Recently I got a virus that attacks my windows\temp folder. Every minute or so, my AV program (command antivirus) pops up with a new message that there was an error trying to disinfect a file (or more). There are files appearing in my windows temp folder with names like win3e,win24,winf8, and so on .temp.exe
Even when I clear out the folder, more files still appear.

Thanks for any help you can offer.

Download Hijack This 1.99.1 here

,install it and "Do A System Scan Only". Click on "SCAN" at the bottom. Once it's finished click on "Save Log" and save it as a .txt file. DO NOT fix anything! This is a pretty powerful tool. Be sure that the program is in its own folder on the root drive (eg. C:/HJT). If it's saved in a temp folder it won't be able to make back-ups if needed. Also be sure that while it's running that all other windows are closed. Then copy and paste the log back here and I'll take a look at it for you.

You may also be interested in a Panda scan but let's see what comes up in the Hijack log first. Let's not bother with extra work just yet until we know what we're getting into.

Proud member of Alliance of Security Analysis Professionals since 2005. ASAP

thanks, here is the log

Logfile of HijackThis v1.99.1
Scan saved at 7:28:55 PM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\untray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nathan\Desktop\av tools\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\COMMAN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Get Flash by &Arty Flash Ripper - C:\Documents and Settings\Nathan\Desktop\Nathan's Stuff\FlashRipper\IEMenu.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avinitnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: schscnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Yep, I'm still searching but we have a couple problems. I'll be back with what I'd like you to do to get rid of this garbage but I'd like you to do a Panda Spyxposer Scan while you're waiting to see what else it can bring up. I'd appreciate it if you put the log up here for me.

Proud member of Alliance of Security Analysis Professionals since 2005. ASAP

wow, there sure is a lot of crap here
this is the spy xposer log:

Incident Status Location

Adware:Adware/Exact.SearchBar Reported C:\WINDOWS\system32\nvms.dll
Adware:Adware/PurityScan Reported C:\WINDOWS\system32\winmyy32.dll
Adware:adware/exact.bargainbuddy Reported c:\windows\system32\exclean.exe
Adware:adware/exact.searchbar Reported c:\windows\system32\nvms.dll
Adware:adware/dollarrevenue Reported c:\windows\keyboard11.dat
Spyware:Cookie/Azjmp Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstNet Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Tribalfusion Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Casalemedia Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Tribalfusion Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Casalemedia Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Atlas DMT Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/BurstBeacon Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Adserver Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/FastClick Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Adserver Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Mediaplex Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tradedoubler Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Overture Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.overture.com/]
Spyware:Cookie/Traffic Marketplace Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Doubleclick Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/RealMedia Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/adultfriendfinder Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/cs.sexcounter Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/SexList Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.sexlist.com/]
Spyware:Cookie/DomainSponsor Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/PointRoll Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Bluestreak Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Com.com Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.com.com/]
Spyware:Cookie/Statcounter Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Entrepreneur Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/24/7 Realmedia Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/QuestionMarket Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Falkag Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Valueclick Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/WUpd Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Screensavers Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/Zedo Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Overture Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Serving-sys Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Apmebf Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/PayCounter Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Hitbox Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Maxserving Reported C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Atlas DMT Reported C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Traffic Marketplace Reported C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt[.advertising.com/]
Spyware:Cookie/RealMedia Reported C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Reported C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/2o7 Reported C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Overture Reported C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt[.perf.overture.com/]
Adware:Adware/IST.ISTBar Reported C:\Documents and Settings\Nathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-31f07ceb-149a6043.zip[javainstaller/InstallerApplet.class]
Adware:Adware/IST.ISTBar Reported C:\Documents and Settings\Nathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-31f07cec-720bdfe2.zip[javainstaller/InstallerApplet.class]
Adware:Adware/IST.ISTBar Reported C:\Documents and Settings\Nathan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-31f09a68-3eaf417c.zip[javainstaller/InstallerApplet.class]
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Nathan\Cookies\nathan@advertising[1].txt
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Nathan\Cookies\nathan@belnk[1].txt
Spyware:Cookie/Casalemedia Reported C:\Documents and Settings\Nathan\Cookies\nathan@casalemedia[1].txt
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Nathan\Cookies\nathan@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Reported C:\Documents and Settings\Nathan\Cookies\nathan@doubleclick[1].txt
Spyware:Cookie/Statcounter Reported C:\Documents and Settings\Nathan\Cookies\nathan@statcounter[2].txt
Adware:Adware/Exact.SearchBar Reported C:\Documents and Settings\Nathan\Desktop\av tools\backups\backup-20060502-185756-684.dll
Adware:Adware/PicsPlace Reported C:\Documents and Settings\Nathan\Local Settings\Temporary Internet Files\Content.IE5\E79949NG\srvnfh[1].exe

Please download Look2Me-Destroyer to your desktop.

