|
|
|
re: 180search assistant and web search tools HELPPPPPPPp
Wednesday, December 29, 2004 at 9:12 pm
Windows 2000 Annoyances Discussion Forum
Posted by MELISSA
(6 messages posted)
Ok, here is my hijack this log. I have no idea how to read this, but... here goes.
Logfile of HijackThis v1.99.0
Scan saved at 11:53:48 PM, on 12/29/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINNT\System32\smss.exe
D:\WINNT\system32\winlogon.exe
D:\WINNT\system32\services.exe
D:\WINNT\system32\lsass.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\system32\spoolsv.exe
D:\WINNT\System32\ezkeyex.exe
D:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
D:\WINNT\System32\svchost.exe
D:\WINNT\system32\regsvc.exe
D:\WINNT\system32\MSTask.exe
D:\WINNT\System32\WBEM\WinMgmt.exe
D:\WINNT\system32\svchost.exe
D:\WINNT\Explorer.EXE
D:\WINNT\System32\svchost.exe
D:\Program Files\QuickTime\qttask.exe
D:\WINNT\system32\ptrun32\ptrun32.exe
D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Winamp\winampa.exe
D:\WINNT\System32\CtrlVol.exe
D:\WINNT\system32\ptrun32\ptrun32.exe
D:\WINNT\System32\Keymap.exe
D:\PROGRA~1\ThinkPad\EASYLA~1\TPHKMGR.exe
D:\WINNT\system32\tp4serv.exe
D:\winnt\180ax.exe
D:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\Program Files\AIM\aim.exe
D:\WINNT\system32\ptrun32\ptr32w.exe
D:\WINNT\system32\rundll32.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
D:\Program Files\ThinkPad\Easy Launch buttons\EZICON.EXE
D:\WINNT\system32\rundll32.exe
D:\Program Files\ThinkPad\Easy Launch buttons\TPONSCR.exe
D:\Program Files\Common Files\WinTools\WSup.exe
D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
D:\Documents and Settings\Melissa\Desktop\HiJack This\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50195
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50195
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50195
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O1 - Hosts: 255.255.255.255 www.casinoxo.com
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O1 - Hosts: 255.255.255.255 www.theblackjacktable.com
O2 - BHO: (no name) - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program
Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - D:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ptrun32] D:\WINNT\system32\ptrun32\ptrun32.exe -startup
O4 - HKLM\..\Run: [ViewMgr] D:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [SurfBuddy] rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] D:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [CtrlVolume] D:\WINNT\System32\CtrlVol.exe
O4 - HKLM\..\Run: [Keymap] D:\WINNT\System32\Keymap.exe
O4 - HKLM\..\Run: [TPHOTKEY] D:\PROGRA~1\ThinkPad\EASYLA~1\TPHKMGR.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [180ax] d:\winnt\180ax.exe
O4 - HKLM\..\Run: [WinTools] D:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [qrkjub] D:\WINNT\qrkjub.exe
O4 - HKCU\..\Run: [PTRUN32] D:\WINNT\system32\ptrun32\ptr32w.exe
O4 - HKCU\..\Run: [SurfBuddy] rundll32 "C:\Program Files\SurfBuddy\sbuddy.dll",run
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\Program Files\Panicware\Pop-Up Stopper
Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Tsa2] D:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O4 - Global Startup: WinZip Quick Pick.lnk.disabled
O8 - Extra context menu item: &AIM Search - res://D:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - D:\WINNT\system32\Shdocvw.dll
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://wdownload.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl
Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {E0CE16CB-741C-4B24-8D04-A817856E07F4} - http://cabs.media-motor.net/cabs/mmed.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - file://E:\games\WebDriverFullInstall.exe
O23 - Service: AOL Connectivity Service - America Online, Inc. - D:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp.
- D:\WINNT\System32\dmadmin.exe
O23 - Service: Ezkey Panel Service - Acer Softech - D:\WINNT\System32\ezkeyex.exe
O23 - Service: WinTools for IE service - Unknown - D:\Program Files\Common Files\WinTools\WToolsS.exe
(file missing)
On Wednesday, December 29, 2004 at 4:21 am, MrCharlie wrote:
>
>Can you please post a HiJackThis scan of your system. Download HJT into its own
folder,
>double click on the HJT.exe, scan and save log, note or word pad will open and
the
>log will be saved. Copy and paste that log into your reply. Please make sure you
>check the "preserve spacing button" on the bottom of the posting page.
>Download HJT.exe
>MrC
>
>
>
>
>
>
>
|
All messages in this thread [show all]
 |  |  | re: 180search assistant and web search tools HELPPPPPPPp (MELISSA: Wed, Dec 29, 2004, 9:12 pm) |
| |
| |
Return to the Windows 2000 Discussion Forum
|
|
|
|
