Member Avatar for Micha31

I've been having a ton of random PopUp ads for no apparent reason. In safe mode, i've run the latest versions/updates of Spybot, AdAware, Ewido,and HiJack This.

This is my latest HJT log. To me, it looks like this "PLORER~1.exe" is causing the problem, but i haven't been able to get it to go away permanently. Any suggestions?

I don't know if i'm doing anything wrong or against procedure, but i've posted for help before a week or so ago without any response. please let me know if i should or shouldn't be doing something specific, as i'm deperate to get this issue resolved.

Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:52:15 AM, on 7/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Accessories\Anti-Spyware\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Accessories\Anti-Spyware\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Accessories\System TOOLz\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Accessories\Productivity TOOLz\Clipboard\PureText.exe
C:\Program Files\Accessories\Productivity TOOLz\File-Ex 3\FileEx.exe
C:\Program Files\Accessories\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Accessories\Productivity TOOLz\RemoteKeys\RemoteKeys.exe
C:\Program Files\Accessories\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Accessories\Productivity TOOLz\anti-spam\iHateSpam 4.0.412\siMain.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Accessories\Productivity TOOLz\anti-spam\iHateSpam 4.0.412\siSpamFilterEngine.exe
C:\Program Files\Browsers\Firefox\firefox.exe
C:\Program Files\Accessories\Anti-Spyware\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {4C926EC4-AD76-A8F5-0EE0-F74A33ABFBC4} - C:\WINDOWS\System32\cjgwfwm.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CBrowsers%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\micha31\Application Data\Mozilla\Profiles\default\qh7dbkbi.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4C926EC4-AD76-A8F5-0EE0-F74A33ABFBC4} - C:\WINDOWS\System32\cjgwfwm.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ACCESS~1\ANTI-S~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\ACCESS~1\AUDIOT~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\Accessories\Anti-Spyware\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\Accessories\System TOOLz\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [PureText] "C:\Program Files\Accessories\Productivity TOOLz\Clipboard\PureText.exe"
O4 - HKCU\..\Run: [Ebdd] C:\WINDOWS\MCROSO~1\PLORER~1.EXE
O4 - Global Startup: File-Ex.lnk = C:\Program Files\Accessories\Productivity TOOLz\File-Ex 3\FileEx.exe
O4 - Global Startup: iTouch Configuration.lnk = C:\Program Files\Accessories\Logitech\iTouch\iTouchcf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Accessories\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Shortcut to RemoteKeys.lnk = C:\Program Files\Accessories\Productivity TOOLz\RemoteKeys\RemoteKeys.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138571150656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138571136468
O18 - Protocol: bw+0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: csrss.dll C:\WINDOWS\System32\csrss.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Accessories\Anti-Spyware\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

  • 2 Contributors
  • 2 Replies
  • 192 Views
  • 5 Days Discussion Span
  • Latest Post Latest Post by Micha31

Recommended Answers

All 2 Replies

Member Avatar for crunchie

Can you please do the following.

===============

Please visit at least two of the following sites for an online virus scan:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp
Make sure you tick Auto Clean.
When it completes, post back the full filename of any files that cannot be cleaned or deleted.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

===============

Scan with HiJackThis, then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R3 - URLSearchHook: (no name) - {4C926EC4-AD76-A8F5-0EE0-F74A33ABFBC4} - C:\WINDOWS\System32\cjgwfwm.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {4C926EC4-AD76-A8F5-0EE0-F74A33ABFBC4} - C:\WINDOWS\System32\cjgwfwm.dll (file missing)

O4 - HKCU\..\Run: [Ebdd] C:\WINDOWS\MCROSO~1\PLORER~1.EXE

O20 - AppInit_DLLs: csrss.dll C:\WINDOWS\System32\csrss.dll


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\WINDOWS\MCROSO~1

files...

C:\WINDOWS\System32\csrss.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============


When your done, rescan your system and make sure the following isn't present:

N3 - Netscape ... 5CSBWeb_01.src (or) 5CSBWeb_02.src

If it is, then fix that entry again; sometimes it'll take more than one pass. The actual entry is ok, and won't be deleted, it's the java wrapper marked in red that needs to be removed.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

Member Avatar for Micha31

On top of this whole adware/spyware issue, i've just hada drive fail on me. I'm trying to get that taken care of, as soon as i do, i will implement all of the suggestions you've made here and post back with the results. Thank you very much for taking the time to respond.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.