HijackThis Log

Discussion in 'Windows Desktop Systems' started by Jewelzz, Oct 16, 2004.

  1. Jewelzz

    Jewelzz OSNN Godlike Veteran

    Messages:
    10,977
    Location:
    California
    These 3 things keep coming up on my HijackThis log and I can't seem to get rid of them, any suggestions?
     

    Attached Files:

  2. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    the first one is bad, the last two are nothing. Is that your full log? b/c thats bad if it is.
     
  3. Jewelzz

    Jewelzz OSNN Godlike Veteran

    Messages:
    10,977
    Location:
    California
    That's the entire log. How do I get rid of them?
     
  4. Dark Atheist

    Dark Atheist Moderator Political User Folding Team

    Messages:
    6,376
    Location:
    In The Void
    boot up in safe mode run hijack again and any other spyware/adware removers you have

    also look for any progs that are set to run at startup - you can do that by getting startup control panel from http://www.mlin.net/StartupCPL.shtml and startup monitor from the same website.

    One will show you what is set to run at starup in various areas of the registry and the other will always flag you when something tries to install itself to run at bootup.

    Also get Firefox fromm www.mozilla.org :)
     
  5. Jewelzz

    Jewelzz OSNN Godlike Veteran

    Messages:
    10,977
    Location:
    California
    I use Mozilla already. Thanks, guess I'll give those other a try on the next day off ... or format :(
     
  6. Tabula Rasa

    Tabula Rasa Stranger Than Kindness Political User

    Messages:
    3,233
    Location:
    Israel
    Also, somewhere at the MS site there is an option to remove such thingiers that embed themselvs into MS IE, but onestly I'm too lazy to look now (but its there).
     
  7. Khayman

    Khayman I'm sorry Hal... Political User Folding Team

    Messages:
    5,518
    Location:
    England
    Is there anymore text to that top line in the log?
     
  8. Jewelzz

    Jewelzz OSNN Godlike Veteran

    Messages:
    10,977
    Location:
    California
    Here ya go Khayman
     

    Attached Files:

  9. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
    Jewelzz, can you post the full log in text format, click on Make Log.
     
  10. Jewelzz

    Jewelzz OSNN Godlike Veteran

    Messages:
    10,977
    Location:
    California
    Hmm, anyone else having a problem attaching file now? :(

    Here's the log

     
  11. Khayman

    Khayman I'm sorry Hal... Political User Folding Team

    Messages:
    5,518
    Location:
    England
    What happens when you tick that Search Bar one in HijackThis and click "Fix Checked" ? does it just come back?

    That IE one is the only one i can see that is a problem (although i don't know what snwa.exe is)
     
  12. j79zlr

    j79zlr Glaanies script monkey Political User

    Messages:
    2,725
    Location:
    Chicago
  13. Jewelzz

    Jewelzz OSNN Godlike Veteran

    Messages:
    10,977
    Location:
    California
    Think everything is fixed thanks to MFG and LordofLA's help last night. I'll run everything again tonight after work and let you all know. :)
     
  14. American Zombie

    American Zombie Moderator Staff Member Political User

    Messages:
    2,934
    Location:
    Seattle
    Maybe part of your problem is/was messenger plus.

    May want to look at this post.
     
  15. Jewelzz

    Jewelzz OSNN Godlike Veteran

    Messages:
    10,977
    Location:
    California
    Thanks American_Zombie, I was just reading that thread. Bye bye Messenger Plus ... for now
     
  16. Khayman

    Khayman I'm sorry Hal... Political User Folding Team

    Messages:
    5,518
    Location:
    England
    you can install Messenger plus without the sponser program. It asks you during the install
     
    Jewelzz likes this.
  17. Jewelzz

    Jewelzz OSNN Godlike Veteran

    Messages:
    10,977
    Location:
    California
    Yep, read that and will do later. Thanks to everyone who helped
     
  18. Jewelzz

    Jewelzz OSNN Godlike Veteran

    Messages:
    10,977
    Location:
    California
    More :(
     
  19. yoyo

    yoyo _________________

    Messages:
    1,557
    Jewelzz, you are using an outdated version of HijackThis (it is at version 1.98.2) and that doesn't look like a complete log.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mmwaejxmriakbuzpacmouc.com/q...JPMlZU5ku2T.asp

    That is a typical lop.com address. (Lop.com is the trojan that is bundled with Messenger Plus.)

    Run the uninstallers j79 suggested.