- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Internet Products
- >
- Hijack log
Internet Products
1821992
Members
4194
Online
109638
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-04-2004 01:36 AM
тАО12-04-2004 01:36 AM
Hijack log
Logfile of HijackThis v1.98.2
Scan saved at 15:34:56, on 04.12.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\acer\KnobService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\mHotMon.exe
C:\Program Files\Aspire\WFTVFM\WFWIZ.exe
C:\Programfiler\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
C:\acer\KnobMonitor.exe
C:\ACER\MPS.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Logitech\Video\LogiTray.exe
C:\Programfiler\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Browser Hijack Blaster\bhblaster.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.snaekrlquftx.com/8vIiU7NigKWEUdJxYBS4rX5HUuK8lf1pPnmu3aBrUW3IRvUGsHZ9uvdxdcJJOPOS.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whrtdekpfyoirtscm.com/8vIiU7NigKWqImH9DmugfS_nmPaEBFoAXX1BsvqCqiE.cgi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programfiler\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programfiler\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O1 - Hosts: 127.0.0.54 www.active-max.com
O1 - Hosts: 127.0.0.26 www.mp3search.com
O1 - Hosts: 127.0.0.95 www.rub.to
O1 - Hosts: 127.0.0.79 spawnet.com
O1 - Hosts: 127.0.0.93 www.spawnet.com
O1 - Hosts: 127.0.0.84 www.mp3search.com
O1 - Hosts: 127.0.0.2 www.lyricsdomain.com
O1 - Hosts: 127.0.0.37 best.omega-search.com
O1 - Hosts: 127.0.0.38 omega-search.com
O1 - Hosts: 127.0.0.6 www.omega-search.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [SSER] sser.exe
O4 - HKLM\..\Run: [mHotmon] mHotMon.exe
O4 - HKLM\..\Run: [Aspire Schedule] C:\Program Files\Aspire\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [KnobMonitor] C:\acer\KnobMonitor.exe
O4 - HKLM\..\Run: [MPS] C:\ACER\MPS.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Programfiler\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [lite kind way 32] C:\Documents and Settings\All Users\Programdata\heart iso lite kind\peak second.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DKMessenger] C:\Programfiler\DKware\DKMessenger\DKMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programfiler\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [batsurf] C:\DOCUME~1\├ШYVIND\PROGRA~1\EXTRAM~1\BALLREMOTE.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programfiler\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O4 - Global Startup: Bluffstopparen.lnk = C:\Programfiler\Bluffstopparen\Bluffstopparen.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AIM Search - res://C:\Programfiler\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Programfiler\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://62.92.122.19:8080/home/SonySncRz30View.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.92.122.21/activex/AxisCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.no/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: bw+0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Scan saved at 15:34:56, on 04.12.2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\acer\KnobService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\WINDOWS\mHotMon.exe
C:\Program Files\Aspire\WFTVFM\WFWIZ.exe
C:\Programfiler\Java\j2re1.4.2_05\bin\jusched.exe
C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
C:\acer\KnobMonitor.exe
C:\ACER\MPS.EXE
C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe
C:\Programfiler\Logitech\Video\LogiTray.exe
C:\Programfiler\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programfiler\Skype\Phone\Skype.exe
C:\WINDOWS\System32\LVComS.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
c:\progra~1\intern~1\iexplore.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccSetMgr.exe
C:\Programfiler\Fellesfiler\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programfiler\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programfiler\Fellesfiler\Symantec Shared\ccEvtMgr.exe
C:\Programfiler\Fellesfiler\Symantec Shared\Security Center\SymWSC.exe
C:\Programfiler\Norton AntiVirus\SAVScan.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Browser Hijack Blaster\bhblaster.exe
C:\Programfiler\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.snaekrlquftx.com/8vIiU7NigKWEUdJxYBS4rX5HUuK8lf1pPnmu3aBrUW3IRvUGsHZ9uvdxdcJJOPOS.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whrtdekpfyoirtscm.com/8vIiU7NigKWqImH9DmugfS_nmPaEBFoAXX1BsvqCqiE.cgi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Programfiler\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koblinger
