Help: My HiJack Results...

Author	All Replies
Xarcell Premium join:2003-11-23 Kannapolis, NC	Help: My HiJack Results... Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Default\My Documents\My Briefcase\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = »www.earthlink.net/partner/more/m···rch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = »www.earthlink.net/partner/more/m···rch.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = »start.earthlink.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »start.earthlink.net/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = »www.earthlink.net/partner/more/m···rch.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = »search.presario.net/scripts/redi···&LC=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = »search.presario.net/scripts/redi···&LC=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = »search.presario.net/scripts/redi···&LC=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = »desktop.presario.net/scripts/red···9&c=3c99 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = »www.earthlink.net/partner/more/m···rch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: AltaVista Home - »jump.altavista.com/avie5/home O8 - Extra context menu item: AV Search This Term - »jump.altavista.com/avie5/search O8 - Extra context menu item: AV Translate Selection - »jump.altavista.com/avie5/babelfish O8 - Extra context menu item: AV Translate this Web Page - »jump.altavista.com/avie5/babelfish O9 - Extra 'Tools' menuitem: &AltaVista Home (HKLM) O9 - Extra 'Tools' menuitem: &Find Pages Linking to this URL (HKLM) O9 - Extra 'Tools' menuitem: Find Other Pages on this &Host (HKLM) O9 - Extra button: Translate (HKLM) O9 - Extra 'Tools' menuitem: AV &Translate (HKLM) O16 - DPF: {5721FA68-5ABD-40A8-81F1-4136691194BF} (Launcher Class) - »https://www.play.net/components/activex/AXSAL.ocx O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - »v4.windowsupdate.microsoft.com/C···86412037 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - »download.macromedia.com/pub/shoc···lash.cab --------------------------------------------> See anything I can safely remove? I was thinking those "extra tools", extra context menu items", and "extra button ones" could be removed, along with the "presario" ones. What ya think? -Xarcell
	to forum · permalink · · 2003-12-17 14:10:48 ·
Paul928 join:2000-05-06 Haverhill, MA	you might be better of posting this into the security forum....There's some super knowledgeable people over there.....good luck
	to forum · permalink · · 2003-12-17 14:50:15 ·
Randy Bell Premium join:2002-02-24 Santa Clara, CA	reply to Xarcell I would remove anything by using Add/Remove Programs and removing the app that put it there .. NOT by using HijackThis .. were I you. I'm no expert, but your HJT logs look OK to me. Looks like you have EarthLink as Start Page and you use NAV. I'm curious what this "redirector" from "presario.net" is: »search.presario.net/scripts/redi···&LC=0409 but other than that I don't see much out of the ordinary. -- "But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13)
	to forum · permalink · · 2003-12-17 14:50:30 ·
Randy Bell Premium join:2002-02-24 Santa Clara, CA	Hmmm .. I clicked on that link and it redirected ME to my own Start Page .. so I suppose it's harmless .. LOL. -- "But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13)
	to forum · permalink · · 2003-12-17 14:53:10 ·
Name Game Premium join:2002-07-07 North Myrtle Beach, SC	reply to Xarcell What version of Hijack this are you using ??? Sure you have the latest one ?? -- Gladiator Security Forum »www.gladiator-antivirus.com/
	to forum · permalink · · 2003-12-17 23:58:01 ·
Name Game Premium join:2002-07-07 North Myrtle Beach, SC	reply to Xarcell Nevermind...it is all in your posts in this other forum. Logfile of HijackThis v1.97.7 Scan saved at 5:24:48 AM, on 12/17/2003 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) »Need Help Optimizing My PC... -- Gladiator Security Forum »www.gladiator-antivirus.com/
	to forum · permalink · · 2003-12-18 00:03:28 ·
Name Game Premium join:2002-07-07 North Myrtle Beach, SC	reply to Xarcell Since you have XP now..I would get a free copy of this program and set it up.. »www.xp-antispy.org/ What is XP-AntiSpy? XP-AntiSpy is a little utility that let's you disable some built-in update and authetication 'features' in WindowsXP. For example, there's a service running in the background wich is called 'Automatic Updates'. I don't know what this service transfers from my machine to other machines on the internet, especially the MS ones. So I play it safe and disable such functions. If you like, you can even disable these function manually, by going through the System and checking or unchecking some checkboxes. This will take you approximately half an hour. But why wasting time when a little neat utility can do the same in 1 minute? This utility was successfully tested by lots of users, and was found to disable all the known 'Suspicious' Functions in WindowsXP. It's customizeable, but comes up with the Default settings, which are recommended. If you like to get more information about those 'functions',read THIS. This utility is FREEWARE! This means, you dont have to pay anything for this program and you can give it to anyone who's interested in, as long as you don't sell it. If you find this tool useful, and wanna gimme something back, then click on my sponsors. Thanks. Important information: The Domains www.xp-antispy.de und www.xpantispy.de do not belong to the project xp-AntiSpy anymore. The new owner offers only a dialer to download. Please update any links and your bookmarks to www.xp-antispy.org Greetings, -chris- -- Gladiator Security Forum »www.gladiator-antivirus.com/
	to forum · permalink · · 2003-12-18 00:08:05 ·
normmork join:2003-10-23 Canada	reply to Xarcell PLkease read this thread as it will give you a good idea what to do: »Security »I think my computer is infected or hijacked. What should I do?
	to forum · permalink · · 2003-12-18 09:53:29 ·


Sunday, 05-Jul 06:01:38	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9.5 years online! © 1999-2009 dslreports.com. page compression OFF