0

I've been having a ton of random PopUp ads for no apparent reason. In safe mode, i've run the latest versions/updates of Spybot, AdAware, Ewido,and HiJack This.

This is my latest HJT log. To me, it looks like this "PLORER~1.exe" is causing the problem, but i haven't been able to get it to go away permanently. Any suggestions?

I don't know if i'm doing anything wrong or against procedure, but i've posted for help before a week or so ago without any response. please let me know if i should or shouldn't be doing something specific, as i'm deperate to get this issue resolved.

Thank you.

Logfile of HijackThis v1.99.1
Scan saved at 11:52:15 AM, on 7/19/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Accessories\Anti-Spyware\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Accessories\Anti-Spyware\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Accessories\System TOOLz\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Accessories\Productivity TOOLz\Clipboard\PureText.exe
C:\Program Files\Accessories\Productivity TOOLz\File-Ex 3\FileEx.exe
C:\Program Files\Accessories\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Accessories\Productivity TOOLz\RemoteKeys\RemoteKeys.exe
C:\Program Files\Accessories\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Accessories\Productivity TOOLz\anti-spam\iHateSpam 4.0.412\siMain.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Accessories\Productivity TOOLz\anti-spam\iHateSpam 4.0.412\siSpamFilterEngine.exe
C:\Program Files\Browsers\Firefox\firefox.exe
C:\Program Files\Accessories\Anti-Spyware\HiJack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R3 - URLSearchHook: (no name) - {4C926EC4-AD76-A8F5-0EE0-F74A33ABFBC4} - C:\WINDOWS\System32\cjgwfwm.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CBrowsers%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\micha31\Application Data\Mozilla\Profiles\default\qh7dbkbi.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4C926EC4-AD76-A8F5-0EE0-F74A33ABFBC4} - C:\WINDOWS\System32\cjgwfwm.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\ACCESS~1\ANTI-S~1\SPYBOT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: TextAloud - {F053C368-5458-45B2-9B4D-D8914BDDDBFF} - C:\PROGRA~1\ACCESS~1\AUDIOT~1\TEXTAL~1\TAForIE.dll
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\Accessories\Anti-Spyware\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [LDM] C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [TaskSwitchXP] C:\Program Files\Accessories\System TOOLz\TaskSwitchXP\TaskSwitchXP.exe
O4 - HKCU\..\Run: [PureText] "C:\Program Files\Accessories\Productivity TOOLz\Clipboard\PureText.exe"
O4 - HKCU\..\Run: [Ebdd] C:\WINDOWS\MCROSO~1\PLORER~1.EXE
O4 - Global Startup: File-Ex.lnk = C:\Program Files\Accessories\Productivity TOOLz\File-Ex 3\FileEx.exe
O4 - Global Startup: iTouch Configuration.lnk = C:\Program Files\Accessories\Logitech\iTouch\iTouchcf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Accessories\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Shortcut to RemoteKeys.lnk = C:\Program Files\Accessories\Productivity TOOLz\RemoteKeys\RemoteKeys.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: cpcScanner - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138571150656
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138571136468
O18 - Protocol: bw+0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E6EB93BE-D427-44C1-A624-23ECBAD6582E} - C:\Program Files\Accessories\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: csrss.dll C:\WINDOWS\System32\csrss.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\Accessories\Anti-Spyware\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

2
Contributors
2
Replies
3
Views
11 Years
Discussion Span
Last Post by Micha31
0

Can you please do the following.

===============

Please visit at least two of the following sites for an online virus scan:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp
Make sure you tick Auto Clean.
When it completes, post back the full filename of any files that cannot be cleaned or deleted.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx

===============

Scan with HiJackThis, then check(tick) the following, if present:


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R3 - URLSearchHook: (no name) - {4C926EC4-AD76-A8F5-0EE0-F74A33ABFBC4} - C:\WINDOWS\System32\cjgwfwm.dll (file missing)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {4C926EC4-AD76-A8F5-0EE0-F74A33ABFBC4} - C:\WINDOWS\System32\cjgwfwm.dll (file missing)

O4 - HKCU\..\Run: [Ebdd] C:\WINDOWS\MCROSO~1\PLORER~1.EXE

O20 - AppInit_DLLs: csrss.dll C:\WINDOWS\System32\csrss.dll


Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure you are able to view system and hidden files/ folders:

folders...

C:\WINDOWS\MCROSO~1

files...

C:\WINDOWS\System32\csrss.dll

-

Note that some of these file(s)/folder(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============


When your done, rescan your system and make sure the following isn't present:

N3 - Netscape ... 5CSBWeb_01.src (or) 5CSBWeb_02.src

If it is, then fix that entry again; sometimes it'll take more than one pass. The actual entry is ok, and won't be deleted, it's the java wrapper marked in red that needs to be removed.

===============

After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.

0

On top of this whole adware/spyware issue, i've just hada drive fail on me. I'm trying to get that taken care of, as soon as i do, i will implement all of the suggestions you've made here and post back with the results. Thank you very much for taking the time to respond.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.