tman70 Posted October 31, 2004 Report Share Posted October 31, 2004 Logfile of HijackThis v1.98.2Scan saved at 12:40:02 PM, on 10/31/2004Platform: Windows ME (Win9x 4.90.3000)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\SYSTEM\KERNEL32.DLLC:\WINDOWS\SYSTEM\MSGSRV32.EXEC:\WINDOWS\SYSTEM\mmtask.tskC:\WINDOWS\SYSTEM\MPREXE.EXEC:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXEC:\WINDOWS\EXPLORER.EXEC:\WINDOWS\SYSTEM\RESTORE\STMGR.EXEC:\WINDOWS\SYSTEM\RPCSS.EXEC:\WINDOWS\SYSTEM\SYSTRAY.EXEC:\WINDOWS\STARTUPMONITOR.EXEC:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXEC:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXEC:\PROGRAM FILES\MEAYA\POPUP AD FILTER\POPFILTER.EXEC:\WINDOWS\SYSTEM\WMIEXE.EXEC:\PROGRAM FILES\EPROMPTER\EPROMPTER.EXEC:\PROGRAM FILES\WORDWEB\WWEB32.EXEC:\PROGRAM FILES\BHODEMON 2\BHODEMON.EXEC:\WINDOWS\SYSTEM\DDHELP.EXEC:\WINDOWS\SYSTEM\SPOOL32.EXEC:\WINDOWS\SYSTEM\LEXBCES.EXEC:\WINDOWS\SYSTEM\LEXPPS.EXEC:\WINDOWS\SYSTEM\STIMON.EXEC:\PROGRAM FILES\HIJACKTHIS1.98.2\HIJACKTHIS.EXER1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.a....0&bm=ho_searchR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avantbrowser.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://hp.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/ext/search/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://hp.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon OnlineO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.3\SDHELPER.DLLO2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLLO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCXO3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dllO4 - HKLM\..\Run: [systemTray] SysTray.ExeO4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exeO4 - HKLM\..\Run: [WinPatrol] C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXEO4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exeO4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exeO4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exeO4 - HKCU\..\Run: [Popup Ad Filter] C:\PROGRAM FILES\MEAYA\POPUP AD FILTER\POPFILTER.EXEO4 - Startup: ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exeO4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exeO4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exeO8 - Extra context menu item: Check &Spelling - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTMO8 - Extra context menu item: &ieSpell Options - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTMO8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.htmlO8 - Extra context menu item: RoboForm &2 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.htmlO8 - Extra context menu item: View This Page in Firefox - file://C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\Default User\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.htmlO8 - Extra context menu item: Open Link Target in Firefox - file://C:\WINDOWS\Application Data\Mozilla\Firefox\Profiles\Default User\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.htmlO9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM (file missing)O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLCHECK.HTM (file missing)O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM (file missing)O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\PROGRAM FILES\IESPELL\IESPELL.DLL/SPELLOPTION.HTM (file missing)O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO9 - Extra 'Tools' menuitem: RoboForm &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.htmlO14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.comO16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB Link to post Share on other sites
therock247uk Posted November 1, 2004 Report Share Posted November 1, 2004 What problem are you having with the Web search Results? Link to post Share on other sites
tman70 Posted November 1, 2004 Author Report Share Posted November 1, 2004 What problem are you having with the Web search Results?There are a couple of websites that just started having this "Web search Results" box popup and I can't seem to adblock it in Firefox or Avant. I don't see anything in the Hijackthis Log that might cause it. Just wanted another opinion.Thanks Link to post Share on other sites
Recommended Posts