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programfiler\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O1 - Hosts: 127.0.0.54 www.active-max.com
O1 - Hosts: 127.0.0.26 www.mp3search.com
O1 - Hosts: 127.0.0.95 www.rub.to
O1 - Hosts: 127.0.0.79 spawnet.com
O1 - Hosts: 127.0.0.93 www.spawnet.com
O1 - Hosts: 127.0.0.84 www.mp3search.com
O1 - Hosts: 127.0.0.2 www.lyricsdomain.com
O1 - Hosts: 127.0.0.37 best.omega-search.com
O1 - Hosts: 127.0.0.38 omega-search.com
O1 - Hosts: 127.0.0.6 www.omega-search.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programfiler\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programfiler\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programfiler\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [SSER] sser.exe
O4 - HKLM\..\Run: [mHotmon] mHotMon.exe
O4 - HKLM\..\Run: [Aspire Schedule] C:\Program Files\Aspire\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programfiler\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [KnobMonitor] C:\acer\KnobMonitor.exe
O4 - HKLM\..\Run: [MPS] C:\ACER\MPS.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Programfiler\Fellesfiler\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programfiler\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programfiler\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Programfiler\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [lite kind way 32] C:\Documents and Settings\All Users\Programdata\heart iso lite kind\peak second.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programfiler\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programfiler\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Skype] "C:\Programfiler\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DKMessenger] C:\Programfiler\DKware\DKMessenger\DKMessenger.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programfiler\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [batsurf] C:\DOCUME~1\├ШYVIND\PROGRA~1\EXTRAM~1\BALLREMOTE.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programfiler\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programfiler\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O4 - Global Startup: Bluffstopparen.lnk = C:\Programfiler\Bluffstopparen\Bluffstopparen.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &AIM Search - res://C:\Programfiler\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Oppslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Programfiler\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Programfiler\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://global.acer.com/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) - http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O16 - DPF: {63DF43C2-469A-41F3-B119-17B1ACE8BB34} (Sony SNC-RZ30 Image Viewer) - http://62.92.122.19:8080/home/SonySncRz30View.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://62.92.122.21/activex/AxisCamControl.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.no/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup152.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O16 - DPF: {FB48C7B0-EB66-4BE6-A1C5-9DDF3C37249A} (MCSendMessageHandler Class) - http://xtraz.icq.com/xtraz/activex/MISBH.cab
O18 - Protocol: bw+0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-04-2004 01:37 AM
тАО12-04-2004 01:37 AM
Re: Hijack log
O18 - Protocol: bwg0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-04-2004 01:38 AM
тАО12-04-2004 01:38 AM
Re: Hijack log
What do I have to remove? Please reply asap!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-05-2004 12:40 AM
тАО12-05-2004 12:40 AM
Re: Hijack log
Make sure you have a copy of winsockxpfix.exe which you get from:
http://www.iup.edu/house/resnet/winfix.shtm
This program is to be used only if after removing some malware you are unable to get back on the net.
See if
http://www.short-media.com/review.php?r=252
looks familiar if so then get OmegaKiller from page 3 of the same site. ( Click on "Download the OmegakillerSM tool now" )
I would also advise you to use the Control Panel / Add/Remove Programs to remove the LogitechDesktopMessenger program unless you really love it. It is responsible for all of the 018 entries. It has a bad reputation as a resource hog.
Boot into Safe Mode (f8 -no networking) and rerun before running OmegaKiller or HijackThis.
