-
October 21st, 2004, 02:24 PM
#1
Spyware
I keep getting ads pop up on my computer even when no browsers are running, I have run ad-aware and Spybot and cleared everything there.
This is the hi-jack this log....Anything here I should get rid of?
Logfile of HijackThis v1.98.2
Scan saved at 20:24:34, on 21/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\samantha routley\Desktop\HijackThis.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...4f3fdc891b75c6
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://download.35mb.com/images/downloadapplet.cab
Thanks
-
October 21st, 2004, 02:32 PM
#2
Registered User
Shut down and disable windows messenger. It's in the services.
-
October 21st, 2004, 02:47 PM
#3
Registered User
Remove these entries.
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
emr
-
October 21st, 2004, 03:09 PM
#4
Registered User
Before you do anything else, put hijack this in it's own folder and run it again..otherwise you will have backups all over the desktop
-
October 21st, 2004, 03:29 PM
#5
Registered User
These too:
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...f3fd c891b75c6
O16 - DPF: {FCF289D4-0AC8-4ED8-BE31-E8AF09606AB5} (download_35mb_com.applet) - http://download.35mb.com/images/downloadapplet.cab
Probability factor of one to one...we have normality, I repeat we have normality. Anything you still can't cope with is therefore your own problem.
-
October 21st, 2004, 11:16 PM
#6
are we missing something here
HKLM\..\Run: [Explorer] C:\WINDOWS\iexplore.exe
that aint where its to be found.
might need a complete virus scan
http://housecall.trendmicro.com/hous...start_corp.asp
Shep
-
October 22nd, 2004, 07:01 AM
#7
Ran virus scan, came up with 4 trjoans.
www.grungemusicforum.com/trojans.jpg
The 4th one has no matching queries when clicking on them.
The 1st and 3rd ones are the same and it says to rid of them stop them in the running proccesses but they aren't listed there.
The 2nd one I can't seem to get rid of it either .
-
October 22nd, 2004, 10:46 AM
#8
Ok, managed to get rid of two of them, now thats left is the 'DLOAD.A' and the 'ISTBAR.DR'
-
October 22nd, 2004, 05:10 PM
#9
Originally Posted by houllier*
Ok, managed to get rid of two of them, now thats left is the 'DLOAD.A' and the 'ISTBAR.DR'
Hi
This should help From a Google search. I've used the information to get rid of this on machines.
http://www.pestpatrol.com/PestInfo/i/istbar.asp
Are you sure about DLoad.A as I have seen stuff with a very similar name but not this? For instance Dloader.A will bring up a hatful.
Good Luck!
Similar Threads
-
By NEPATEC in forum Tech-To-Tech
Replies: 19
Last Post: May 13th, 2005, 02:43 AM
-
By NooNoo in forum Spyware & Antivirus - Security
Replies: 15
Last Post: June 3rd, 2004, 02:46 AM
-
By JungleMan1 in forum Tech Lounge & Tales
Replies: 6
Last Post: July 30th, 2001, 10:36 PM
-
By MacGyver in forum Tech Tips
Replies: 35
Last Post: April 22nd, 2001, 12:05 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks