re: XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP! Monday, February 2, 2004 at 7:07 am Windows XP Annoyances Discussion Forum Posted by Rich (326 messages posted) First please move Hijackthis out of the temp directory (extract from zip)into a permanent folder. Example: c:\program files\hijackthis\hijackthis.exe This will allow backups to be made and saved By hijackthis in case something goes wrong. Please close all windows, internet explorers and check mark the following items only in Hijackthis. [B] O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file) O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file) O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://216.65.38.226/crack.CAB [/B]Click the fix button. Close hijackthis. Reboot and show hidden files and folders per the link in my signature. Please delete the following files or folders. Files:[B] C:\WINDOWS\System32\SahAgent.exe [/B]Folders:[B] C:\Program Files\ClearSearch\ [/B]Run a new log and post it here On Monday, February 2, 2004 at 5:14 am, Kevin wrote: >Ok I got hijack this and this is what it says. Hope this helps. Thanks for help so >far. Very much appreciated. >Logfile of HijackThis v1.97.7 >Scan saved at 13:11:17, on 02/02/2004 >Platform: Windows XP SP1 (WinNT 5.01.2600) >MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) > >Running processes: >C:\WINDOWS\System32\smss.exe >C:\WINDOWS\system32\winlogon.exe >C:\WINDOWS\system32\services.exe >C:\WINDOWS\system32\lsass.exe >C:\WINDOWS\system32\svchost.exe >C:\WINDOWS\System32\svchost.exe >C:\WINDOWS\system32\LEXBCES.EXE >C:\WINDOWS\system32\spoolsv.exe >C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe >C:\WINDOWS\system32\LEXPPS.EXE >C:\WINDOWS\Explorer.EXE >C:\Program Files\Synaptics\SynTP\SynTPLpr.exe >C:\Program Files\Synaptics\SynTP\SynTPEnh.exe >C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe >C:\Program Files\Dell\AccessDirect\dadapp.exe >C:\Program Files\ClearSearch\Loader.exe >C:\Program Files\Common Files\Symantec Shared\ccApp.exe >C:\WINDOWS\System32\carpserv.exe >C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe >C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe >C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe >C:\freeserve\freeserveconnectionkit\atdialler1.exe >C:\WINDOWS\System32\Ati2evxx.exe >C:\WINDOWS\System32\inetsrv\inetinfo.exe >C:\Program Files\Norton AntiVirus\navapsvc.exe >C:\WINDOWS\System32\svchost.exe >C:\Program Files\Internet Explorer\IEXPLORE.EXE >C:\PROGRA~1\FlashGet\flashget.exe >C:\Documents and Settings\Kevin.KEVINS-MACHINE\My Documents\Installation Files\Hijack >This\HijackThis.exe > >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.freeserve.com/iesearch/default.htm >R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ >R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/ >R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet >Explorer provided by Freeserve >R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer >= http=http://www-cache.freeserve.com:8080;ftp=http://www-cache.freeserve.com:8080 >O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000240} - C:\Program Files\ClearSearch\IE_ClrSch.DLL >O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - (no file) >O2 - BHO: (no name) - {00000EF1-0786-4633-87C6-1AA7A44296DA} - (no file) >O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat >6.0\Reader\ActiveX\AcroIEHelper.dll >O2 - BHO: Clear Search - {947E6D5A-4B9F-4CF4-91B3-562CA8D03313} - C:\Program Files\ClearSearch\IE_ClrSch.DLL >O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll >O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton >AntiVirus\NavShExt.dll >O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx >O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll >O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program >Files\Norton AntiVirus\NavShExt.dll >O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll >O4 - HKLM\..\Run: [SynTPLpr] "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" >O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" >O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe >O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" >O4 - HKLM\..\Run: [DadApp] "C:\Program Files\Dell\AccessDirect\dadapp.exe" >O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe >O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" >O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" >O4 - HKLM\..\Run: [CARPService] "carpserv.exe" >O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" >O4 - HKLM\..\Run: [ATIModeChange] "Ati2mdxx.exe" >O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" >O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe >Gamma Loader.exe >O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe >O4 - Global Startup: Freeserve Connection Kit.lnk = C:\freeserve\freeserveconnectionkit\atdialler1.exe >O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop >Messenger\8876480\Program\LDMConf.exe >O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE >O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm >O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm >O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm >O9 - Extra button: Related (HKLM) >O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) >O9 - Extra button: FlashGet (HKLM) >O9 - Extra 'Tools' menuitem: &FlashGet (HKLM) >O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll >O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com/ >O16 - DPF: DigiChat Applet - http://host4.digichat.com/DigiChat/DigiClasses/Client_IE.cab >O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB >O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab >O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab >O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab >O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab >O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - >http://messenger.zone.msn.com/binary/MessengerStatsClient.cab >O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37887.4123842593 >O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll >O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab >O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab >O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://216.65.38.226/crack.CAB >O17 - HKLM\System\CCS\Services\Tcpip\..\{F2A4D7E5-046A-4DAD-9442-61517983B6E9}: NameServer >= 195.92.195.95 195.92.195.94 > > Written in response to: re: XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP! (iDiOt: Monday, February 2, 2004 at 5:14 am) There are presently no replies to this message. All messages in this thread [show all] XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP! (iDiOt: Mon, Feb 2, 2004, 5:00 am) re: XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP! (Rich: Mon, Feb 2, 2004, 5:04 am) re: XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP! (iDiOt: Mon, Feb 2, 2004, 5:14 am) re: XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP! (jaf: Mon, Feb 2, 2004, 5:24 am) re: XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP! (Rich: Mon, Feb 2, 2004, 7:06 am) re: XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP! (jaf: Mon, Feb 2, 2004, 1:35 pm) re: XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP! (Rich: Tue, Feb 3, 2004, 4:01 pm) re: XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP! (Rich: Mon, Feb 2, 2004, 7:07 am) re: XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP! (Sabaa: Mon, Feb 2, 2004, 5:30 am) re: XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP! (mojo7819: Mon, Feb 2, 2004, 5:57 am) re: XXX Server Dial Up - Adware/Spyware - hijack this log. Please HELP! (iDiOt: Mon, Feb 2, 2004, 10:34 am) Reply or follow-up to this message Search this forum Start a new thread on a different subject Report abuse of the forum Return to the Windows XP Discussion Forum