Hijack This Registry Help Needed!! Please!!!

Hi kdkester and welcome to A2K,
A couple things you need to do here,
First
Print out these instructions, As getting back online before running all the fix's will reinfect you. ( Download Ad-aware and CWS but don't run them yet, But run them they way outlined below, Be sure and check for updates after you download them)

Next
Please go Here and unzip the newest version of HJT into a new dedicated folder,
Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt.
Unzip HijackThis into this folder.

Next
Dowload the following program

CWShredder
It should be the current version, but check for updates

Run Program cwshredder and have it fix anything it finds.

Make sure you click the "Fix" button

Next
Download Ad-aware CHECK FOR UPDATES.
Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:

check: "Unload recognized processes during scanning."
- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:

Check: "Let Windows remove files in use after reboot."
Press "Scan Now"
- Check option "Use Custom scanning options"
- Check option "Activate In-Depth Scan"
- Press "Select drives\folders to scan"
- Select the active partition which is usually C:
Now press "Next" to let Ad-aware scan your drives...
It will find a number of "bad" files and registry keys.
Right-click in that pane and choose "select all"

Now press "Next" again.
It will ask you whether you'd like to remove all checked items. Click OK."

Next
Download AboutBuster
Then Unzip it to your desktop..

First, reboot into 'SAFE MODE'. (By tapping the F8 key on start up)
Next:
Run About Buster twice in safe Mode Save the logs it generates,
While still in safe mode,
Please restart HJT put a check next to the following if they still exist, close all open windows and click "fix.checked"
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\SHG\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\SHG\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\SHG\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\SHG\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\SHG\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\SHG\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {7CD02961-1B5F-403A-8663-A57A83FB62E4} - C:\WINDOWS\System32\nmg.dll


make sure you can view all View all Hidden Files/Folders search for and delete the following in BOLD if still present
C:\WINDOWS\System32\nmg.dll

Restart your computer,

Run About Buster twice again please, Again save the log from it.

Next
Run a scan with Ad-aware and CWS,
Next
Restart your computer
and post back all the logs from AboutBuster and a fresh HJT log please.

Dear Don77,

Thank you for your suggestions. I think I followed all the instructions to the T. When I ran About Buster the second time it replaced my first log file so I have attached my second log file and the fresh HJT Log. When I ran About Buster, I got a error warning probably 10 or 15 times that it couldn't delete C:\WINDOWS\System32\comahak.dll. The last scan on ad aware didn't detect any new objects and CWS said my system was completely clean. Thanks again for all your help!!!

Scanned at: 10:26:51 AM on: 9/21/2004


-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!






Scanned at: 10:38:13 AM on: 9/21/2004


-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Error Removing! : C:\WINDOWS\System32\comahak.dll
Attempted Clean Of Temp folder.
Pages Reset... Done!



Logfile of HijackThis v1.98.2
Scan saved at 11:00:24 AM, on 9/21/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\SHG\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O17 - HKLM\Software\..\Telephony: DomainName = gurneelaw.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O20 - AppInit_DLLs: C:\WINDOWS\System32\comahak.dll

kdkester
Could you reboot to safe mode and run AboutBuster again please,
Post back the log it generates with a fresh HJT log please

Alright Dan here you go. Thanks again.

Scanned at: 9:59:09 AM on: 9/22/2004


-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!


Logfile of HijackThis v1.98.2
Scan saved at 9:56:22 AM, on 9/22/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\SHG\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O17 - HKLM\Software\..\Telephony: DomainName = gurneelaw.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gurneelaw.corp

Hi again kdkester
Dan Don I'll answer to anything

Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it hjt. Drag HJT into it please, Don't want it sitting in a Temp folder.

Your log looks fine now, Any further problems ?

Sorry Don, just a typo. I've moved Hijack This into the folder, and everything else seems to be working fine. I can't thank you enough for all your help. I really appreciate it.

No problem kdkester.
Your very welcome glad we could help,

Download the following programs, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.

