[Nifo]

Hello. I rean my AVG Virus scanner and it has detected Trojan Horse Dropper.Generic.DZD. I have tried over 30 time tonight to remove the file. Even going into safe mode and then into dos to remove it. But when I load windows back up it is again, it was still there. This file is in my _Restore\temp Folder as a CPY file.

Help!







Scan Log


Logfile of HijackThis v1.99.1
Scan saved at 9:59:38 PM, on 5/22/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\ICQLITE\ICQLITE.EXE
C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\LOGITECH\SETPOINT\SETPOINT.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\LOGITECHDESKTOPMESSENGER.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\COMMON FILES\LOGITECH\KHAL\KHALMNPR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/ghere_magic/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAM FILES\ICQTOOLBAR\TOOLBAR.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.geocities...m/ghere_magic/"); (C:\Program Files\Netscape\Users\judyfolsum\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAM FILES\ICQTOOLBAR\TOOLBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\SYSTEM\GREENMK.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE" -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\PROGRAM FILES\ICQLITE\ICQLITE.EXE -trayboot
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAM FILES\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMPANION\MODULES\MESSMOD4\V6\YHEXBMES.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMPANION\MODULES\MESSMOD4\V6\YHEXBMES.DLL (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_09\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_09\BIN\SSV.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPSWF32.dll
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipbrowser.c...ite/fvliteY.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: Yahoo! Spades - http://download.game...nts/y/st2_x.cab
O16 - DPF: {4063B398-3FC7-433E-B23B-0460CE7EDC27} (MaxisMakinMagicTeleX Control) - http://thesims.ea.co...nMagicTeleX.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.game...r/goldfever.cab
O16 - DPF: ConferenceRoom Java Client - http://irc.ev1.net/java/cr.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.game...nx.1.0.0.55.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc...oad/ppcwebi.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: offline-8876480 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\GAPLUGPROTOCOL-8876480.DLL
O21 - SSODL: zwqwTKv - {353C12DB-9F96-B871-A2BF-2DA664340C3F} - C:\WINDOWS\SYSTEM\LSW.DLL (file missing)







Removal List


Adobe Acrobat Reader 3.01
Adobe Flash Player 9 ActiveX
Adobe PhotoDeluxe Home Edition 3.1
Adobe Reader 6.0.1
Adobe Shockwave Player
AIM Toolbar
ALi USB2.0 Driver
AOL Instant Messenger
AVG Free Edition
AVI Movie Player
Bouguereau Desktop Theme
Canon Camera Support Core Library
Canon Camera WIA Driver 6.4
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window DSLR 5 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX (E)
Chinese (Traditional) Language Support
CoffeeCup GIF Animator
Connectix Desktop Designer Lite
Creative Modem Blaster PCI DI5633
Crystal Button 2.8
CSS Wizard
DeductionPro 2006
Delete Virtual-Mate Launcher
Desktop Architect
Diablo
eBook Studio
ffdshow (remove only)
HijackThis 1.99.1
Hijackthis 1.99.1
HP CD Labeler II
HSP56 MicroModem Drivers
IconMaker 2002 Deluxe Demo
ICQ
ICQ Toolbar
ICQ 5.1
J2SE Runtime Environment 5.0 Update 9
Japanese Language Support
Jasc Paint Shop Pro 8
Labtec WebCam
Labtec® WebCam Driver
Lernout & Hauspie TruVoice American English TTS Engine
Logitech Desktop Messenger
Logitech SetPoint
Magic Workstation 0.94f
Majesty
Micrografx Windows Draw 6 LE
Microsoft .NET Framework 1.1
Microsoft Internet Explorer 6 SP1 and Internet Tools
Microsoft Office 97, Professional Edition
Microsoft Outlook Express 6
Microsoft Web Publishing Wizard 1.52
Microsoft Works 4.5
Morisot Desktop Theme
Mozilla Firefox (2.0)
MSN Explorer
MSN Messenger 7.0
MTG GamePack for Magic Workstation
MusicMatch Jukebox
Netscape Communicator 4.75
Palm Desktop
PCStitch Pro
Pdf995
PdfEdit995
Petz 3
Presto! ImageFolio
Presto! PageManager 98
Presto! PageType
PrintMaster
Puzzle Pirates
QuickTime
Rapid CSS 2006 v7.3
RealPlayer G2
Rousseau Desktop Theme
S3 Gamma
S3 Information Property Sheet Page
S3 Refresh
SCANPORT ScanModule for Windows V2.50
Secure Delivery
Septerra Core
Shockwave
Sierra Utilities
Spybot - Search & Destroy 1.3
TaxCut Premium 2006
The Game Of Life
The Kinkade Collection
The Sims Art Studio
The Sims Hot Date Object Organizer 1.0
The Sims Makin' Magic
The Sims Menu Editor
ThumbsPlus 3.0
Trillian
Ulead Photo Express 2.0 SE
Viewpoint Media Player
Waterhouse Desktop Theme
WeatherBug
Windows Messaging Update 1
WinZip
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Photos Easy Upload Tool 1v7
Yahoo! Toolbar

