Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

Get answers from experts today. (it's 100% free). Spyware, Virus, Trojan, Rootkit? Remove malware > Virus Removal Forum. Learn how it works.

Create an Account Login to Account


Review Hijack Log


  • This topic is locked This topic is locked
5 replies to this topic

#1 Guest_golfer59_*

Guest_golfer59_*
  • Guests

Posted 13 November 2003 - 07:45 PM

Can anyone assist me with identifying what to delete? Thanks in advance.

Logfile of HijackThis v1.97.6
Scan saved at 7:44:43 PM, on 11/13/2003
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\EPOAgent\naimas32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\EPOAgent\naimag32.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINNT\Profiles\Administrator\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.fastwebfinder.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fastwebfinder.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fastwebfinder.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastwebfinder.com/hp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastwebfinder.com/sp.php
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DNSErr object - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\WINNT\dnse.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NaimAgent_UI] C:\EPOAgent\naimag32.exe
O4 - HKCU\..\Run: [ld] C:\WINNT\ld.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O13 - WWW. Prefix: http://
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7890.3579398148
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

#2 OlTramp

OlTramp

    Authentic Member

  • Authentic Member
  • PipPip
  • 20 posts

Posted 13 November 2003 - 08:13 PM

Hi golfer59-
Close all browsers and rerun HJT. Check and click fix checked for all of the following-
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.fastwebfinder.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fastwebfinder.com/sp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.fastwebfinder.com/sp.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastwebfinder.com/hp.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastwebfinder.com/sp.php
O2 - BHO: DNSErr object - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - C:\WINNT\dnse.dll
This one I'm not sure what it is. Maybe you do?
O4 - HKCU\..\Run: [ld] C:\WINNT\ld.exe
Proud member since 2004

This site is here to help. Please donate to help keep it going.

#3 Guest_Guest_*

Guest_Guest_*
  • Guests

Posted 13 November 2003 - 08:32 PM

Hi OlTramp, Thank you very much. I removed all of the entires and I believe IE is operating normally again. Thanks a lot, I really appreciate your help. golfer59

#4 cnm

cnm

    -

  • Visiting Fellow
  • PipPipPipPip
  • 654 posts

Posted 13 November 2003 - 08:39 PM

You should be able to delete this file: C:\WINNT\ld.exe now that you have fixed its O4 startup.
Microsoft MVP Windows-Security 2005 Posted Image
The Boot camp at Spywareinfo.com

#5 Guest_golfer59_*

Guest_golfer59_*
  • Guests

Posted 14 November 2003 - 10:56 AM

cnm, Thanks. I have removed the file. golfer59

#6 cnm

cnm

    -

  • Visiting Fellow
  • PipPipPipPip
  • 654 posts

Posted 14 November 2003 - 11:04 AM

Glad we could help. :)

If you need this topic reopened, please request this by sending
Email to Zero or
Email to cnm or
Email to Coyote
Choose only one of the above
Include your post user name and detail why you need it reopened with a valid link to your post, any bad links or emails that are not from the original poster will be deleted without response.

Others please start a New Topic.
Microsoft MVP Windows-Security 2005 Posted Image
The Boot camp at Spywareinfo.com



Similar Topics: Review Hijack Log     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users