Download Spyware Blaster and SpywareGaurd

Check for updates after you install them, And check weekly as well

Dear Don 77,

Hello. You had helped me with this issue in the past, and I have another user who got themselves in some hot water and was hoping that you might be able to help me out again. I ran CWShredder and clicked the fix button. The I ran ad aware scanned and rebooted. I started the computer in safe mode and ran About Buster twice and saved the log file. I restarted and ran Ad Aware and CWS again and restarted. I ran HJT and created a log. I am attaching my logs from About Buster and Hijack This. If you could please let me know what I need to get rid of or where to go from here I would sure appreciate it. Thanks!



Scanned at: 11:03:31 AM on: 11/29/2004


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 18

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 18

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

Scanned at: 11:03:31 AM on: 11/29/2004


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 18

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 18

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!






Scanned at: 11:32:33 AM on: 11/29/2004


-- Scan 1 ---------------------------
About:Buster Version 4.0
Reference List : 18

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

-- Scan 2 ---------------------------
About:Buster Version 4.0
Reference List : 18

No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!

Logfile of HijackThis v1.98.2
Scan saved at 11:53:47 AM, on 11/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\ctfmon.exe
C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\HJT\HijackThis.exe

R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: CATLEvents Object - {30279F2D-1A38-4785-97D4-5C3508BDB289} - C:\DOCUME~1\LO\LOCALS~1\Temp\cvsbil.dat (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [*binjava] C:\WINNT\Cursors\binjava.exe
O4 - HKLM\..\Run: [*drvdisk] C:\WINNT\Microsoft.NET\drvdisk.exe
O4 - HKLM\..\Run: [*libsvc] C:\WINNT\Cursors\libsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyMailStationeryInitialSetup1.0.0.8.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50189/QDow_AS2.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32651.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gurneelaw.corp

Hi again kdkester, Would be glad to,

Please go here and run Panda Active scan

Also as an FYI, Need to be careful running programs like AboutBuster, Have seen a couple of instances where it has deleted legit files, Want to be careful running tools like this,

Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe << Delete Folder
C:\PROGRA~1\Toolbar\TBPS.exe << Delete Folder


Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: CATLEvents Object - {30279F2D-1A38-4785-97D4-5C3508BDB289} - C:\DOCUME~1\LO\LOCALS~1\Temp\cvsbil.dat (file missing)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/MyMailStationeryInitialSetup1.0.0.8.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50189/QDow_AS2.cab


Restart your computer,
We will have a few more to fix but I want to see what the panda scan finds
Restart HJT and post back a fresh log please

Hi Don77,

Thanks so much for helping me out again. Panda Scan found two infected emails, but nothing else. I deleted the emails and followed your other instructions accordingly. I have attached my logs from Panda Scan and my HJT log. Please let me know if I should do anything further. Thanks again!


Incident Status Location

Virus:Trj/Citifraud.A Disinfected Mailbox - Lyn Overton\Inbox\CitiBank: Urgent Security Notice For All Clients\MSG_RTF.TXT
Virus:Trj/Citifraud.A Disinfected Mailbox - Lyn Overton\Inbox\Citibank official notice.\MSG_RTF.TXT
Logfile of HijackThis v1.98.2
Scan saved at 7:31:49 PM, on 11/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [*binjava] C:\WINNT\Cursors\binjava.exe
O4 - HKLM\..\Run: [*drvdisk] C:\WINNT\Microsoft.NET\drvdisk.exe
O4 - HKLM\..\Run: [*libsvc] C:\WINNT\Cursors\libsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32651.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gurneelaw.corp

Hi again,
Do you know what the following are ?
I can't find any info on them so I suspect they are malware,
If you do regonize them don't fix them, If not.

Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
O4 - HKLM\..\Run: [*binjava] C:\WINNT\Cursors\binjava.exe
O4 - HKLM\..\Run: [*drvdisk] C:\WINNT\Microsoft.NET\drvdisk.exe
O4 - HKLM\..\Run: [*libsvc] C:\WINNT\Cursors\libsvc.exe


Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD

C:\WINNT\Cursors\binjava.exe
C:\WINNT\Microsoft.NET\drvdisk.exe
C:\WINNT\Cursors\libsvc.exe

Restart your computer, Post back a fresh log please,

Let us know how the machine is running

Hi Don,

Well I deleted those files and the machine seems to be running great. However, all the junk seems to running rampant in my office. I have one more log I was hoping you could take a look at. I updated our internal antivirus and ran a scan and it didn't find anything. Panda scan found a virus in a deleted message which I permanently deleted and didn't find anything when I scanned again. Ad Aware didn't turn up anything, but this machine is running terribly and crashing every few hours. Please let me know if you see anything. Thanks!