Close all windows before continuing.

Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task

You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button .
Your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button .

You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK
Your computer will then shutdown.

Turn your computer back on.

If you receive a runtime error '339' please download MSWINSCK.OCX from this link and place it in your C:\Windows\System32 Directory.

After that scan has done its thing. Open HijackThis and do a scan . Place a check next to this entry:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

and click on fix checked

I would like you to then download Cleanup451

WARNING ABOUT CLEANUP. IT DELETES EVERYTHING FROM YOUR TEMPORARY FOLDERS AND DOES NOT MAKE BACK UPS. IF YOU HAVE ANYTHING THAT YOU WOULD LIKE TO KEEP IN A TEMPORARY FOLDER, MOVE IT NOW.

Open Cleanup by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!

Check the following:
Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users
Bookmarks are optional here. But it's worthwhile to get rid of them.
Uncheck the following :
Scan local drives for temporary files

Click OK, Press the CleanUp! button to start the program. If prompted to reboot, do so.

Then do a search/find for "cookie". Delete all instances.

Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

Proud member of Alliance of Security Analysis Professionals since 2005. ASAP

That Panda scan shows quite a pile of stuff. If you don't already, download spybot and ad-aware se personal. Run them both in safe mode. You should have enough to keep you busy for tonight. I'll be back tomorrow afternoon to see how things are going and to look over your new logs. There's still one thing in your first log that has me questioning something but we can deal with that later.

Proud member of Alliance of Security Analysis Professionals since 2005. ASAP

ok, first here is the logfile from look2me:

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 5/2/2006 9:20:04 PM

Attempting to delete infected files...

Making registry repairs.

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

now is the new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 9:39:52 PM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\untray.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nathan\Desktop\av tools\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\COMMAN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Get Flash by &Arty Flash Ripper - C:\Documents and Settings\Nathan\Desktop\Nathan's Stuff\FlashRipper\IEMenu.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avinitnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: schscnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Please someone help me e-mail or tell me what to delete I have a gun to my head an the popup sound is pulling the trigger!
Logfile of HijackThis v1.99.1
Scan saved at 2:44:48 PM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atmclk.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Xfire\xfiremusic.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Electronic Arts\EA Downloader\Core.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Matt Buresh\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Nothing - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - C:\WINDOWS\system32\hp5D81.tmp
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MBM 5] "C:\Program Files\Motherboard Monitor 5\MBM5.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Xfire Music] "C:\Program Files\Xfire\xfiremusic.exe"
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EA Downloader\Core.exe -silent
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} (Panasonic Network Camera) - http://cam1.uat.edu/SysCamInst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1140726706546
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://www.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

DON'T POST THAT HERE

create your own topic rather than using someone else's please!

To Kill switch. I'll help you if you create a new topic. Go to start new thread in the top left corner and request that someone take a look at your HJT log. You can't paste HJT logs unless someone requests them. I'll help you out if you start a new thread.

Proud member of Alliance of Security Analysis Professionals since 2005. ASAP

Sorry guys, it was my first post on these fine forums ;-P

okay
please stay with me...

It looks like we're in for a fight.

Download and unzip Avenger to your desktop.

Start up Avenger.
Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, copy,then paste the following bold text:

File to delete:

C:\WINDOWS\SYSTEM32\winmyy32.dll

Then click on 'Done'.
Click the Traffic Light icon to start the program.
Then press OK at the prompts to reboot your PC.

After the reboot,

Open hijackthis, scan and place a check mark next to the following if it remains.

O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll

If prompted to reboot. DON'T unless you have no choice.

Then,,

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All - Uncheck cookies if you do not want them removed.
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All - Uncheck cookies if you do not want them removed.
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first.

1. Download Ewido security suite
2. After the download is complete, double click on the file to launch the install process.
3. During installation under the Additional Options menu, you will be asked if you want to "Install background guard (required for automatic updates)" and "Install scan via context menu". Please UNCHECK both of these options.
4. Once installation is complete, launch Ewido by double-clicking the big "E" icon on your desktop. The program will prompt you to update -- click the 'OK' button.
5. The program will now go to the main screen. On the left hand side of the main screen, click on Update and then click 'Start Update'. The update will start and a progress bar will show the updates being installed. After the updates are installed, you will see 'Update Successful' in the lower left corner.
6. Click on 'Scanner' (the 3rd bar from the top on the left) and Choose 'Settings'
7. Please make sure 'Scan Every File' is selected. Finally, please click 'OK'
8. On the main screen, please select 'Complete System Scan' and the scan should begin.
9. While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose clean, then put a check next to 'Perform action on all infections' in the the box. Doing this, enables the scan to proceed automatically until its completion. Click OK
10. When the scan is complete, click "Save Report". Your scan results will be saved in a textfile. Please submit that with your next post.