When you run HijackThis check the following and then Fix Checked. When finished reboot and run a new scan and post it here so I can see if we got it all. If you uninstall LogitechDesktopMessenger or run OmegaKiller then you will not see a lot of these:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.snaekrlquftx.com/8vIiU7NigKWEUdJxYBS4rX5HUuK8lf1pPnmu3aBrUW3IRvUGsHZ9uvdxdcJJOPOS.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whrtdekpfyoirtscm.com/8vIiU7NigKWqImH9DmugfS_nmPaEBFoAXX1BsvqCqiE.cgi
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programfiler\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O4 - HKLM\..\Run: [lite kind way 32] C:\Documents and Settings\All Users\Programdata\heart iso lite kind\peak second.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programfiler\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Programfiler\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
The following entries are LogitechDesktopMessenger:
O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
All O18 entries:
O18 - Protocol: bw+0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll etc.
These next two are from incredimail which some people like but I don't. I guess you can leave them if you must but I don't trust them. Incredimail may stop working anyway if it is tied to one of your spyware programs.
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
I have no idea what these next three are for. If you know them then leave them, otherwise check them. If something stops working then you can restore them in HijackThis by pressing Config then Backup. Highlight the lost entry and press Restore:
O4 - HKCU\..\Run: [batsurf] C:\DOCUME~1\├Г YVIND\PROGRA~1\EXTRAM~1\BALLREMOTE.exe
O4 - Global Startup: Bluffstopparen.lnk = C:\Programfiler\Bluffstopparen\Bluffstopparen.exe
O4 - HKLM\..\Run: [SSER] sser.exe
Do NOT go back to Smiley Central!
Ron
http://www.iup.edu/house/resnet/winfix.shtm
This program is to be used only if after removing some malware you are unable to get back on the net.
See if
http://www.short-media.com/review.php?r=252
looks familiar if so then get OmegaKiller from page 3 of the same site. ( Click on "Download the OmegakillerSM tool now" )
I would also advise you to use the Control Panel / Add/Remove Programs to remove the LogitechDesktopMessenger program unless you really love it. It is responsible for all of the 018 entries. It has a bad reputation as a resource hog.
Boot into Safe Mode (f8 -no networking) and rerun before running OmegaKiller or HijackThis.
When you run HijackThis check the following and then Fix Checked. When finished reboot and run a new scan and post it here so I can see if we got it all. If you uninstall LogitechDesktopMessenger or run OmegaKiller then you will not see a lot of these:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.snaekrlquftx.com/8vIiU7NigKWEUdJxYBS4rX5HUuK8lf1pPnmu3aBrUW3IRvUGsHZ9uvdxdcJJOPOS.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whrtdekpfyoirtscm.com/8vIiU7NigKWqImH9DmugfS_nmPaEBFoAXX1BsvqCqiE.cgi
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Programfiler\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL
O4 - HKLM\..\Run: [lite kind way 32] C:\Documents and Settings\All Users\Programdata\heart iso lite kind\peak second.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Programfiler\MyWebSearch\bar\3.bin\MWSOEMON.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Programfiler\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.8.cab
The following entries are LogitechDesktopMessenger:
O4 - HKCU\..\Run: [LDM] C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
All O18 entries:
O18 - Protocol: bw+0s - {32FED994-1B1C-4982-BD85-BB57C2CBCB7B} - C:\Programfiler\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll etc.
These next two are from incredimail which some people like but I don't. I guess you can leave them if you must but I don't trust them. Incredimail may stop working anyway if it is tied to one of your spyware programs.
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
I have no idea what these next three are for. If you know them then leave them, otherwise check them. If something stops working then you can restore them in HijackThis by pressing Config then Backup. Highlight the lost entry and press Restore:
O4 - HKCU\..\Run: [batsurf] C:\DOCUME~1\├Г YVIND\PROGRA~1\EXTRAM~1\BALLREMOTE.exe
O4 - Global Startup: Bluffstopparen.lnk = C:\Programfiler\Bluffstopparen\Bluffstopparen.exe
O4 - HKLM\..\Run: [SSER] sser.exe
Do NOT go back to Smiley Central!
Ron
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Learn About
News and Events
Support
© Copyright 2025 Hewlett Packard Enterprise Development LP