Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Log file


  • Please log in to reply
1 reply to this topic

#1 zerospin

zerospin

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:15 AM

Posted 12 May 2005 - 06:50 PM

From the lack of response I will assume I need to include some more info. It's an intresting problem. The spyware is loading as a service and reinstalls itself every time it is cleaned. I realize I can get rid of:

O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE

and the associated service files but I don't know about the files/processes that look like they are randomly generated. i.e.


O4 - HKLM\..\Run: [zpkrnakh] c:\windows\system\zpkrnakh.exe

I will say they are a stubborn bunch.

Ran sbs&d and adaware...and as you can see pest petrol is also resident. Here's the log:

Logfile of HijackThis v1.99.0
Scan saved at 7:19:44 PM, on 5/8/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EBAPI\SAGENT2.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\TOOLBAR\TBPS.EXE
C:\PROGRAM FILES\TOOLBAR\PIB.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WTOOLSA.EXE
C:\PROGRAM FILES\COMMON FILES\WINTOOLS\WSUP.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\KODAK DIGITAL SCIENCE\PICTURE EASY SOFTWARE\PROGRAM\PEZDOWNLOAD.EXE
C:\WINDOWS\SYSTEM\E_S0HIC1.EXE
C:\PROGRAM FILES\WUSB11 WLAN MONITOR\WUSB11B.EXE
C:\PROGRAM FILES\LOGITECH\SETPOINT\KEM.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\PESTPATROL\PPCONTROL.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\PESTPATROL\PPMEMCHECK.EXE
C:\PROGRAM FILES\PESTPATROL\COOKIEPATROL.EXE
C:\WINDOWS\SYSTEM\ELITEFRF32.EXE
C:\WINDOWS\SYSTEM\ZPKRNAKH.EXE
C:\WINDOWS\SYSTEM\HAN32B.EXE
C:\PROGRAM FILES\LOGITECH\SETPOINT\KHALMNPR.EXE
C:\PROGRAM FILES\MICROSOFT HOME PUBLISHING\MHPRMIND.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\SIERRA\PLANNER\PLNRNOTE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\MICROTEK\SCANWIZARD 5\SCANNERFINDER.EXE
C:\WINDOWS\CALC.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSB.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Picture Easy Download] C:\Program Files\Kodak Digital Science\Picture Easy Software\Program\PezDownload.exe
O4 - HKLM\..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\SYSTEM\E_S0HIC1.EXE /P23 "EPSON Stylus C82 Series" /O7 "EPUSB1:" /M "Stylus C82"
O4 - HKLM\..\Run: [WUSB11B.exe] C:\Program Files\WUSB11 WLAN Monitor\WUSB11B.exe
O4 - HKLM\..\Run: [SetPoint] C:\Program Files\Logitech\SetPoint\KEM.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [checkrun] C:\WINDOWS\SYSTEM\ELITEFRF32.EXE
O4 - HKLM\..\Run: [zpkrnakh] c:\windows\system\zpkrnakh.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [SAgent2ExePath] C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O4 - HKLM\..\RunServices: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServicesOnce: [TBPS] C:\PROGRA~1\TOOLBAR\TBPS.exe /boot
O4 - HKLM\..\RunServicesOnce: [WinTools] C:\PROGRA~1\COMMON~1\WINTOOLS\WTOOLSA.EXE /boot
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [cyv3RWYpl] HAN32B.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Greetings Reminders.lnk = C:\Program Files\Microsoft Home Publishing\MHPRMIND.EXE
O4 - Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGremind.exe
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZUxdm080YYUS
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES12031.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES12031.DLL
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin4.dll
O12 - Plugin for .tif: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin5.dll
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O18 - Protocol: offline-8876480 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw00s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw10s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw20s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw30s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw40s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw50s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw60s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw70s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw80s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw90s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwa0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwb0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwc0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwd0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwe0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwf0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwg0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwh0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwi0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwj0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwk0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwl0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwm0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwn0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwo0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwp0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwq0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwr0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bws0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwt0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwu0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwv0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bww0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwx0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwy0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwz0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw-0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0 - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bw+0s - {3793ABBA-403D-44A7-8BB0-D6809BED3B94} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\BWPLUGPROTOCOL-8876480.DLL
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\PROGRAM FILES\LOGITECH\DESKTOP MESSENGER\8876480\PROGRAM\GAPLUGPROTOCOL-8876480.DLL

Appreciate the help.
zs

Edited by zerospin, 12 May 2005 - 09:41 PM.


BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:11:15 AM

Posted 13 May 2005 - 01:07 AM

Hello zerospin and welcome to theBC forums. You are currently running an older version of HijackThis. Please click on the link below and download the most current version:HijackThis_sfx.exe
Delete your current HijackThis.exe file and double-click on the file you just downloaded and then click on the Unzip button to install the newer version. It will be installed to the C:\Program Files\HijackThis\ directory by default.

Start HijackThis and perform a new scan. Post your new log file back here as a relpy to this topic and I will review it when it comes in.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users