If Ewido "crashes" or "hangs" during the scan, try scanning again by doing this:

1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.

Then reboot,

Then,

Download Blacklite to C:\

Do not rut it yet

Go start>run and paste or type in

c:/blbeta.exe /expert

Click ok or press enter, scan with Blacklite > next then exit. There will be a new log next to blacklite, post it please.

Scan again and post a fresh hijackthis log.
Post the contents of the C:\avenger.txt file.
Post the contents of the log created by Ewido.

This may seem to be quite a bit to do but I'm getting vengeful seeing as that entry doesn't want to go away. How is your computer running before and after the above?

Proud member of Alliance of Security Analysis Professionals since 2005. ASAP

okay, this is long

first is the ewido report

ewido anti-malware - Scan report

+ Created on: 7:53:47 PM, 5/3/2006
+ Report-Checksum: 636E82FB

+ Scan result:

HKU\S-1-5-21-3183029923-439180612-3390971010-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BE2ED590-CA49-46B5-8CCE-244FB2E0D1AA} -> Adware.WebDir : Cleaned with backup
C:\avenger\backup.zip/avenger/winmyy32.dll -> Trojan.Agent.qt : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.298:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.303:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.366:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\17c55o55.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Naomi\Application Data\Mozilla\Firefox\Profiles\ew7403yw.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Nathan\Desktop\av tools\backups\backup-20060502-185756-684.dll -> Adware.BargainBuddy : Cleaned with backup
C:\Documents and Settings\Nathan\Desktop\av tools\backups\backup-20060502-185756-788.dll -> Adware.Webdir : Cleaned with backup
C:\Documents and Settings\Nathan\Desktop\Nathan's Stuff\Roms and emulators\emulators\New Folder\Craagle.exe -> Adware.Craagle : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\emzunmc7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\emzunmc7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\emzunmc7.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\emzunmc7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Philip\Application Data\Mozilla\Firefox\Profiles\emzunmc7.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup

::Report End

now is the avenger log

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dqebyxbf

*******************

Script file located at: \??\C:\Documents and Settings\uoiswnyc.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\SYSTEM32\winmyy32.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

now is the blacklite log

05/03/06 20:01:02 [Info]: BlackLight Engine 1.0.36 initialized
05/03/06 20:01:02 [Info]: OS: 5.1 build 2600 (Service Pack 2)
05/03/06 20:01:02 [Note]: 7019 4
05/03/06 20:01:02 [Note]: 7005 0
05/03/06 20:01:11 [Note]: 7006 0
05/03/06 20:01:11 [Note]: 7022 0
05/03/06 20:01:11 [Note]: 7011 2456
05/03/06 20:01:11 [Note]: 7026 0
05/03/06 20:01:11 [Note]: 7026 0
05/03/06 20:01:11 [Note]: FSRAW library version 1.7.1015
05/03/06 20:05:13 [Note]: 7007 0

finally, the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 8:06:23 PM, on 5/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\untray.exe
C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nathan\Desktop\av tools\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\COMMAN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\COMMAN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\COMMAN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\COMMAN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Get Flash by &Arty Flash Ripper - C:\Documents and Settings\Nathan\Desktop\Nathan's Stuff\FlashRipper\IEMenu.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avinitnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\avinitnt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: schscnt - Command Software Systems, Inc. - C:\Program Files\Command Software\Command AntiVirus\schscnt.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

okay
my av program did not pop up saying I am infected after the most recent reboot, which is what it did every time before I did all of this major cleaning. My temp folder is also empty, for now at least. I will know if the virus (at least the one I originally asked about!) is gone if more files do not appear there anytime soon.
I hope this made a difference.

It looks like me getting a little mean with that seemed to work pretty. Your new Hijack log looks pretty good and everything else came up without a hitch.

One thing I would suggest is putting up a firewall. Try AVG free and see how it works for you. Install it and check for updates.

Another good program is SpywareBlaster 3.5.1 . It'll help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

There's lots of programs like these but I'd recommend these. It's up to you as to wether you want to install them or not but it would save these instances.

Post back in a couple days to let me know things went for you.

Stay clean. :D

Proud member of Alliance of Security Analysis Professionals since 2005. ASAP

thank you very much!
it seems to have worked, and I am currently downloading the new software

thanks for all of your time and help