Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log Confuzed


  • Please log in to reply
2 replies to this topic

#1 Confuzed

Confuzed

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:57 AM

Posted 30 March 2005 - 02:16 PM

HI,
I don't know how to get rid of a page that pops up everytime I start my computer, it automatically opens "this computer". Was wondering if anything would show in the HJT log.

Thanks for your help,

Confuzed.

Logfile of HijackThis v1.99.0
Scan saved at 21:16:04, on 2005-03-30
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv50.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\loadqm.exe
C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe
C:\Program\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\internat.exe
C:\Program\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program\Logitech\Video\FxSvr2.exe
C:\Program\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.se/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Verktygslåda - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Toolbar\01.01.1601.0\sv\msntb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [ashMaiSv] C:\Program\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [msnappau] "C:\Program\MSN Apps\Updater\01.02.3000.1001\sv\msnappau.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Program\Logitech\Video\ManifestEngine.exe boot
O4 - Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{121ED4BB-B2E4-4182-A9E3-44F596975255}: NameServer = 195.67.199.24 195.67.199.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{121ED4BB-B2E4-4182-A9E3-44F596975255}: NameServer = 195.67.199.24 195.67.199.25
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Panda Firewall Service - Unknown - C:\Program\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program\Panda Software\Panda Antivirus Platinum\pavsrv50.exe
I'm the baby, gotta love me!

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:07:57 AM

Posted 30 March 2005 - 03:29 PM

Hello Confuzed and welcome to the BC forums. What exactly does it say in the window that opens up? What does it say in the Titlebar of the window?

Post back here with as much detail as possible so we can determine what program is opening the window.

Cheers.

OT

Edited by OldTimer, 30 March 2005 - 03:29 PM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Confuzed

Confuzed
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:57 AM

Posted 01 April 2005 - 03:21 PM

Hey,

in the titlebar it says "Program" if I click on back I end up in the C: directory. The window is blank to begin with but if I click on "Show files" all my program files shows.
I don't know why this is happening. But I just rememberd I do have a virus file in "safe keeping" in my virusprogram. I'll give you the name and location of it.
Name : explorer.cab Location C:\

That's all I can think of that might be able to help you. If there is anything else. Let me know.

Thanks for all your help.

Confuzed (still) lol
I'm the baby, gotta love me!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users