[Advertisements]

Hello Nifo,

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

• Double-click sspsetup1.exe to install it.
• Before installation it may ask you to check for program updates. Click YES.
  Then finish installation leaving all the default options.
• Once the program is installed, it will ask if you wish to reboot now choose YES.
• After reboot, open SpySweeper, by double-clicking the icon on your desktop.
• Click Options on the left side.
• Click the Sweep tab.
• Under Items to Sweep make sure the following are checked:
  • Windows registry
  • Memory objects
  • Cookies
  • Compressed Files
  • System Restore Folder
• Under Other Options make sure the following are checked:
  • Sweep all user accounts
  • Enable Direct Disk Sweeping
  • Sweep for rootkits
• Click the Sweep button on the left side.
• Click the Start Sweep button.
• When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
• It will quarantine all of the items found.
• Click View Session Log in the right corner above the box where the items are listed.
• Click Save to File and save it on your desktop.
• Exit SpySweeper.
• Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).
• NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.

Please do an online scan with Kaspersky WebScanner Please note: You MUST use Internet Explorer for this scan to work. )

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

[RiP]

Hello Nifo,

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

• Double-click sspsetup1.exe to install it.
• Before installation it may ask you to check for program updates. Click YES.
  Then finish installation leaving all the default options.
• Once the program is installed, it will ask if you wish to reboot now choose YES.
• After reboot, open SpySweeper, by double-clicking the icon on your desktop.
• Click Options on the left side.
• Click the Sweep tab.
• Under Items to Sweep make sure the following are checked:
  • Windows registry
  • Memory objects
  • Cookies
  • Compressed Files
  • System Restore Folder
• Under Other Options make sure the following are checked:
  • Sweep all user accounts
  • Enable Direct Disk Sweeping
  • Sweep for rootkits
• Click the Sweep button on the left side.
• Click the Start Sweep button.
• When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
• It will quarantine all of the items found.
• Click View Session Log in the right corner above the box where the items are listed.
• Click Save to File and save it on your desktop.
• Exit SpySweeper.
• Paste the contents of the session log you saved into your next reply (Spy Sweeper Session Log.txt).
• NOTE: you can get to the log by clicking Options on the left. Then, View Session Log will be listed under Other Options.

Please do an online scan with Kaspersky WebScanner Please note: You MUST use Internet Explorer for this scan to work. )

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  Extended (if available otherwise Standard)
  
  • Scan Options:
  Scan Archives
  Scan Mail Bases
• Click OK
• Now under select a target to scan:Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

[Nifo]

I went to the spy sweeper site and d-Loaded the program. It is not letting me load the program. It is stating that I need to d-load vedrsion 4.5. I have looked on the site and I have not been able to find the program that I didn't have to pay for. Is there another place I can go or look?

[RiP]

Hello Nifo,

That's fine, go ahead and skip that step and go straight to the kaspersky webscanner.

[Nifo]

Hi

Here is the results of the scan from Kaspersky's webscan.





Scan Text


Saturday, May 26, 2007 8:32:04 AM
Operating System: Microsoft Windows Millennium Edition
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/05/2007
Kaspersky Anti-Virus database records: 330140


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
a:\
c:\
d:\
e:\

Scan Statistics
Total number of scanned objects 107351
Number of viruses found 17
Number of infected objects 70 / 0
Number of suspicious objects 0
Duration of the scan process 05:54:47

