Review my LOG with problems

Discussion in 'adware, spyware & hijack cleaning' started by MarQu1s, Jun 23, 2004.

Thread Status:
Not open for further replies.
  1. MarQu1s

    MarQu1s Registered Member

    Joined:
    Jun 21, 2004
    Posts:
    8
    DAD's PC
    I ran Spybot 1.3 with the latest definitions(14632 bots), it won't let me delete "Download Accelerator Plus Ads" (9 entries) registry keys, even when it prompts me to restart so I can delete them.

    I then ran Ad-aware 6 build 181 with june 22 definitions and got rid of 122 items.

    I ran Spybot again but the 9 DAP Ads were still present, won't let me delete them after it asked me to restart either!

    Here is my LOG:

    ---------------------------------------------------------
    Logfile of HijackThis v1.97.7
    Scan saved at 9:14:04 AM, on 23/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    H:\aaPrograms\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\System32\devldr32.exe
    H:\aaprog~1\norton~1\navapw32.exe
    C:\WINDOWS\SpecialOffers.exe
    H:\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware.us/srchasst.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startnow.com
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
    O2 - BHO: (no name) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - H:\aaPrograms\SnagIt 7\SnagItBHO.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - H:\aaPrograms\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - H:\aaPrograms\SnagIt 7\SnagItIEAddin.dll
    O3 - Toolbar: Startnow - {1BC1FC4B-B0D2-4D8D-9307-2E40E2A8C257} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - H:\aaPrograms\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: (no name) - {1CA8CC4F-D628-49CD-8D55-4FB26EA1B7B9} - (no file)
    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
    O3 - Toolbar: (no name) - {3C576FFF-0C3E-4B8E-AC73-5F5EF0818530} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - H:\aaPrograms\FMV 5.90 Hv Key\msdxm.ocx
    O4 - HKLM\..\Run: [NAV Agent] h:\aaprog~1\norton~1\navapw32.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\aaPrograms\Dameon Tools 3.20\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [UninstallAbility] "H:\aaPrograms\UninstallAbility\uability.exe" /AUTO
    O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
    O4 - HKCU\..\Run: [NBJ] "H:\aaPrograms\Nero Express\Nero6 Scuts\NBJ.exe"
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: ATI TV (HKLM)
    O9 - Extra button: FlashGet (HKLM)
    O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
    O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://c:\program files\msn\msncorefiles\update.exe
    O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
    O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6AAAA395-2DB0-4BB2-9FB2-9A60A9F5D74E}: NameServer = 206.191.0.140,206.191.0.210
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi MarQu1s,


    Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.startnow.com
    R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)

    O3 - Toolbar: Startnow - {1BC1FC4B-B0D2-4D8D-9307-2E40E2A8C257} - C:\Program Files\Common Files\Hyperbar\Hyperbar.dll

    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: (no name) - {1CA8CC4F-D628-49CD-8D55-4FB26EA1B7B9} - (no file)
    O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
    O3 - Toolbar: (no name) - {3C576FFF-0C3E-4B8E-AC73-5F5EF0818530} - (no file)

    O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://c:\program files\msn\msncorefiles\update.exe

    Then reboot into safe mode and delete:
    C:\Program Files\Common Files\Hyperbar <= entire folder

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.