Everytime I restart my computer, a search assistant toolbar re-appears in the toolbar at the bottom of my screen, resetting all my qicklaunch icons. Even if I turn it off by right-clicking, it re-appears the next time. I have run ad-aware and spybot, and it is still there.
Here is my hijack log:
Logfile of HijackThis v1.97.7
Scan saved at 14:33:57, on 12/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\system32\gearsec.exe
E:\WINNT\System32\inetsrv\inetinfo.exe
E:\PROGRA~1\Iomega\System32\AppServices.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINNT\System32\tcpsvcs.exe
E:\WINNT\system32\slserv.exe
E:\WINNT\System32\snmp.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
E:\Program Files\Trend Micro\Internet Security\tmproxy.exe
E:\Program Files\Iomega\AutoDisk\ADService.exe
E:\WINNT\System32\mqsvc.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Trend Micro\Internet Security\PccPfw.exe
E:\WINNT\System32\sistray.EXE
E:\WINNT\System32\ch_utility.exe
E:\WINNT\System32\khooker.exe
E:\WINNT\soundman.exe
E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\Program Files\Microsoft Hardware\Mouse\point32.exe
E:\Program Files\Iomega\AutoDisk\ADUserMon.exe
E:\Program Files\Iomega\DriveIcons\ImgIcon.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Trend Micro\Internet Security\pccguide.exe
E:\Program Files\Trend Micro\Internet Security\PCClient.exe
E:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
E:\WINNT\System32\zojapd.exe
E:\Program Files\WindowsSA\omniscient.exe
E:\WINNT\System32\ctfmon.exe
C:\Program Files\CConnect\CConnect.exe
E:\Program Files\OEM\Quick Button XP\QuickPB.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Windows Media Player\wmplayer.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.252.224.4:8080
F2 - REG:system.ini: UserInit=E:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\winnt\googletoolbar_en_2.0.111-big.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\winnt\googletoolbar_en_2.0.111-big.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] E:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [Chrontel TV] E:\WINNT\System32\ch_utility.exe
O4 - HKLM\..\Run: [SiS KHooker] E:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MessengerPlus2] "E:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [ADUserMon] E:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] E:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] E:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [pccguide.exe] "E:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "E:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "E:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [%%DELETE_VALUE%%] CreateCD50
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [giyqujlwvbeo] E:\WINNT\System32\zojapd.exe
O4 - HKLM\..\Run: [Windows SA] E:\Program Files\WindowsSA\omniscient.exe
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINNT\System32\ctfmon.exe
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: QuickPB.lnk = E:\Program Files\OEM\Quick Button XP\QuickPB.exe
O8 - Extra context menu item: &Google Search - res://e:\winnt\GoogleToolbar_en_2.0.111-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://e:\winnt\GoogleToolbar_en_2.0.111-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://e:\winnt\GoogleToolbar_en_2.0.111-big.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://e:\winnt\GoogleToolbar_en_2.0.111-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\winnt\GoogleToolbar_en_2.0.111-big.dll/cmtrans.html
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: E:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058486uk.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7656.3796412037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC1FB0DE-4050-40EB-AEA7-009DFD6452A2}: NameServer = 192.168.0.1
Please look at this Hijack log
Started by
Croz
, Jun 12 2004 01:43 PM
4 replies to this topic
#2
LoPhatPhuud
-
- General Admin
-
- 15,731 posts
Master of Disaster Recovery
Posted 12 June 2004 - 11:27 PM
Before we begin, please be sure that HiJackThis is in its own folder. This will allow us to use backups to restore entries if necessary. I suggest 'c:\program files\hijackthis\' but any folder other than the Desktop or a temporary folder is fine.
Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT
Check the following items in HijackThis.
F2 - REG:system.ini: UserInit=E:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O4 - HKLM\..\Run: [giyqujlwvbeo] E:\WINNT\System32\zojapd.exe
O4 - HKLM\..\Run: [Windows SA] E:\Program Files\WindowsSA\omniscient.exe
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058486uk.exe
Close all windows except HijackThis and click Fix checked:
While still in Safe Mode*, delete the following: (you may need to show hidden files**)
E:\Windows\System32\wsaupdater.exe,
E:\WINNT\System32\zojapd.exe
E:\Program Files\WindowsSA\ <-- delete entire folder
*How to Boot into Safe mode: http://service1.syma...001052409420406
**Show Hidden and System files and folders
http://www.xtra.co.n...1916458,00.html
Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.
Reboot in normal mode.
