Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » My Hijack log after spybot and adware(RESOLVED)

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

My Hijack log after spybot and adware(RESOLVED)

Reply
Page 1 of 2 1 2
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 09-06-2006, 02:53 AM
Newbie
D-A-L Newbie
  
Join Date: Jun 2006
Posts: 10
RobertSmith Is a beginner here at D-A-L
My Hijack log after spybot and adware(RESOLVED)
Logfile of HijackThis v1.99.1
Scan saved at 9:41:25 PM, on 6/8/06
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\CWD3DSND.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOSTART.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOJVDIX.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bellsouth.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Mediascape\One-touch Multimedia Keyboard\KeybdMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE
O4 - HKLM\..\Run: [HP Component Manager] C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe /icon
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [JC7IKDF1.EXE] C:\WINDOWS\JC7IKDF1.EXE /dk
O4 - HKCU\..\Run: [VF1V189Q.EXE] C:\WINDOWS\VF1V189Q.EXE /dk
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE
O4 - Startup: HP OfficeJet Series 600 StartUp.lnk = C:\Program Files\HP OfficeJet Series 600\bin\HPOstart.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup145.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 09-06-2006, 04:49 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: My Hijack log after spybot and adware
Welcome to DAL,


Please go here: http://www.emsisoft.com/en/software/free/


Download and scan for free and let it clean what it finds.

Then...



Go here http://www.bitdefender.com/scan8/ie.html and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).

And post a new HJT log also..
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 09-06-2006, 12:30 PM
Newbie
D-A-L Newbie
  
Join Date: Jun 2006
Posts: 10
RobertSmith Is a beginner here at D-A-L
Re: My Hijack log after spybot and adware
Post After BitDefender Online Scanner


Scan report generated at: Fri, Jun 09, 2006 - 03:46:43
*


Scan path: A:\;C:\;D:\;M:\;


*


Statistics
Time
02:38:41
Files
116528
Folders
3315
Boot Sectors
2
Archives
1541
Packed Files
7075


Results
Identified Viruses
4
Infected Files
71
Suspect*Files
1
Warnings
0
Disinfected
55
Deleted Files
18


Engines Info
Virus Definitions
387230
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
38
Unpack plugins
5
E-mail plugins
6
System*plugins
1


Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions

Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes


*
Scanned File
*Status
C:\WINDOWS\OPTIONS\CABS\OLS\AOL\AOL30CA.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\OLS\AOL\AOL30CA.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\OLS\AOL\AOL30UK.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\OLS\AOL\AOL30UK.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\OLS\AOL\AOL40US.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\OLS\AOL\AOL40US.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\OLS\CSI\CS3KIT.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\OLS\CSI\CS3KIT.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\OLS\MSN\MSNSETUP\COMPNTS\C ONTROLS.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\OLS\MSN\MSNSETUP\COMPNTS\C ONTROLS.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\OLS\MSN\MSNSETUP\COMPNTS\C OREUI.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\OLS\MSN\MSNSETUP\COMPNTS\C OREUI.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\OLS\MSN\MSNSETUP\COMPNTS\M CDPKGTM.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\OLS\MSN\MSNSETUP\COMPNTS\M CDPKGTM.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\OLS\MSN\MSNSETUP\COMPNTS\M SNSIGN.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\OLS\MSN\MSNSETUP\COMPNTS\M SNSIGN.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\OLS\MSN\MSNSETUP\COMPNTS\M SNSVC.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\OLS\MSN\MSNSETUP\COMPNTS\M SNSVC.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\OLS\MSN\MSNSETUP\COMPNTS\W ININST.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\OLS\MSN\MSNSETUP\COMPNTS\W ININST.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\OLS\MSN\MSNSETUP\MSNSETUP. RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\OLS\MSN\MSNSETUP\MSNSETUP. RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\OLS\MSN\MSNSETUP\MSNSTART. RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\OLS\MSN\MSNSETUP\MSNSTART. RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\PWS\PRELOAD.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\PWS\PRELOAD.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\PWS\REGSVR32.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\PWS\REGSVR32.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\PWS\SYSOCMGR.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\PWS\SYSOCMGR.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\MSMONEY6\Ie\msie302.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\MSMONEY6\Ie\msie302.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\MSMONEY6\Ie\msie301.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\MSMONEY6\Ie\msie301.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\CONTENT\CDCACHE.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\CONTENT\CDCACHE.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\TOUR\WHATSNEW\WHATSNEW.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\TOUR\WHATSNEW\WHATSNEW.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\TOUR\DISCOVER.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\TOUR\DISCOVER.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\OEMRNCE.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\OEMRNCE.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\INFINST.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\INFINST.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\cwd3dsnd.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\cwd3dsnd.RB0
Disinfected
C:\WINDOWS\OPTIONS\CABS\LTREMOVE.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\CABS\LTREMOVE.RB0
Disinfected
C:\WINDOWS\OPTIONS\wintutor.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\OPTIONS\wintutor.RB0
Disinfected
C:\WINDOWS\SYSTEM\WMIEXE.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\WMIEXE.RB0
Disinfected
C:\WINDOWS\SYSTEM\USERSTUB.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\USERSTUB.RB0
Disinfected
C:\WINDOWS\SYSTEM\ACCWIZ.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\ACCWIZ.RB0
Disinfected
C:\WINDOWS\SYSTEM\MAGNIFY.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\MAGNIFY.RB0
Disinfected
C:\WINDOWS\SYSTEM\jdbgmgq.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\jdbgmgq.RB0
Disinfected
C:\WINDOWS\SYSTEM\CFGWIZ32.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\CFGWIZ32.RB0
Disinfected
C:\WINDOWS\SYSTEM\DPLAYSVR.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\DPLAYSVR.RB0
Disinfected
C:\WINDOWS\SYSTEM\ADDREG.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\ADDREG.RB0
Disinfected
C:\WINDOWS\SYSTEM\DCOMCNFG.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\DCOMCNFG.RB0
Disinfected
C:\WINDOWS\SYSTEM\DLLHOST.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\DLLHOST.RB0
Disinfected
C:\WINDOWS\SYSTEM\jdbgmgr.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\jdbgmgr.RB0
Disinfected
C:\WINDOWS\SYSTEM\icwscrpt.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\icwscrpt.RB0
Disinfected
C:\WINDOWS\SYSTEM\DSSSIG.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\DSSSIG.RB0
Disinfected
C:\WINDOWS\SYSTEM\FONTREG.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\FONTREG.RB0
Disinfected
C:\WINDOWS\SYSTEM\IE4UINIT.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\IE4UINIT.RB0
Disinfected
C:\WINDOWS\SYSTEM\IESHWIZ.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\IESHWIZ.RB0
Disinfected
C:\WINDOWS\SYSTEM\INTERNAT.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\INTERNAT.RB0
Disinfected
C:\WINDOWS\SYSTEM\LIGHTS.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\LIGHTS.RB0
Disinfected
C:\WINDOWS\SYSTEM\LOADWC.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\LOADWC.RB0
Disinfected
C:\WINDOWS\SYSTEM\MKCOMPAT.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\MKCOMPAT.RB0
Disinfected
C:\WINDOWS\SYSTEM\MSCONFIG.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\MSCONFIG.RB0
Disinfected
C:\WINDOWS\SYSTEM\PSTORES.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\PSTORES.RB0
Disinfected
C:\WINDOWS\SYSTEM\REDIR32.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\REDIR32.RB0
Disinfected
C:\WINDOWS\SYSTEM\REGSVR32.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\REGSVR32.RB0
Disinfected
C:\WINDOWS\SYSTEM\RPCSS.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\RPCSS.RB0
Disinfected
C:\WINDOWS\SYSTEM\RUNONCE.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\RUNONCE.RB0
Disinfected
C:\WINDOWS\SYSTEM\SFC.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\SFC.RB0
Disinfected
C:\WINDOWS\SYSTEM\CKCNV.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\CKCNV.RB0
Disinfected
C:\WINDOWS\SYSTEM\SPOOL32.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\SPOOL32.RB0
Disinfected
C:\WINDOWS\SYSTEM\STIMON.RB0
Infected with: Win32.Magistr.A@mm
C:\WINDOWS\SYSTEM\STIMON.RB0
Disinfected
C:\WINDOWS\eUniverse_p5.exe
Infected with: Dropped:Trojan.Downloader.Keenval.Q
C:\WINDOWS\eUniverse_p5.exe
Disinfection failed
C:\WINDOWS\eUniverse_p5.exe
Deleted
C:\WINDOWS\ftp.txt
Suspected of: Backdoor.BotGet.FtpB.Gen
C:\WINDOWS\ftp.txt
Disinfection failed
C:\WINDOWS\ftp.txt
Deleted
C:\WINDOWS\.housecall\Quarantine\mp_sys.exe.bac_a1 3307=>(Quarantine-4)
Infected with: Trojan.Ulone.B
C:\WINDOWS\.housecall\Quarantine\mp_sys.exe.bac_a1 3307=>(Quarantine-4)
Disinfection failed
C:\WINDOWS\.housecall\Quarantine\mp_sys.exe.bac_a1 3307=>(Quarantine-4)
Deleted
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Infected with: Trojan.SwfDL.A
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Disinfection failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Deleted
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf
Update failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Infected with: Trojan.SwfDL.A
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Disinfection failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Deleted
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf
Update failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Infected with: Trojan.SwfDL.A
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Disinfection failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Deleted
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf
Update failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Infected with: Trojan.SwfDL.A
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Disinfection failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Deleted
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf
Update failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Infected with: Trojan.SwfDL.A
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Disinfection failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Deleted
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf
Update failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Infected with: Trojan.SwfDL.A
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Disinfection failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Deleted
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf
Update failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Infected with: Trojan.SwfDL.A
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Disinfection failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Deleted
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf
Update failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Infected with: Trojan.SwfDL.A
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Disinfection failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Deleted
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf
Update failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Infected with: Trojan.SwfDL.A
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Disinfection failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Deleted
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf
Update failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Infected with: Trojan.SwfDL.A
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Disinfection failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Deleted
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf
Update failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Infected with: Trojan.SwfDL.A
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Disinfection failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Deleted
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf
Update failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Infected with: Trojan.SwfDL.A
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Disinfection failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Deleted
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf
Update failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Infected with: Trojan.SwfDL.A
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Disinfection failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Deleted
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf
Update failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Infected with: Trojan.SwfDL.A
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Disinfection failed
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf=>[SWF command]
Deleted
C:\Program Files\Real\RealOne Player DB\MSearch\default.swf
Update failed