Infected Object Name Virus Name Last Action
c:\_RESTORE\ARCHIVE\FS3.CAB/A1318203.CPY Infected: not-a-virus:AdWare.Win32.IGetNet.g skipped

c:\_RESTORE\ARCHIVE\FS3.CAB/A1318204.CPY Infected: not-a-virus:AdWare.Win32.IGetNet skipped

c:\_RESTORE\ARCHIVE\FS3.CAB/A1318207.CPY/data0002 Infected: Trojan-Downloader.Win32.Keenval.m skipped

c:\_RESTORE\ARCHIVE\FS3.CAB/A1318207.CPY/data0004 Infected: not-a-virus:AdWare.Win32.Keenval.a skipped

c:\_RESTORE\ARCHIVE\FS3.CAB/A1318207.CPY/data0006 Infected: not-a-virus:AdWare.Win32.Perfnav.d skipped

c:\_RESTORE\ARCHIVE\FS3.CAB/A1318207.CPY/data0007 Infected: Trojan-Downloader.Win32.Keenval.l skipped

c:\_RESTORE\ARCHIVE\FS3.CAB/A1318207.CPY/data0008 Infected: not-a-virus:AdWare.Win32.Keenval.a skipped

c:\_RESTORE\ARCHIVE\FS3.CAB/A1318207.CPY Infected: not-a-virus:AdWare.Win32.Keenval.a skipped

c:\_RESTORE\ARCHIVE\FS3.CAB/A1318210.CPY Infected: not-a-virus:AdWare.Win32.180Solutions skipped

c:\_RESTORE\ARCHIVE\FS3.CAB/A1318211.CPY Infected: not-a-virus:AdWare.Win32.180Solutions skipped

c:\_RESTORE\ARCHIVE\FS3.CAB CAB: infected - 10 skipped

c:\_RESTORE\LOGS\vxdsfp.log Object is locked skipped

c:\_RESTORE\LOGS\vxdalt1.log Object is locked skipped

c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbd Object is locked skipped

c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbk Object is locked skipped

c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbd Object is locked skipped

c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbk Object is locked skipped

c:\WINDOWS\SchedLog.Txt Object is locked skipped

c:\WINDOWS\Desktop\web\Kahli_setup.exe/data0005/data0002 Infected: not-a-virus:AdWare.Win32.Keenval.a skipped

c:\WINDOWS\Desktop\web\Kahli_setup.exe/data0005/data0003 Infected: not-a-virus:AdWare.Win32.Keenval.a skipped

c:\WINDOWS\Desktop\web\Kahli_setup.exe/data0005/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped

c:\WINDOWS\Desktop\web\Kahli_setup.exe/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped

c:\WINDOWS\Desktop\web\Kahli_setup.exe/data0010 Infected: not-a-virus:AdWare.Win32.IGetNet skipped

c:\WINDOWS\Desktop\web\Kahli_setup.exe/data0011/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

c:\WINDOWS\Desktop\web\Kahli_setup.exe/data0011/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

c:\WINDOWS\Desktop\web\Kahli_setup.exe/data0011 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

c:\WINDOWS\Desktop\web\Kahli_setup.exe NSIS: infected - 8 skipped

c:\WINDOWS\Desktop\web\Maeka_setup.exe/data0005/data0002 Infected: not-a-virus:AdWare.Win32.Keenval.a skipped

c:\WINDOWS\Desktop\web\Maeka_setup.exe/data0005/data0003 Infected: not-a-virus:AdWare.Win32.Keenval.a skipped

c:\WINDOWS\Desktop\web\Maeka_setup.exe/data0005/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped

c:\WINDOWS\Desktop\web\Maeka_setup.exe/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped

c:\WINDOWS\Desktop\web\Maeka_setup.exe/data0010 Infected: not-a-virus:AdWare.Win32.180Solutions skipped

c:\WINDOWS\Desktop\web\Maeka_setup.exe/data0011 Infected: not-a-virus:AdWare.Win32.IGetNet skipped

c:\WINDOWS\Desktop\web\Maeka_setup.exe/data0012/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

c:\WINDOWS\Desktop\web\Maeka_setup.exe/data0012/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

c:\WINDOWS\Desktop\web\Maeka_setup.exe/data0012 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

c:\WINDOWS\Desktop\web\Maeka_setup.exe NSIS: infected - 9 skipped

c:\WINDOWS\Desktop\web\setup_GoldMiner.exe/data0004 Infected: Trojan-Downloader.Win32.Keenval.c skipped

c:\WINDOWS\Desktop\web\setup_GoldMiner.exe/data0006/data0002 Infected: Trojan-Downloader.Win32.Keenval.k skipped