Run HiJackThis again and post a new log in this thread.
Reboot in Safe Mode* and run HiJackThis. <-- IMPORTANT
Check the following items in HijackThis.
F2 - REG:system.ini: UserInit=E:\Windows\System32\wsaupdater.exe,
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)
O4 - HKLM\..\Run: [giyqujlwvbeo] E:\WINNT\System32\zojapd.exe
O4 - HKLM\..\Run: [Windows SA] E:\Program Files\WindowsSA\omniscient.exe
O16 - DPF: {034CC2DC-3245-4B26-B5C7-7B8777739CB7} - http://64.156.31.70/058486uk.exe
Close all windows except HijackThis and click Fix checked:
While still in Safe Mode*, delete the following: (you may need to show hidden files**)
E:\Windows\System32\wsaupdater.exe,
E:\WINNT\System32\zojapd.exe
E:\Program Files\WindowsSA\ <-- delete entire folder
*How to Boot into Safe mode: http://service1.syma...001052409420406
**Show Hidden and System files and folders
http://www.xtra.co.n...1916458,00.html
Also, uncheck the boxes for hiding known file extensions and hiding protected operating system files. We want to see it all. When we finish here, it would be a good idea to rehide the protected operating system files but leave the rest to be shown.
Reboot in normal mode.
Run HiJackThis again and post a new log in this thread.
#3
Croz
-
- Member
-
- 3 posts
New Member
Posted 13 June 2004 - 12:27 AM
Ok, I have done all that. The search assistant toolbar still re-appeared at the bottom at restart, but the green arrow icon has disappeard on the search button.
Hijackthis log:
Logfile of HijackThis v1.97.7
Scan saved at 01:24:37, on 13/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\system32\gearsec.exe
E:\WINNT\System32\inetsrv\inetinfo.exe
E:\PROGRA~1\Iomega\System32\AppServices.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINNT\System32\tcpsvcs.exe
E:\WINNT\system32\slserv.exe
E:\WINNT\System32\snmp.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
E:\Program Files\Trend Micro\Internet Security\tmproxy.exe
E:\Program Files\Iomega\AutoDisk\ADService.exe
E:\WINNT\System32\mqsvc.exe
E:\Program Files\Trend Micro\Internet Security\PccPfw.exe
E:\WINNT\Explorer.EXE
E:\WINNT\System32\sistray.EXE
E:\WINNT\System32\ch_utility.exe
E:\WINNT\System32\khooker.exe
E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\Program Files\Microsoft Hardware\Mouse\point32.exe
E:\Program Files\Iomega\AutoDisk\ADUserMon.exe
E:\Program Files\Iomega\DriveIcons\ImgIcon.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Trend Micro\Internet Security\pccguide.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Trend Micro\Internet Security\PCClient.exe
E:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\WINNT\System32\ctfmon.exe
C:\Program Files\CConnect\CConnect.exe
E:\Program Files\OEM\Quick Button XP\QuickPB.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.252.224.4:8080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\winnt\googletoolbar_en_2.0.111-big.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\winnt\googletoolbar_en_2.0.111-big.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] E:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [Chrontel TV] E:\WINNT\System32\ch_utility.exe
O4 - HKLM\..\Run: [SiS KHooker] E:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MessengerPlus2] "E:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [ADUserMon] E:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] E:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] E:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [pccguide.exe] "E:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "E:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "E:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [%%DELETE_VALUE%%] CreateCD50
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINNT\System32\ctfmon.exe
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: QuickPB.lnk = E:\Program Files\OEM\Quick Button XP\QuickPB.exe
O8 - Extra context menu item: &Google Search - res://e:\winnt\GoogleToolbar_en_2.0.111-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://e:\winnt\GoogleToolbar_en_2.0.111-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://e:\winnt\GoogleToolbar_en_2.0.111-big.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://e:\winnt\GoogleToolbar_en_2.0.111-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\winnt\GoogleToolbar_en_2.0.111-big.dll/cmtrans.html
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: E:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7656.3796412037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC1FB0DE-4050-40EB-AEA7-009DFD6452A2}: NameServer = 192.168.0.1
Hijackthis log:
Logfile of HijackThis v1.97.7
Scan saved at 01:24:37, on 13/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\system32\gearsec.exe
E:\WINNT\System32\inetsrv\inetinfo.exe
E:\PROGRA~1\Iomega\System32\AppServices.exe
E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
E:\WINNT\System32\tcpsvcs.exe
E:\WINNT\system32\slserv.exe
E:\WINNT\System32\snmp.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
E:\Program Files\Trend Micro\Internet Security\tmproxy.exe
