[aming5]

hey, i have tried many times to delete this trojan dialer but it keeps coming back, its a popup ad in italian and it puts a shortcut to a winmovieplugin.exe and an explorer file on the desktop, my document, start up program lists, favorites. i delete the file in the Temp folder in the local settings folder but it keeps coming back. what can i do?

System Hijack Scanner Entries:
---------------

R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Start Page=http://search.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page=http://search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Local Page=C:\WINDOWS\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Local Page=C:\WINDOWS\system32\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_page_url=http://toshibadirect.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_search_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main, search bar=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, proxyOverride=localhost
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search, SearchAssistant=http://ie.search.msn.com/en-us/srchasst/srchasst.htm
R2 - HKCU\Software\Microsoft\Internet Explorer\SearchURL, Default=http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - ToolBar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - ToolBar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe (file missing)
O4 - HKLM\..\Run: [TCtryIOHook] c:\WINDOWS\System32\TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe (file missing)
O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe (file missing)
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Notebook Maximizer] C:\Program Files\Notebook Maximizer\maximizer_startup.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Parallel Tasking] C:\Program Files\Parallel Tasking\ptask.exe
O4 - HKLM\..\Run: [edQxNf] C:\WINDOWS\dwysapoi.exe (file missing)
O4 - HKLM\..\Run: [qlgjyrct] C:\WINDOWS\qlgjyrct.exe (file missing)
O4 - HKLM\..\Run: [gp0f9ror] C:\WINDOWS\system32\gp0f9ror.exe (file missing)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot (file missing)
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (file missing)
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Documents and Settings\Valued Customer\Local Settings\Temp\SpySweeper.exe" /0
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot (file missing)
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Start Up: C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\desktop.ini
O4 - User Start Up: C:\Documents and Settings\Valued Customer\Start Menu\Programs\Startup\desktop.ini
O4 - Global Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
O4 - Global Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
O4 - Global Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
O4 - Global Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
O4 - Global Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSN Desktop Search.lnk
O4 - Global Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
O4 - Global User Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
O4 - Global User Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
O4 - Global User Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
O4 - Global User Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
O4 - Global User Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MSN Desktop Search.lnk
O4 - Global User Start Up: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
O5 - HKCU\control panel\don't load: ncpa.cpl = No
O5 - HKCU\control panel\don't load: odbccp32.cpl = No
O8 - Extra Context Menu Items: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra Context Menu Items: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
O8 - Extra Context Menu Items: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O11 - Options Group: [JAVA_SUN] Java (Sun)
O12 - Plugin For .TIF - C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O14 - iereset.inf: START_PAGE_URL=http://www.toshiba.com
O15 - Trusted Zone: *://www.master69.biz
O15 - Trusted Zone: *://www.sgrunt.biz
O15 - Trusted Zone: *://www.yeak.net
O15 - Trusted Zone: http://ny.contentmatch.net
O15 - Trusted Zone: https://ny.contentmatch.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.4.2_05) - http://java.sun.com/...indows-i586.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} (Java Plug-in 1.4.2_05) - http://java.sun.com/...indows-i586.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zon...oF.cab31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zon...ss.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: bw+0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {edc57597-975d-4830-abf4-0e3f7b8d10bf} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\ITSS.DLL
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\ITSS.DLL
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: offline-8876480 - {EDC57597-975D-4830-ABF4-0E3F7B8D10BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll

[Advertisements]

Please download rkfiles.zip and unzip it to its own permanent folder.
http://skads.org/special/rkfiles.zip

Download Pocket KillBox from here
http://www.bleepingc...les/killbox.php

There is a Direct Download and a description of what the Program does inside this link.
Download,UnZip,Extract All Files and Have it ready to Use!

Download the Hoster from Here.

Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.

Download the DelDomains zip file and unzip it to your desktop.

DelDomains

Right-click on the deldomains.inf file and select "Install"

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode
http://service1.syma...src=sec_doc_nam

Please Hightlightand Right Click the list below,Select Copy!

C:\WINDOWS\dwysapoi.exe
C:\WINDOWS\qlgjyrct.exe
C:\WINDOWS\system32\gp0f9ror.exe
C:\WINDOWS\system32\blank.htm

Open Pocket Killbox>Click File>Click Paste from Clipboard

Now,place a tick by these selections

"Standard File Kill"
"End Explorer Shell while Killing File"

Once those are ticked,Click the Red Circle with the White X in the Middle to Delete!!

You should get a message saying "File Deleted Successfully"

If you dont,Paste them into Killbox again and Select "Delete on Reboot"

Click "Yes" to Confirm and Click "Yes" to Reboot!

If you get a PendingFileRenameOperations Registry Data has been Removed by External Process! message then just restart manually.

Either way I need to know what happened!

Restart back in Normal Mode

Have the PC Scanned here
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Post the contents of C:\log.txt and the Panda Active Scan Results back here along with a fresh HijackThis log,Make sure to Copy&Paste the entire contents of the HijackThis Log!

[Wizard]

Please download rkfiles.zip and unzip it to its own permanent folder.
http://skads.org/special/rkfiles.zip

Download Pocket KillBox from here
http://www.bleepingc...les/killbox.php

There is a Direct Download and a description of what the Program does inside this link.
Download,UnZip,Extract All Files and Have it ready to Use!

Download the Hoster from Here.

Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.

Download the DelDomains zip file and unzip it to your desktop.

DelDomains

Right-click on the deldomains.inf file and select "Install"

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode
http://service1.syma...src=sec_doc_nam

Please Hightlightand Right Click the list below,Select Copy!

C:\WINDOWS\dwysapoi.exe
C:\WINDOWS\qlgjyrct.exe
C:\WINDOWS\system32\gp0f9ror.exe
C:\WINDOWS\system32\blank.htm

Open Pocket Killbox>Click File>Click Paste from Clipboard

Now,place a tick by these selections

"Standard File Kill"
"End Explorer Shell while Killing File"

Once those are ticked,Click the Red Circle with the White X in the Middle to Delete!!

You should get a message saying "File Deleted Successfully"

If you dont,Paste them into Killbox again and Select "Delete on Reboot"

Click "Yes" to Confirm and Click "Yes" to Reboot!

If you get a PendingFileRenameOperations Registry Data has been Removed by External Process! message then just restart manually.

Either way I need to know what happened!

Restart back in Normal Mode

Have the PC Scanned here
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Post the contents of C:\log.txt and the Panda Active Scan Results back here along with a fresh HijackThis log,Make sure to Copy&Paste the entire contents of the HijackThis Log!