADEFUI.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\SYSTEM32\wrfapi.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\WINDOWS\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Temp\pcs_0026.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\Temp\ptf_0026.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\Temp\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn : Cleaned with backup


::Report End

Do some cleanup with HJT to see if that clears up some of this mess:

First, download and run LQFix:

http://users.telenet.be/bluepatchy/miekiemoes/tools/LQfix.exe

Then open and HJT scan and put checks by:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://69.28.210.175/media/1
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\Run: [salm] c:\program files\180searchassistant\salm.exe
O4 - HKCU\..\Run: [vidctrl] C:\WINDOWS\System32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [dnam] C:\WINDOWS\system32\d140113.a.Stub.EXE
O4 - HKLM\..\Run: [tpekupc] C:\WINDOWS\System32\wzdeguo.exe r
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\WHNTRUST.DLL
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TGVpZ2ggQW5uZQAA\command.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Close all open windows except HJT and click Fix checked...

Reboot and post a fresh HJT log... I suspect we will still need to redo the earlier fix, so if you see clear signs of continued infection, see if you can run the whole fix again... If not, we may have to do it a more difficult way...