E:\Program Files\Iomega\AutoDisk\ADService.exe
E:\WINNT\System32\mqsvc.exe
E:\Program Files\Trend Micro\Internet Security\PccPfw.exe
E:\WINNT\Explorer.EXE
E:\WINNT\System32\sistray.EXE
E:\WINNT\System32\ch_utility.exe
E:\WINNT\System32\khooker.exe
E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\Program Files\Microsoft Hardware\Mouse\point32.exe
E:\Program Files\Iomega\AutoDisk\ADUserMon.exe
E:\Program Files\Iomega\DriveIcons\ImgIcon.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Trend Micro\Internet Security\pccguide.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Trend Micro\Internet Security\PCClient.exe
E:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
E:\Program Files\MSN Messenger\msnmsgr.exe
E:\WINNT\System32\ctfmon.exe
C:\Program Files\CConnect\CConnect.exe
E:\Program Files\OEM\Quick Button XP\QuickPB.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.252.224.4:8080
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\winnt\googletoolbar_en_2.0.111-big.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\winnt\googletoolbar_en_2.0.111-big.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] E:\WINNT\System32\sistray.EXE
O4 - HKLM\..\Run: [Chrontel TV] E:\WINNT\System32\ch_utility.exe
O4 - HKLM\..\Run: [SiS KHooker] E:\WINNT\System32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] E:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MessengerPlus2] "E:\Program Files\Messenger Plus! 2\MsgPlus.exe"
O4 - HKLM\..\Run: [ADUserMon] E:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] E:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [Deskup] E:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINNT\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINNT\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [pccguide.exe] "E:\Program Files\Trend Micro\Internet Security\pccguide.exe"
O4 - HKLM\..\Run: [PCClient.exe] "E:\Program Files\Trend Micro\Internet Security\PCClient.exe"
O4 - HKLM\..\Run: [TM Outbreak Agent] "E:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
O4 - HKLM\..\Run: [%%DELETE_VALUE%%] CreateCD50
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [msnmsgr] "E:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINNT\System32\ctfmon.exe
O4 - Global Startup: CorrectConnect.lnk = C:\Program Files\CConnect\CConnect.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = E:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: QuickPB.lnk = E:\Program Files\OEM\Quick Button XP\QuickPB.exe
O8 - Extra context menu item: &Google Search - res://e:\winnt\GoogleToolbar_en_2.0.111-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://e:\winnt\GoogleToolbar_en_2.0.111-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://e:\winnt\GoogleToolbar_en_2.0.111-big.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://e:\winnt\GoogleToolbar_en_2.0.111-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\winnt\GoogleToolbar_en_2.0.111-big.dll/cmtrans.html
O9 - Extra button: Research (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .pdf: E:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7656.3796412037
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BC1FB0DE-4050-40EB-AEA7-009DFD6452A2}: NameServer = 192.168.0.1
#4
LoPhatPhuud
-
- General Admin
-
- 15,731 posts
Master of Disaster Recovery
Posted 13 June 2004 - 01:30 AM
The toolbar itself has been removed. Are you talking about the word 'Search Assistant' that appear when you right click on the Taskbar and select toolbars?
Other than that, your log is clean. Here is some info re protecting yourself.
1. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
2. Download and install the following free programs]
a. SpywareBlaster: http://www.javacools...areblaster.html
b. SpywareGuard: http://www.wildersse...ywareguard.html
c. IE/Spyad: http://www.staff.uiu...es/resource.htm
1. Install Spyware Detection and Removal Programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
a. AdAware: http://www.lavasoft.de/
b. Spybot S&D: http://security.koll...n&page=download
For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiat...?showtopic=9857
Other than that, your log is clean. Here is some info re protecting yourself.
1. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
2. Download and install the following free programs]
a. SpywareBlaster: http://www.javacools...areblaster.html
b. SpywareGuard: http://www.wildersse...ywareguard.html
c. IE/Spyad: http://www.staff.uiu...es/resource.htm
1. Install Spyware Detection and Removal Programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
a. AdAware: http://www.lavasoft.de/
b. Spybot S&D: http://security.koll...n&page=download
For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiat...?showtopic=9857
#5
Croz
-
- Member
-
- 3 posts
New Member
Posted 13 June 2004 - 12:04 PM
I have just restarted my computer again this morning, and the search assistant has disappeared, so it looks like the problem has been sorted.
Thanks for the help.
Thanks for the help.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