*


*


BitDefender
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 09-06-2006, 12:38 PM
Newbie
D-A-L Newbie
  
Join Date: Jun 2006
Posts: 10
RobertSmith Is a beginner here at D-A-L
Re: My Hijack log after spybot and adware
New Hijack LogLogfile of HijackThis v1.99.1
Scan saved at 7:35:28 AM, on 6/9/06
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\CWD3DSND.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOSTART.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOJVDIX.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\PROGRAM FILES\A-SQUARED\A2GUARD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bellsouth.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Mediascape\One-touch Multimedia Keyboard\KeybdMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE
O4 - HKLM\..\Run: [HP Component Manager] C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe /icon
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [JC7IKDF1.EXE] C:\WINDOWS\JC7IKDF1.EXE /dk
O4 - HKCU\..\Run: [VF1V189Q.EXE] C:\WINDOWS\VF1V189Q.EXE /dk
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE
O4 - Startup: HP OfficeJet Series 600 StartUp.lnk = C:\Program Files\HP OfficeJet Series 600\bin\HPOstart.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup145.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 09-06-2006, 08:09 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: My Hijack log after spybot and adware
Good job,



Create a folder such as C:\HJT or C:\Program Files\HJT and move HJT.exe into the newly created folder so we can have avaiable backups in case you fix the wrong thing or I make a mistake. Very important.


