• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

HijackThis Log

j79zlr

Glaanies script monkey
Political User
#2
the first one is bad, the last two are nothing. Is that your full log? b/c thats bad if it is.
 

Dark Atheist

Moderator
Staff member
Political User
#4
boot up in safe mode run hijack again and any other spyware/adware removers you have

also look for any progs that are set to run at startup - you can do that by getting startup control panel from http://www.mlin.net/StartupCPL.shtml and startup monitor from the same website.

One will show you what is set to run at starup in various areas of the registry and the other will always flag you when something tries to install itself to run at bootup.

Also get Firefox fromm www.mozilla.org :)
 

Tabula Rasa

Stranger Than Kindness
Political User
#6
Also, somewhere at the MS site there is an option to remove such thingiers that embed themselvs into MS IE, but onestly I'm too lazy to look now (but its there).
 

Jewelzz

OSNN Godlike Veteran
#10
Hmm, anyone else having a problem attaching file now? :(

Here's the log

Logfile of HijackThis v1.97.7
Scan saved at 8:50:09 PM, on 10/16/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\fast.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
D:\Julie\Stuff\Motherboard Monitor 5\MBM5.EXE
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Documents and Settings\Jewelzz\My Documents\Uptime\client.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Jewelzz\Application Data\snwa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\No-IP\DUC20.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
D:\Julie\Stuff\Serv-U\ServUDaemon.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\Fast.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\xchat\xchat.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Paint Shop Pro 9.exe
C:\WINDOWS\System32\fontview.exe
C:\WINDOWS\System32\fontview.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\GIANTAntiSpywareMain.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
C:\Documents and Settings\Jewelzz\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.hmzrqcdrgppnpdskz.com/qt...ErBwBZxZUjNgYNwxOSETdVUqW8BgXJJPMlZU5ku2T.htm
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [About Extra] C:\DOCUME~1\Jewelzz\APPLIC~1\FORKBA~1\ViewFlaw.exe
 

Khayman

I'm sorry Hal...
Political User
#11
What happens when you tick that Search Bar one in HijackThis and click "Fix Checked" ? does it just come back?

That IE one is the only one i can see that is a problem (although i don't know what snwa.exe is)
 

Jewelzz

OSNN Godlike Veteran
#13
Think everything is fixed thanks to MFG and LordofLA's help last night. I'll run everything again tonight after work and let you all know. :)
 

Jewelzz

OSNN Godlike Veteran
#18
More :(
Logfile of HijackThis v1.97.7
Scan saved at 8:27:48 AM, on 10/19/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Stardock\SDMCP.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\System32\Fast.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\xchat\xchat.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\PROGRA~1\mozilla.org\Mozilla\Mozilla.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\Documents and Settings\Jewelzz\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mmwaejxmriakbuzpacmouc.com/q...ErBwBZxZUjNgYNwxOSERYdgXwDvtFSJPMlZU5ku2T.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.osnn.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.osnn.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mmwaejxmriakbuzpacmouc.com/q...ErBwBZxZUjNgYNwxOSERYdgXwDvtFSJPMlZU5ku2T.asp
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [UpConfgVer] "C:\Program Files\Panda Software\Panda Antivirus Platinum\UpgConf.exe" /v:7.07.01
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
 

Members online

Latest posts

Latest profile posts

Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,961
Messages
673,239
Members
89,014
Latest member
sanoravies