c:\WINDOWS\Desktop\web\setup_GoldMiner.exe/data0006/data0003 Infected: Trojan-Downloader.Win32.Keenval.c skipped

c:\WINDOWS\Desktop\web\setup_GoldMiner.exe/data0006 Infected: Trojan-Downloader.Win32.Keenval.c skipped

c:\WINDOWS\Desktop\web\setup_GoldMiner.exe/data0005 Infected: Trojan-Downloader.Win32.Keenval.m skipped

c:\WINDOWS\Desktop\web\setup_GoldMiner.exe/data0006/data0002 Infected: not-a-virus:AdWare.Win32.PowerSearch.b skipped

c:\WINDOWS\Desktop\web\setup_GoldMiner.exe/data0006/data0003 Infected: Trojan-Downloader.Win32.Keenval.c skipped

c:\WINDOWS\Desktop\web\setup_GoldMiner.exe/data0006 Infected: Trojan-Downloader.Win32.Keenval.c skipped

c:\WINDOWS\Desktop\web\setup_GoldMiner.exe NSIS: infected - 8 skipped

c:\WINDOWS\Sti_Trace.log Object is locked skipped

c:\WINDOWS\Sti_Event.log Object is locked skipped

c:\WINDOWS\wiaservc.log Object is locked skipped

c:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped

c:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

c:\WINDOWS\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

c:\WINDOWS\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

c:\WINDOWS\WIN386.SWP Object is locked skipped

c:\WINDOWS\canonbj\itp\itp32.exe Infected: Virus.Win9x.CIH skipped

c:\WINDOWS\canonbj\itp\remind32.exe Infected: Virus.Win9x.CIH skipped

c:\WINDOWS\Profiles\Dale Ghere\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

c:\WINDOWS\Profiles\Dale Ghere\Application Data\Identities\{9C01CCBC-D8E4-4D8B-8605-78529933190B}\Microsoft\Outlook Express\business.dbx/[From "eBay Inc." ][Date Sun, 05 Mar 2006 11:15:24 -0600]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.ln skipped

c:\WINDOWS\Profiles\Dale Ghere\Application Data\Identities\{9C01CCBC-D8E4-4D8B-8605-78529933190B}\Microsoft\Outlook Express\business.dbx/[From "eBay Inc." ][Date Sun, 05 Mar 2006 11:15:24 -0600]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ln skipped

c:\WINDOWS\Profiles\Dale Ghere\Application Data\Identities\{9C01CCBC-D8E4-4D8B-8605-78529933190B}\Microsoft\Outlook Express\business.dbx/[From "eBay Inc." ][Date Sun, 05 Mar 2006 11:15:24 -0600]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ln skipped

c:\WINDOWS\Profiles\Dale Ghere\Application Data\Identities\{9C01CCBC-D8E4-4D8B-8605-78529933190B}\Microsoft\Outlook Express\business.dbx/[From "eBay Inc." ][Date Tue, 07 Mar 2006 22:51:21 -0100]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.ln skipped

c:\WINDOWS\Profiles\Dale Ghere\Application Data\Identities\{9C01CCBC-D8E4-4D8B-8605-78529933190B}\Microsoft\Outlook Express\business.dbx/[From "eBay Inc." ][Date Tue, 07 Mar 2006 22:51:21 -0100]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ln skipped

c:\WINDOWS\Profiles\Dale Ghere\Application Data\Identities\{9C01CCBC-D8E4-4D8B-8605-78529933190B}\Microsoft\Outlook Express\business.dbx/[From "eBay Inc." ][Date Tue, 07 Mar 2006 22:51:21 -0100]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ln skipped

c:\WINDOWS\Profiles\Dale Ghere\Application Data\Identities\{9C01CCBC-D8E4-4D8B-8605-78529933190B}\Microsoft\Outlook Express\business.dbx/[From "eBay Inc." ][Date Wed, 08 Mar 2006 01:42:55 -0400]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.ln skipped

c:\WINDOWS\Profiles\Dale Ghere\Application Data\Identities\{9C01CCBC-D8E4-4D8B-8605-78529933190B}\Microsoft\Outlook Express\business.dbx/[From "eBay Inc." ][Date Wed, 08 Mar 2006 01:42:55 -0400]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ln skipped

