http://www.dslreports.com/forum/r8814632 en Tue, 01 Dec 2009 15:12:24 EDT Tue, 01 Dec 2009 15:12:24 EDT http://www.dslreports.com/forum/remark,8822193 normmork : PLkease read this thread as it will give you a good idea what to do: »Security »I think my computer is infected or hijacked. What should I do? ]]> http://www.dslreports.com/forum/remark,8822193 Thu, 18 Dec 2003 09:53:29 EDT http://www.dslreports.com/forum/remark,8819988 Name Game : Since you have XP now..I would get a free copy of this program and set it up..

»www.xp-antispy.org/

What is XP-AntiSpy?

XP-AntiSpy is a little utility that let's you disable some built-in update and authetication 'features' in WindowsXP.
For example, there's a service running in the background wich is called 'Automatic Updates'. I don't know what this service transfers from my machine to other machines on the internet, especially the MS ones. So I play it safe and disable such functions. If you like, you can even disable these function manually, by going through the System and checking or unchecking some checkboxes. This will take you approximately half an hour. But why wasting time when a little neat utility can do the same in 1 minute? This utility was successfully tested by lots of users, and was found to disable all the known 'Suspicious' Functions in WindowsXP. It's customizeable, but comes up with the Default settings, which are recommended. If you like to get more information about those 'functions',read THIS.

This utility is FREEWARE! This means, you dont have to pay anything for this program and you can give it to anyone who's interested in, as long as you don't sell it. If you find this tool useful, and wanna gimme something back, then click on my sponsors.
Thanks.

Important information: The Domains www.xp-antispy.de und www.xpantispy.de do not belong to the project xp-AntiSpy anymore. The new owner offers only a dialer to download.
Please update any links and your bookmarks to www.xp-antispy.org
Greetings, -chris-
--
Gladiator Security Forum »www.gladiator-antivirus.com/]]> http://www.dslreports.com/forum/remark,8819988 Thu, 18 Dec 2003 00:08:05 EDT http://www.dslreports.com/forum/remark,8819955 Name Game : Nevermind...it is all in your posts in this other forum.

Logfile of HijackThis v1.97.7
Scan saved at 5:24:48 AM, on 12/17/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

»Need Help Optimizing My PC...
--
Gladiator Security Forum »www.gladiator-antivirus.com/]]> http://www.dslreports.com/forum/remark,8819955 Thu, 18 Dec 2003 00:03:28 EDT http://www.dslreports.com/forum/remark,8819916 Name Game : What version of Hijack this are you using ??? Sure you have the latest one ??
--
Gladiator Security Forum »www.gladiator-antivirus.com/]]> http://www.dslreports.com/forum/remark,8819916 Wed, 17 Dec 2003 23:58:01 EDT http://www.dslreports.com/forum/remark,8814632 Randy Bell : Hmmm .. I clicked on that link and it redirected *ME* to my own Start Page .. so I suppose it's harmless .. LOL. ;)
--
"But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13)]]> http://www.dslreports.com/forum/remark,8814632 Wed, 17 Dec 2003 14:53:10 EDT http://www.dslreports.com/forum/remark,8814613 Randy Bell : I would remove anything by using Add/Remove Programs and removing the app that put it there .. *NOT* by using HijackThis .. were I you.

I'm no expert, but your HJT logs look OK to me. Looks like you have EarthLink as Start Page and you use NAV. I'm curious what this "redirector" from "presario.net" is:

»search.presario.net/scripts/redi···&LC=0409

but other than that I don't see much out of the ordinary. ;)
--
"But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13)]]> http://www.dslreports.com/forum/remark,8814613 Wed, 17 Dec 2003 14:50:30 EDT http://www.dslreports.com/forum/remark,8814611 Paul928 : you might be better of posting this into the security forum....There's some super knowledgeable people over there.....good luck :)]]> http://www.dslreports.com/forum/remark,8814611 Wed, 17 Dec 2003 14:50:15 EDT http://www.dslreports.com/forum/remark,8814266 Xarcell : Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Default\My Documents\My Briefcase\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = »www.earthlink.net/partner/more/m···rch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = »www.earthlink.net/partner/more/m···rch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »www.earthlink.net/partner/more/m···rch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »search.presario.net/scripts/redi···&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »search.presario.net/scripts/redi···&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »search.presario.net/scripts/redi···&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »desktop.presario.net/scripts/red···9&c=3c99
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = »www.earthlink.net/partner/more/m···rch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: AltaVista Home - »jump.altavista.com/avie5/home
O8 - Extra context menu item: AV Search This Term - »jump.altavista.com/avie5/search
O8 - Extra context menu item: AV Translate Selection - »jump.altavista.com/avie5/babelfish
O8 - Extra context menu item: AV Translate this Web Page - »jump.altavista.com/avie5/babelfish
O9 - Extra 'Tools' menuitem: &AltaVista Home (HKLM)
O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM)
O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM)
O9 - Extra button: Translate (HKLM)
O9 - Extra 'Tools' menuitem: AV &Translate (HKLM)
O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - »https://www.play.net/components/activex/AXSAL.ocx
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - »v4.windowsupdate.microsoft.com/C···86412037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab

-------------------------------------------->

See anything I can safely remove?

I was thinking those "extra tools", extra context menu items", and "extra button ones" could be removed, along with the "presario" ones.

What ya think?

-Xarcell]]> http://www.dslreports.com/forum/remark,8814266 Wed, 17 Dec 2003 14:10:48 EDT