Logfile of HijackThis v1.97.7
Scan saved at 4:56:18 PM, on 12/2/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\kdx\KHost.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\bin\kontiki.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\WINNT\explorer.exe
C:\HJT\HijackThis.exe

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309190.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [HPLJ Config] C:\Program Files\Hewlett-Packard\hp LaserJet 1150_1300\SetConfig.exe -c -p -pn "HP 1300 PCL 6" -n -l 1033 -sl 120000
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [kdx] C:\WINNT\kdx\KHost.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [cnet] "C:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm00640US
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Add to Library (HKLM)
O12 - Plugin for .efp: C:\Program Files\Internet Explorer\Plugins\NPEFPrn.dll
O12 - Plugin for .efv: C:\Program Files\Internet Explorer\Plugins\NPEFV.dll
O12 - Plugin for .fmp: C:\Program Files\Internet Explorer\Plugins\NPFMP.dll
O12 - Plugin for .fmr: C:\Program Files\Internet Explorer\Plugins\NPFME.dll
O12 - Plugin for .ifx: C:\Program Files\Internet Explorer\Plugins\NPWebPrn.dll
O12 - Plugin for .lfx: C:\Program Files\Internet Explorer\Plugins\NPLaunch.dll
O12 - Plugin for .mwp: C:\Program Files\Internet Explorer\Plugins\NPMWPrn.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\Plugins\NPTVP.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.2) - https://java.sun.com/products/plugin/autodl/jinstall-1_4-windows-i586.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/4047/ftp.coupons.com/v3123/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37873.4664930556
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gurneelaw.corp

Sure thing,

Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab

Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the following in BOLD

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE <Delete Folder

Restart your computer, Post back a fresh log please

Dear Don77,

I have another machine that has me really stumped. I have gone through the usual course of events. I updated everything, ran a Panda Scan which found one virus which I deleted. I ran Ad-Aware and quarantined everything it found. For some reason the user is still getting pop up advertising even when not surfing the net. I am posting a Hijack this log. If at your leisure you could take a look and see if you see anything or have any suggestions. I would be most appreciative. Thanks!

Kim

Dear Don 77,

Oops forgot to attach the log

Logfile of HijackThis v1.99.0
Scan saved at 5:03:39 PM, on 12/20/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\system32\mcpecflx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Everstrike Software\Folder Crypto Password\fppservice.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\SYSfit.exe
C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
C:\PROGRA~1\COMMON~1\tsa\ts2.exe
C:\PROGRA~1\Web Offer\wo.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINNT\system32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [wjpteehejhj] C:\WINNT\system32\mcpecflx.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Explorer] C:\WINNT\system32\shellexp.exe en
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [SYSfit] C:\WINNT\SYSfit.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} (PremiumHTML Class) - http://www.accesoplugin.com/dialercab/IberoDialerHTML.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {C886256C-7A63-4213-AD2F-02AD3735DF06} (AtlCtrl Class) - http://dl.adshooter.com/code/SYSsfitb.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O18 - Protocol: bw+0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoToMyPC - Citrix Online - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

Thanks Again!!!