c:\WINDOWS\Profiles\Dale Ghere\Application Data\Identities\{9C01CCBC-D8E4-4D8B-8605-78529933190B}\Microsoft\Outlook Express\business.dbx/[From "eBay Inc." ][Date Wed, 08 Mar 2006 01:42:55 -0400]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ln skipped

c:\WINDOWS\Profiles\Dale Ghere\Application Data\Identities\{9C01CCBC-D8E4-4D8B-8605-78529933190B}\Microsoft\Outlook Express\business.dbx/[From "PayPal" ][Date Mon, 06 Mar 2006 16:51:01 -0300]/UNNAMED/UNNAMED/html Infected: Trojan-Spy.HTML.Bayfraud.ju skipped

c:\WINDOWS\Profiles\Dale Ghere\Application Data\Identities\{9C01CCBC-D8E4-4D8B-8605-78529933190B}\Microsoft\Outlook Express\business.dbx/[From "PayPal" ][Date Mon, 06 Mar 2006 16:51:01 -0300]/UNNAMED/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ju skipped

c:\WINDOWS\Profiles\Dale Ghere\Application Data\Identities\{9C01CCBC-D8E4-4D8B-8605-78529933190B}\Microsoft\Outlook Express\business.dbx/[From "PayPal" ][Date Mon, 06 Mar 2006 16:51:01 -0300]/UNNAMED Infected: Trojan-Spy.HTML.Bayfraud.ju skipped

c:\WINDOWS\Profiles\Dale Ghere\Application Data\Identities\{9C01CCBC-D8E4-4D8B-8605-78529933190B}\Microsoft\Outlook Express\business.dbx Mail MS Outlook 5: infected - 12 skipped

c:\WINDOWS\Profiles\Dale Ghere\Cookies\index.dat Object is locked skipped

c:\WINDOWS\Profiles\Dale Ghere\History\History.IE5\index.dat Object is locked skipped

c:\WINDOWS\ExeDialer.exe Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess skipped

c:\Program Files\GameRival\GoldMiner\setup_incredifind_game_bundles.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval.k skipped

c:\Program Files\GameRival\GoldMiner\setup_incredifind_game_bundles.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.c skipped

c:\Program Files\GameRival\GoldMiner\setup_incredifind_game_bundles.exe NSIS: infected - 2 skipped

c:\Program Files\GameRival\GoldMiner\setup_powersearch_gamebar_with_track.exe/data0002 Infected: not-a-virus:AdWare.Win32.PowerSearch.b skipped

c:\Program Files\GameRival\GoldMiner\setup_powersearch_gamebar_with_track.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.c skipped

c:\Program Files\GameRival\GoldMiner\setup_powersearch_gamebar_with_track.exe NSIS: infected - 2 skipped

c:\Program Files\GameRival\GameBar\gamebar.dll Infected: not-a-virus:AdWare.Win32.PowerSearch.b skipped

c:\Program Files\CrazyMates\KeenValueInstall.exe/data0002 Infected: not-a-virus:AdWare.Win32.Keenval.a skipped

c:\Program Files\CrazyMates\KeenValueInstall.exe/data0003 Infected: not-a-virus:AdWare.Win32.Keenval.a skipped

c:\Program Files\CrazyMates\KeenValueInstall.exe/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped

c:\Program Files\CrazyMates\KeenValueInstall.exe NSIS: infected - 3 skipped

c:\Program Files\CrazyMates\euni_bbi8015.exe/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

c:\Program Files\CrazyMates\euni_bbi8015.exe/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped

c:\Program Files\CrazyMates\euni_bbi8015.exe NSIS: infected - 2 skipped

Scan process completed.

[RiP]

Hello Nifo,

Please download the Killbox by Option^Explicit. ( Save it to your desktop. )

Note: In the event you already have Killbox, this is a new version that I need you to download.

Run Killbox:

• Please double-click Killbox.exe to run it.
• Select:
  • Delete on Reboot
  • then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  c:\WINDOWS\Desktop\web\Kahli_setup.exe
  c:\WINDOWS\Desktop\web\Maeka_setup.exe
  c:\WINDOWS\Desktop\web\setup_GoldMiner.exe
  c:\WINDOWS\Downloaded Program Files\popcaploader.dll
  c:\WINDOWS\canonbj\itp\itp32.exe
  c:\WINDOWS\canonbj\itp\remind32.exe
  c:\WINDOWS\Profiles\Dale Ghere\Application Data\Identities\{9C01CCBC-D8E4-4D8B-8605-78529933190B}\Microsoft\Outlook Express\business.dbx
  c:\WINDOWS\ExeDialer.exe
  c:\Program Files\GameRival\GoldMiner\setup_incredifind_game_bundles.exe
  c:\Program Files\GameRival\GoldMiner\setup_powersearch_gamebar_with_track.exe
  c:\Program Files\CrazyMates\KeenValueInstall.exe
  c:\Program Files\CrazyMates\euni_bbi8015.exe
  
  
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Reboot into Normal Mode.

Please post back with a new Hijackthis log.

[Nifo]

Hi,

Here is the data from the new scan after running KillBox.




HiJacked re-scan.

Logfile of HijackThis v1.99.1
Scan saved at 12:32:39 AM, on 5/28/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\ptsnoop.exe
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.geocities.com/ghere_magic/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAM FILES\ICQTOOLBAR\TOOLBAR.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://www.geocities...m/ghere_magic/"); (C:\Program Files\Netscape\Users\judyfolsum\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRAM FILES\ICQTOOLBAR\TOOLBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YT.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] C:\COREL\OFFICE7\SHARED\QFINDER7\QFSCHED.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [ICQ Lite] "C:\Program Files\ICQLite\ICQLite.exe" -minimize
O4 - HKLM\..\Run: [ALiUSBfix] C:\WINDOWS\SYSTEM\GREENMK.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\SetPoint.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SpySweeper] "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE" -quiet
O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\PROGRAM FILES\ICQTOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\AIM\AIM.EXE
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMPANION\MODULES\MESSMOD4\V6\YHEXBMES.DLL (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\COMPANION\MODULES\MESSMOD4\V6\YHEXBMES.DLL (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_09\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_09\BIN\SSV.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (HKCU)
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPSWF32.dll
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot....ownload/kdx.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipbrowser.c...ite/fvliteY.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: Yahoo! Spades - http://download.game...nts/y/st2_x.cab
O16 - DPF: {4063B398-3FC7-433E-B23B-0460CE7EDC27} (MaxisMakinMagicTeleX Control) - http://thesims.ea.co...nMagicTeleX.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.game...r/goldfever.cab
O16 - DPF: ConferenceRoom Java Client - http://irc.ev1.net/java/cr.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.game...nx.1.0.0.55.cab
O16 - DPF: {192F9A01-8030-48CE-9BC6-B03DE3E613C6} (PeoplePC Web Installer) - https://www.peoplepc...oad/ppcwebi.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...ebscan_ansi.cab
O18 - Protocol: offline-8876480 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0 - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0s - {C0CE5C0E-C0C9-45B5-8BDC-7F459E1DB4BE} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\GAPLUGPROTOCOL-8876480.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\PROGRAM FILES\SUPERANTISPYWARE\SASWINLO.DLL
O21 - SSODL: zwqwTKv - {353C12DB-9F96-B871-A2BF-2DA664340C3F} - C:\WINDOWS\SYSTEM\LSW.DLL (file missing)

[RiP]

Hello Nifo,

How is your computer running now, are you still seeing any malware related problems?

[Nifo]

Hello,

My Computer is loading some web pages a little slow, but I have ran my AVG again and it did not find that Trogan. I am happy that it isn't there. Thank you so much.

Nifo.

[RiP]

Hello Nifo,

I'm glad to hear AVG isn't picking up the trojan anymore.

Let's start out by cleaning your restore points and setting a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
• Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  See this link for a listing of some online & their stand-alone antivirus programs:
  
  Virus, Spyware, and Malware Protection and Removal Resources
  
  
• Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
  
  For a tutorial on Firewalls and a listing of some available ones see the link below:
  
  Understanding and Using Firewalls
  
  
• Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  
  A tutorial on installing & using this product can be found here:
  
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

here are some additional utilities that will enhance your safety

• IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
• MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
• Google Toolbar <= Get the free google toolbar to help stop pop up windows.
• Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software

[Nifo]

Hi.

Sorry for the late reply and trying of what you suggested I was out of town for several days.

I tried what you asked and when I right clicked on my computer and opened the properties I did not see the system restore tab. I am running windows ME and not sure if that is the reason why. What else should I try?

Nifo

[RiP]

Hello Nifo,

My apologies, I forgot that you were running Windows ME, please disregard the system restore set of instructions.

[RiP]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.