Go here to learn how to show hidden files/folders:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

Re-hide after we are done



Submit the files below to a single file scanner for checking(no info on them)


C:\WINDOWS\JC7IKDF1.EXE

C:\WINDOWS\VF1V189Q.EXE


Here: http://virusscan.jotti.org/


submit one at a time and copy/paste results back here please.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 12-06-2006, 03:14 PM
Newbie
D-A-L Newbie
  
Join Date: Jun 2006
Posts: 10
RobertSmith Is a beginner here at D-A-L
Re: My Hijack log after spybot and adware
I could not get the scanner to check them, this is what I got........"The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file" all I did was copy and paste the file names to the scanner, and I also could not open the files myself. thanks Robert
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 12-06-2006, 10:17 PM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: My Hijack log after spybot and adware
Post a new HJT log please.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 13-06-2006, 12:23 AM
Newbie
D-A-L Newbie
  
Join Date: Jun 2006
Posts: 10
RobertSmith Is a beginner here at D-A-L
Re: My Hijack log after spybot and adware
Logfile of HijackThis v1.99.1
Scan saved at 7:23:11 PM, on 6/12/06
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MEDIASCAPE\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRA~1\MEDIAS~1\ONSCRE~1\OSD.EXE
C:\PROGRAM FILES\SUPPORT.COM\BIN\TGCMD.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\A-SQUARED\A2GUARD.EXE
C:\WINDOWS\CWD3DSND.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOSTART.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOJVDIX.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKFOLDER\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bellsouth.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Keyboard Manager] C:\Program Files\Mediascape\One-touch Multimedia Keyboard\KeybdMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [BillMinder] C:\QUICKENW\BILLMIND.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickenSEMessage] C:\QUICKENW\QSEMSG.EXE
O4 - HKLM\..\Run: [HP Component Manager] C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe /icon
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Program Files\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [JC7IKDF1.EXE] C:\WINDOWS\JC7IKDF1.EXE /dk
O4 - HKCU\..\Run: [VF1V189Q.EXE] C:\WINDOWS\VF1V189Q.EXE /dk
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"
O4 - Startup: Crystal 3D Audio Control.lnk = C:\WINDOWS\CWD3DSND.EXE
O4 - Startup: HP OfficeJet Series 600 StartUp.lnk = C:\Program Files\HP OfficeJet Series 600\bin\HPOstart.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.bellsouth.net
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download...basetup145.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 13-06-2006, 05:10 AM
Neal's Avatar
Senior Member
  
Join Date: Sep 2005
Posts: 5,524
Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!Neal is a D-A-L Rockstar!
Re: My Hijack log after spybot and adware
Hi and thanks,


Run hiajckthis and click on scan button and put checks next to these:


O4 - HKCU\..\Run: [JC7IKDF1.EXE] C:\WINDOWS\JC7IKDF1.EXE /dk
O4 - HKCU\..\Run: [VF1V189Q.EXE] C:\WINDOWS\VF1V189Q.EXE /dk


Make sure nothing is open but hijackthis and click on fix checked.


Now reboot into safe mode by tapping your F8 key upon restart and safe mode screen appears, select safe mode and press enter.


Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


DELETE FILES:

C:\WINDOWS\JC7IKDF1.EXE
C:\WINDOWS\VF1V189Q.EXE


Reboot normal mode and tell me how your computer is running now plese.
__________________
Stalking and killing Spyware

Have we helped you? Please consider a donation to help keep D-A-L free. Click on donate below



MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis Log __V2.0.2 _|



ASAP: promoting a high standard and quality of security support no matter where you seek help.

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #10 (permalink)  
Old 13-06-2006, 02:31 PM
Newbie
D-A-L Newbie
  
Join Date: Jun 2006
Posts: 10
RobertSmith Is a beginner here at D-A-L
Re: My Hijack log after spybot and adware
OUTSTANDING Great job!!!!!! Computer is working fine, Thanks so much. Robert
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Resolved] Help cannot load ie,spybot or much else nsf0502 Spyware, Adware, Viruses and HijackThis Logs 23 15-07-2009 10:41 PM
cant run spybot or adware, heres hijack log tonyyyyyyyyyyyyyyyyyyyyyy Spyware, Adware, Viruses and HijackThis Logs 5 06-04-2007 08:23 PM
Need Trojan/Adware help, Hijack This log included (RESOLVED) Sevyrd Spyware, Adware, Viruses and HijackThis Logs 6 04-02-2007 10:11 PM
adware dies, spybot ran, hijack log menika Spyware, Adware, Viruses and HijackThis Logs 6 28-02-2005 11:28 PM
hijack this post trojan horse Lzio and adware Searchfast (Resolved) turtleman Spyware, Adware, Viruses and HijackThis Logs 9 12-08-2004 10:17 PM


All times are GMT +1. The time now is 10:53 AM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav