re: XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP!
Monday, February 2, 2004 at 5:04 am
Windows XP Annoyances Discussion Forum
Posted by Rich
(326 messages posted)
Please go to this link ,read the tuturial and download Hijackthis.
http://www.mjc1.com/mirror/hjt/
Do not fix anything yet. Most items are harmless and necessary for windows.
Post your hijackthis log here.
Be sure to preserve spacing.
On Monday, February 2, 2004 at 5:00 am, Kevin wrote:
>Can someone help me out? I have just today recieved the xxx server dialup. It attempted
>to try and dial out to the number 5551212. I want to make
>
>sure though that this and all spyware/adware is off this laptop.
>
>I am not the best at this sort of thing so any help would be appreciated. I have
>read previous posts on this subject and they suggest downloading
>
>and installing SpyBot Search and Destroy. Ive done this and checked and downloaded
>all available updates. Then I deleted all temporary internet
>
>files and cookies along with history.
>
>I should point out I am on winXP. I didnt delete all *.tmp files as one person
on
>a previous thread suggested because he was instructing someone
>
>with Win98. Should I do the same? Should I empty the contents of the C:\Windows\temp
>folder and C:\temp folder? Will that do any damage?
>
>Anyway another thing he mentioned was posting a "hijack This Log". I am not sure
>what that is but I have provided below a clipboard paste from
>
>SpyBot after I ran it. I have taken no action in removing anything as I am waiting
>for some advice from you helpful people. Please help! Thanks in
>
>advance.
>
>Please explain in simple terms as I am not a massively techie guy. Thanks again.
>
>CDilla: Program directory (Directory, nothing done)
> c:\C_DILLA
>
>ClearSearch.Net: Autorun settings (Registry value, nothing done)
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ClrSchLoader
>
>ClearSearch.Net: Program file (File, nothing done)
> C:\Program Files\ClearSearch\Loader.exe
>
>DyFuCA: Global settings (Registry key, nothing done)
> HKEY_LOCAL_MACHINE\Software\FCI
>
>DyFuCA: Library (File, nothing done)
> C:\WINDOWS\nem214.dll
>
>DyFuCA.InternetOptimizer: Global settings (Registry key, nothing done)
> HKEY_LOCAL_MACHINE\Software\Avenue Media
>
>DyFuCA.InternetOptimizer: User settings (Registry key, nothing done)
> HKEY_USERS\S-1-5-21-2000478354-813497703-854245398-1003\Software\Avenue Media
>
>IGetNet: Browser helper object (Registry key, nothing done)
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser
Helper
>Objects\{947E6D5A-4B9F-4CF4-91B3-562CA8D03313}
>
>ShopAtHome: Autorun settings (Registry value, nothing done)
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\SAHAgent
>
>ShopAtHome: Class (Registry key, nothing done)
> HKEY_CLASSES_ROOT\WEBInstaller.execute.1
>
>ShopAtHome: Class (Registry key, nothing done)
> HKEY_CLASSES_ROOT\WEBInstaller.execute
>
>ShopAtHome: Class ID (Registry key, nothing done)
> HKEY_CLASSES_ROOT\CLSID\{30402FF4-3E71-4A1C-9B4B-1CD3486A9FB2}
>
>ShopAtHome: Data file (File, nothing done)
> C:\WINDOWS\System32\vg.dat
>
>ShopAtHome: Executable (File, nothing done)
> C:\WINDOWS\Downloaded Program Files\SAHDownloader_.exe
>
>ShopAtHome: Global settings (Registry key, nothing done)
> HKEY_LOCAL_MACHINE\Software\VGroup\SAHAgent
>
>ShopAtHome: Interface (Registry key, nothing done)
> HKEY_CLASSES_ROOT\Interface\{4E570F74-DEEE-4FCF-B960-FEEFA4B8C6FC}
>
>ShopAtHome: Interface (Registry key, nothing done)
> HKEY_CLASSES_ROOT\Interface\{4828C95F-C5DB-4AB6-A945-8D8EC44B98A8}
>
>ShopAtHome: Library (File, nothing done)
> C:\WINDOWS\System32\lsp.dll
>
>ShopAtHome: Typelib (Registry key, nothing done)
> HKEY_CLASSES_ROOT\Typelib\{CDE442A3-DC2C-467E-A311-B4BC775D86C5}
>
>VX2/?: User settings (Registry key, nothing done)
> HKEY_USERS\S-1-5-21-2000478354-813497703-854245398-1003\Software\Destiny
>
>VX2/h.ABetterInternet: Browser helper object (Registry key, nothing done)
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer\Browser
Helper
>Objects\{000006B1-19B5-414A-849F-2A3C64AE6939}
>
>VX2/h.ABetterInternet: Executable (File, nothing done)
> C:\WINDOWS\biprep.exe
>
>VX2/h.ABetterInternet: Uninstall settings (Registry key, nothing done)
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dbi
>
>Windows Media Player: Client ID (Registry change, nothing done)
> HKEY_USERS\S-1-5-21-2000478354-813497703-854245398-1003\Software\Microsoft\MediaPlayer\Player\Settings\Client
>ID=
>
>
>--- Spybot-S&D version: 1.2 ---
>2003-11-05 Includes\Cookies.sbi
>2003-10-27 Includes\Dialer.sbi
>2003-12-17 Includes\Hijackers.sbi
>2003-11-11 Includes\Keyloggers.sbi
>2003-12-17 Includes\Malware.sbi
>2003-03-16 Includes\plugin-ignore.ini
>2003-11-05 Includes\Security.sbi
>2003-12-17 Includes\Spybots.sbi
>2003-03-16 Includes\Temporary.sbi
>2003-11-27 Includes\Tracks.uti
>2003-12-10 Includes\Trojans.sbi
>
>
|
All messages in this thread [show all]
 |  | re: XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP! (Rich: Mon, Feb 2, 2004, 5:04 am) |
| |
| |
| |
Return to the Windows XP Discussion Forum
|
|
