Downloader.Obfuskated & HJT Log

Unknown · March 2007

Hey guys, I'm not very well versed in computer lingo, but when I was running an AVG scan today I noticed it detected a virus called "Downloader.Obfuskated", which, after quarantine of course re-appeared. I've researched the issue a bit, but couldn't really find a way to get rid of it. Hoping that a post here will give me some insight.

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:51:42 PM, on 3/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [findaxisjunkpoll] C:\Documents and Settings\All Users\Application Data\1 EGGS FIND AXIS\File Lite.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168215757857
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172704701061
O18 - Protocol: bw+0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Any help is appreciated!

Rahina-Rescue · March 2007

Hello sKins! And welcome to Short-media Virus/Spyware Forums. My name is Rahina Rescue and i will be helping you here

Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! I Suggest you print these Instructions out.

First thing i nead you to do:

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

click start-run copy paste "C:\Documents and Settings\All Users\Application Data\1 EGGS FIND AXIS\File Lite.exe" -uninstall and hit enter.

Remember to add those quotes!

Now reboot your computer into normal mode.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/

Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
- Click on Change state next to Resident shield. It should now change to inactive.
- Click on Change state next to Automatic updates. It should now change to inactive.
- Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
- Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.

If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.

Once in Safe Mode:

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

Click on Scanner on the toolbar.
Click on the Settings tab.
- Under How to act?
  - Click on Recommended Action and choose Quarantine from the popup menu.
- Under How to scan?
  - All checkboxes should be ticked.
- Under Possibly unwanted software:
  - All checkboxes should be ticked.
- Under Reports:
  - Select Automatically generate report after every scan and uncheck Only if threats were found.
- Under What to scan?
  - Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
- Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
- At the bottom of the window click on the Apply all Actions button. (3)
When done, click the Save Scan Report button. (4)
- Click the Save Report as button.
- Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

Reboot back into Normal Mode, and post a new HJT log, along with the AVG Anti-Spyware log.

skiNs · March 2007

Hey Rahina Rescue, thanks for the response.

This first part is the AVG-spyware report. It detected quite alot of junk.

AVG Anti-Spyware - Scan Report

+ Created at: 1:52:18 AM 3/2/2007

+ Scan result:

C:\Program Files\Crimsonland\tln_Crimsonland_v1.9.8ptch.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.262:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.221:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.222:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.223:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.224:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.225:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.226:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.227:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.228:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.229:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.230:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.231:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.232:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.233:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.234:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.277:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.407:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.638:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.678:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.721:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.744:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.239:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.240:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.241:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.270:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.334:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.529:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.652:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.436:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.438:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.439:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.256:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.257:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.258:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.259:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.260:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.263:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.543:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.544:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.177:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.178:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.179:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.180:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.183:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.322:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.216:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.217:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.106:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.107:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.108:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.109:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.110:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.111:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.112:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.539:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.541:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.542:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Comclick : Cleaned.
:mozilla.72:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.411:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.412:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.64:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.65:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.66:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.67:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.68:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.69:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.531:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.803:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.384:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.394:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.395:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.396:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.397:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.398:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.399:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.497:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.498:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.557:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.575:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.625:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.626:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.640:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.647:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.790:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.791:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.792:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.246:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.247:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.793:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.794:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.569:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.76:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.77:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.445:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.446:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.447:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.448:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.136:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.137:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.138:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.478:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.479:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.480:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Realmedia : Cleaned.
:mozilla.143:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.144:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.145:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.146:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.147:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.148:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.149:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.150:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.335:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.336:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.683:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.684:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.284:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.285:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.288:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.669:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.491:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.124:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.125:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.126:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.127:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.128:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.129:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.130:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.293:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.294:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.295:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.400:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.401:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.402:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.403:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.404:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.405:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.406:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Sean\Cookies\sean@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.589:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.158:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.70:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.519:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.161:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.769:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.212:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.213:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.215:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.264:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.265:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.266:C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{250646ED-DEAA-487E-8DAC-30E46C7DA919}\RP70\A0015497.exe -> Trojan.Obfuscated.bk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{250646ED-DEAA-487E-8DAC-30E46C7DA919}\RP90\A0032791.exe -> Trojan.Obfuscated.bk : Cleaned with backup (quarantined).

::Report end

Here is the new HJT report:

Logfile of HijackThis v1.99.1
Scan saved at 1:55:39 AM, on 3/2/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\program files\steam\steam.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [findaxisjunkpoll] C:\Documents and Settings\All Users\Application Data\1 EGGS FIND AXIS\File Lite.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168215757857
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172704701061
O18 - Protocol: bw+0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7196C17D-97AB-4FA4-92F5-4D8E9D5EEB38} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks again for your help so far.

Rahina-Rescue · March 2007

Looks like you did not copy paste everything i told you to :rolleyes2

Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions! I Suggest you print these Instructions out.

We'll Do the same thing another way this time.

Please Download Delete.bat to your desktop.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Double click on Delete.bat in safemode, When done, it disappears automatically.

==

Now boot into normal mode.

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

Double-clickATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser

ClickFirefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser

ClickOpera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

==

Please run a scan using:

Kaspersky On-line Scanner

When you are prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files
When the files finish downloading click on NEXT
Now click on Scan Settings
In Scan Settings make sure that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:

Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:
Select My Computer
This program will start and scan your system.
Online scan can take a long time to complete and the time is impacted by the speed of your internet connection. Be patient and let it run. It is best not to do anything else while the scan is running. This will help it to complete faster.
When the scan has completed, it will display whether your system has been infected or not
Click on the Save as Text button:
Save the file to your desktop or another folder where you can locate it later.
Attach this file to your next message.

skiNs · March 2007

Not sure what you meant by I didn't copy-paste everything, can you clarify what you mean? Also, it seems that one of the things you had to do really messed up the formating on every page in firefox. Do you have any idea what that might have been?

And the Kaspersky Online scanner thing also would not work in firefox, I had to use IE. Here is the report.

KASPERSKY ONLINE SCANNER REPORT
Friday, March 02, 2007 5:23:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 2/03/2007
Kaspersky Anti-Virus database records: 275484

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 77608
Number of viruses found: 1
Number of infected objects: 4 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:49:24
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\1 EGGS FIND AXIS\site 32 hide Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\cert8.db Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\history.dat Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\key3.db Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\parent.lock Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Sean\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Sean\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Application Data\Mozilla\Firefox\Profiles\qytyx0wa.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sean\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sean\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Sean\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\BWDocMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\BWInfopakMap.pht Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\chandir.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\chandir.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\chn.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\chn.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\D0000000.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\inuse.txt Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\L0000003.FCS Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\main.log Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\prs.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\prs.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\prs_die.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\prs_die.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\prs_dnd.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\prs_dnd.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\prs_ext.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\prs_ext.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\prs_rcv.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\prs_rcv.idx Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\storydb.dat Object is locked skipped
C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Sean\Data\storydb.idx Object is locked skipped
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Program Files\Steam\Steam.log Object is locked skipped
C:\Program Files\Steam\steamapps\winui.gcf Object is locked skipped
C:\Program Files\Steam\SteamLogs\SteamStats.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{250646ED-DEAA-487E-8DAC-30E46C7DA919}\RP46\A0007117.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\System Volume Information\_restore{250646ED-DEAA-487E-8DAC-30E46C7DA919}\RP46\A0007117.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\System Volume Information\_restore{250646ED-DEAA-487E-8DAC-30E46C7DA919}\RP46\A0007117.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{250646ED-DEAA-487E-8DAC-30E46C7DA919}\RP63\A0010295.exe Object is locked skipped
C:\System Volume Information\_restore{250646ED-DEAA-487E-8DAC-30E46C7DA919}\RP67\A0011004.exe Object is locked skipped
C:\System Volume Information\_restore{250646ED-DEAA-487E-8DAC-30E46C7DA919}\RP67\A0011005.exe Object is locked skipped
C:\System Volume Information\_restore{250646ED-DEAA-487E-8DAC-30E46C7DA919}\RP70\A0015496.exe Object is locked skipped
C:\System Volume Information\_restore{250646ED-DEAA-487E-8DAC-30E46C7DA919}\RP92\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.

Rahina-Rescue · March 2007

Please Download Delete.bat to your desktop. ( This is not the same delete.bat file )

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Double click on Delete.bat in safemode, When done, it disappears automatically.

==

it seems that one of the things you had to do really messed up the formating on every page in firefox. Do you have any idea what that might have been?

What "thing" ?

Please let me know what you did/did not do

Thanks.

Rahina-Rescue · March 2007

Whilst we appreciate that you may be busy, it has been 7 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Spyware & Virus Removal Forum

If you wish this topic reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead

Downloader.Obfuskated & HJT Log

Comments