Kim

Hi again Kim,
Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [wjpteehejhj] C:\WINNT\system32\mcpecflx.exe
O4 - HKCU\..\Run: [Explorer] C:\WINNT\system32\shellexp.exe en
O4 - HKCU\..\Run: [DR_S] C:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [SYSfit] C:\WINNT\SYSfit.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe


Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the above files highlighted in BOLD
C:\WINNT\mxTarget.dll
C:\WINNT\system32\mcpecflx.exe
C:\WINNT\SYSfit.exe
C:\PROGRA~1\COMMON~1\tsa\tsm2.exe < Delete Folder
C:\PROGRA~1\COMMON~1\tsa\ts2.exe < Delete Folder
C:\PROGRA~1\Web Offer\wo.exe < Delete Folder
C:\Program Files\DR_S\DR_S.exe < Delete Folder
Restart your computer,

Please remove Ad-aware 6

Download Ad-Aware SE
Use the: "Check for Updates Now" option and download the latest reference files
Use the Start button, and on the next window, select: Perform Full System Scan
Press Next, and let Ad-aware scan the hard drive
When finished, right-click the window with the entries, choose: Select All from the menu, and click Next
Once AdAware has removed the entries, close the program
Restart the computer
Restart HJT
Post back a fresh log please

Dear Don,

Well this one is being particularly tricky. I checked the items you had told me in HJT. I rebooted in Safe Mode & deleted the files you said, but could not find the DR_S.exe file. I rebooted again and removed Ad Aware 6.0. I downloaded SE, but everytime I try to open the program I get the message "Ad-Aware.exe has generated errors and will be closed by Windows. You will need to restart the program. An error log is being created. I have tried uninstalling and reinstalling. I searched for any folders that may contain files from old versions and deleted them. I tried to download from a different site, all to no avail. So, I'm posting a new HJT log and I hope that you will be able to tell me how to proceed from here. Thanks for all your help.

Kim

Logfile of HijackThis v1.99.0
Scan saved at 10:37:57 AM, on 12/21/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\WINNT\system32\regsvc.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\HJT\HijackThis.exe

O2 - BHO: MxTargetObj Class - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINNT\mxTarget.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINNT\system32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [mbingqag] C:\WINNT\system32\mcpecflx.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} (PremiumHTML Class) - http://www.accesoplugin.com/dialercab/IberoDialerHTML.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {C886256C-7A63-4213-AD2F-02AD3735DF06} (AtlCtrl Class) - http://dl.adshooter.com/code/SYSsfitb.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O18 - Protocol: bw+0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoToMyPC - Citrix Online - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

Hi again Kim,
Lets see if we can get this sorted out for you,

Please restart HJT put a check next to the following, close all open windows and click "Fix Checked"
O4 - HKLM\..\Run: [mbingqag] C:\WINNT\system32\mcpecflx.exe


Next reboot to safe mode ( By tapping the F8 key on start up) Make sure you can view all Hidden Files/Folders search for and delete the above files highlighted in BOLD
C:\WINNT\system32\mcpecflx.exe



While still in safe mode,

Delete the entire contents of the below Temp folders, but not the TEMP folder itself.

Remove all the files and sub-folders from the below TEMP Folders:

C:\Documents and Settings\ \Local Settings\Temp
C:\temp
C:\windows\temp

The TIF ( Temporary Internet Files) can also be emptied via:
Internet Explorer--Tools--Internet Options--General tab--"Delete Files",
Also tick the "delete all offline content" box .

Empty your Recycle Bin



Restart your computer,
Try downloading Ad-aware again please
Post back a fresh log please,
Let us know how you make out

Dear Don,

I followed the instructions that you gave me, but I still get the error with Ad Aware. Interestingly, I uninstalled and reinstalled the old version and it still works, but when I uninstalled the old and put back on the new I got the error again. Here is the fresh log. Please let me know if you have any other suggestions. Thanks!

Kim

Logfile of HijackThis v1.99.0
Scan saved at 5:15:05 PM, on 12/21/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINNT\system32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -logon
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Add to Library - {ECDCA4E5-DE44-4b94-8F46-CD0D5B4895FC} - C:\PROGRAM FILES\AMICUS50\Research\GetTags.htm
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_EN.cab
O16 - DPF: {73F0FD85-BD47-4A95-86D1-DE38860462C1} - http://www.accesoplugin.com/dialercab/IberoDialerHTML.cab
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://autos.msn.com/components/ocx/survid/MSSurVid.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = gurneelaw.corp
O18 - Protocol: bw+0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {529A94DA-9DFD-4C7A-AE2D-CADD40FCA979} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoToMyPC - Citrix Online - C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe