Help w/HT log re:google redirect

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Lowbrow

Thread Starter
Joined
Sep 26, 2003
Messages
5
My turn to seek aid with fixing the rampant search redirect headache.

Ran adaware, spybot, and now am posting my HT log.
Thanks to respondents - let me know what to zap!
(IE 6)
:p

Logfile of HijackThis v1.97.2
Scan saved at 12:40:08 AM, on 9/26/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
C:\Program Files\Common Files\Microsoft Shared\Works

Shared\wkcalrem.exe
C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\Documents and Settings\default\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.nytimes.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

C:\WINDOWS\SYSTEM\blank.htm
O1 - Hosts: 65.120.116.173 lite.aimster.com
O1 - Hosts: 65.120.116.172 mini.aimster.com
O1 - Hosts: 65.120.116.174 www.aimster.com
O1 - Hosts: 127.127.127.127 elite
O1 - Hosts: 64.191.95.139 www.google.com
O1 - Hosts: 64.191.95.139 www.altavista.com
O1 - Hosts: 64.191.95.139 altavista.com
O1 - Hosts: 64.191.95.139 search.yahoo.co.jp
O1 - Hosts: 64.191.95.139 www.lycos.de
O1 - Hosts: 64.191.95.139 www.lycos.ca
O1 - Hosts: 64.191.95.139 www.lycos.jp
O1 - Hosts: 64.191.95.139 www.lycos.co.jp
O1 - Hosts: 64.191.95.139 alltheweb.com
O1 - Hosts: 64.191.95.139 web.ask.com
O1 - Hosts: 64.191.95.139 ask.com
O1 - Hosts: 64.191.95.139 www.ask.com
O1 - Hosts: 64.191.95.139 www.teoma.com
O1 - Hosts: 64.191.95.139 search.aol.com
O1 - Hosts: 64.191.95.139 www.looksmart.com
O1 - Hosts: 64.191.95.139 search.fr.msn.be
O1 - Hosts: 64.191.95.139 search.fr.msn.ch
O1 - Hosts: 64.191.95.139 search.latam.yupimsn.com
O1 - Hosts: 64.191.95.139 search.msn.at
O1 - Hosts: 64.191.95.139 search.msn.be
O1 - Hosts: 64.191.95.139 search.msn.ch
O1 - Hosts: 64.191.95.139 search.msn.co.in
O1 - Hosts: 64.191.95.139 search.msn.co.jp
O1 - Hosts: 64.191.95.139 search.msn.co.kr
O1 - Hosts: 64.191.95.139 search.msn.co.za
O1 - Hosts: 64.191.95.139 search.msn.de
O1 - Hosts: 64.191.95.139 search.msn.dk
O1 - Hosts: 64.191.95.139 search.msn.es
O1 - Hosts: 64.191.95.139 search.msn.fi
O1 - Hosts: 64.191.95.139 search.msn.fr
O1 - Hosts: 64.191.95.139 search.msn.it
O1 - Hosts: 64.191.95.139 search.msn.nl
O1 - Hosts: 64.191.95.139 search.msn.no
O1 - Hosts: 64.191.95.139 search.msn.se
O1 - Hosts: 64.191.95.139 search.ninemsn.com.au
O1 - Hosts: 64.191.95.139 search.t1msn.com.mx
O1 - Hosts: 64.191.95.139 search.xtramsn.co.nz
O1 - Hosts: 64.191.95.139 search.yupimsn.com
O1 - Hosts: 64.191.95.139 search.lycos.com
O1 - Hosts: 64.191.95.139 www.lycos.com
O1 - Hosts: 64.191.95.139 www.google.ca
O1 - Hosts: 64.191.95.139 www.google.uk
O1 - Hosts: 64.191.95.139 www.google.co.uk
O1 - Hosts: 64.191.95.139 www.google.com.au
O1 - Hosts: 64.191.95.139 www.google.co.jp
O1 - Hosts: 64.191.95.139 www.google.jp
O1 - Hosts: 64.191.95.139 www.google.at
O1 - Hosts: 64.191.95.139 www.google.be
O1 - Hosts: 64.191.95.139 www.google.ch
O1 - Hosts: 64.191.95.139 www.google.de
O1 - Hosts: 64.191.95.139 www.google.dk
O1 - Hosts: 64.191.95.139 www.google.fi
O1 - Hosts: 64.191.95.139 www.google.fr
O1 - Hosts: 64.191.95.139 www.google.com.gr
O1 - Hosts: 64.191.95.139 www.google.com.hk
O1 - Hosts: 64.191.95.139 www.google.ie
O1 - Hosts: 64.191.95.139 www.google.co.il
O1 - Hosts: 64.191.95.139 www.google.it
O1 - Hosts: 64.191.95.139 www.google.co.kr
O1 - Hosts: 64.191.95.139 www.google.com.mx
O1 - Hosts: 64.191.95.139 www.google.nl
O1 - Hosts: 64.191.95.139 www.google.co.nz
O1 - Hosts: 64.191.95.139 www.google.pl
O1 - Hosts: 64.191.95.139 www.google.pt
O1 - Hosts: 64.191.95.139 www.google.com.ru
O1 - Hosts: 64.191.95.139 www.google.com.sg
O1 - Hosts: 64.191.95.139 www.google.co.th
O1 - Hosts: 64.191.95.139 www.google.com.tr
O1 - Hosts: 64.191.95.139 www.google.com.tw
O1 - Hosts: 64.191.95.139 google.at
O1 - Hosts: 64.191.95.139 google.be
O1 - Hosts: 64.191.95.139 google.dk
O1 - Hosts: 64.191.95.139 google.fi
O1 - Hosts: 64.191.95.139 google.fr
O1 - Hosts: 64.191.95.139 google.com.hk
O1 - Hosts: 64.191.95.139 google.ie
O1 - Hosts: 64.191.95.139 google.co.il
O1 - Hosts: 64.191.95.139 google.it
O1 - Hosts: 64.191.95.139 google.co.kr
O1 - Hosts: 64.191.95.139 google.com.mx
O1 - Hosts: 64.191.95.139 google.nl
O1 - Hosts: 64.191.95.139 google.co.nz
O1 - Hosts: 64.191.95.139 google.pl
O1 - Hosts: 64.191.95.139 google.com.ru
O1 - Hosts: 64.191.95.139 google.com.sg
O1 - Hosts: 64.191.95.139 www.hotbot.com
O1 - Hosts: 64.191.95.139 hotbot.com
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

- C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no

file)
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program

Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

/background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition]

"C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink

TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk =

C:\Program Files\Common Files\Microsoft Shared\Works

Shared\wkcalrem.exe
O4 - Global Startup: Aimster.lnk = C:\Program

Files\Aimster\AimsterCheck.exe
O4 - Global Startup: Camio Viewer 3.2.lnk = C:\Program Files\Sierra

Imaging\Image Expert 2000\IXApplet.exe
O4 - Global Startup: America Online 6.0 Tray Icon.lnk = C:\America

Online 6.0\aoltray.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone

Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel

present
O8 - Extra context menu item: &Define - C:\Program Files\Common

Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program

Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia (HKLM)
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia (HKLM)
O9 - Extra button: Define (HKLM)
O9 - Extra 'Tools' menuitem: Define (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Dell Home (HKCU)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX

Control) -

http://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield

International Setup Player) -

http://www.installengine.com/engine/isetup.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class)

- http://www.verizon.net/getdsl/system_check/images/MotivePreQual.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash

Object) -

http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
 
Joined
Nov 10, 2002
Messages
1,344
Zap:

All O1 entries
O3 - Toolbar: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - (no
file)
 

Lowbrow

Thread Starter
Joined
Sep 26, 2003
Messages
5
Thanks TB - functioning normally now -can I safely delete all those backups HT flew to my desktop?

Much obliged!(y)
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top