Review my LOG with problems

Discussion in 'adware, spyware & hijack cleaning' started by MarQu1s, Jun 23, 2004.

Thread Status:
Not open for further replies.
  1. MarQu1s

    MarQu1s Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    8
    DAD's PC
    I ran Spybot 1.3 with the latest definitions(14632 bots), it won't let me delete "Download Accelerator Plus Ads" (9 entries) registry keys, even when it prompts me to restart so I can delete them.

    I then ran Ad-aware 6 build 181 with june 22 definitions and got rid of 122 items.

    I ran Spybot again but the 9 DAP Ads were still present, won't let me delete them after it asked me to restart either!

    Here is my LOG:

    ---------------------------------------------------------
    Logfile of HijackThis v1.97.7
    Scan saved at 9:14:04 AM, on 23/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    H:\aaPrograms\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\devldr32.exe
    H:\aaprog~1\norton~1\navapw32.exe
    C:\WINDOWS\SpecialOffers.exe
    H:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware.us/srchasst.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startnow.com
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - H:\aaPrograms\SnagIt 7\SnagItBHO.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - H:\aaPrograms\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - H:\aaPrograms\SnagIt 7\SnagItIEAddin.dll
    O3 - Toolbar: Startnow - {1BC1FC4B-B0D2-4D8D-9307-2E40E2A8C257} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\aaPrograms\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: (no name) - {1CA8CC4F-D628-49CD-8D55-4FB26EA1B7B9} - (no file)
    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
    O3 - Toolbar: (no name) - {3C576FFF-0C3E-4B8E-AC73-5F5EF0818530} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\aaPrograms\FMV 5.90 Hv Key\msdxm.ocx
    O4 - HKLM\..\Run: [NAV Agent] h:\aaprog~1\norton~1\navapw32.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\aaPrograms\Dameon Tools 3.20\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [UninstallAbility] "H:\aaPrograms\UninstallAbility\uability.exe" /AUTO
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
    O4 - HKCU\..\Run: [NBJ] "H:\aaPrograms\Nero Express\Nero6 Scuts\NBJ.exe"
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://c:\program files\msn\msncorefiles\update.exe
    O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6AAAA395-2DB0-4BB2-9FB2-9A60A9F5D74E}: NameServer = 206.191.0.140,206.191.0.210
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi MarQu1s,


    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startnow.com
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

    O3 - Toolbar: Startnow - {1BC1FC4B-B0D2-4D8D-9307-2E40E2A8C257} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll

    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: (no name) - {1CA8CC4F-D628-49CD-8D55-4FB26EA1B7B9} - (no file)
    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
    O3 - Toolbar: (no name) - {3C576FFF-0C3E-4B8E-AC73-5F5EF0818530} - (no file)

    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://c:\program files\msn\msncorefiles\update.exe

    Then reboot into safe mode and delete:
    C:\Program Files\Common Files\Hyperbar <= entire folder

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.