• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
gemstar

Please help rid my computer of msiesh

6 posts in this topic

Hello, I am trying to remove msiesh from my computer. I have run a HijackThis log and got this back:

 

Logfile of HijackThis v1.97.7

Scan saved at 9:58:11 AM, on 16/05/2004

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ATIPTAXX.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE

C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\LOADQM.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\COMMON FILES\KODAK\HYDRA_DR\DCFSSVC.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\WINDOWS\AU10TRAY.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE

C:\COREL\SUITE8\PROGRAMS\DAD8.EXE

C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE

C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\WINDOWS\SYSTEM\LEXPPS.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\WINDOWS\SYSTEM\PSTORES.EXE

C:\WINDOWS\FREECELL.EXE

C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.audioseek.net/iesearch/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080

O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} -   ¦C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.DLL (file missing)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -   ¦C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)

O2 - BHO: (no name) - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} -   ¦C:\WINDOWS\SYSTEM\AHIEHELP.DLL (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -   ¦c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)

O2 - BHO: Adult Links - {765E6B09-6832-4738-BDBE-25F226BA2AB0} -   ¦C:\WINDOWS\SYSTEM\QCBAR.DLL (file missing)

O2 - BHO: (no name) - {21055000-59E8-11D7-B64E-0010B50E3D56} -   ¦C:\WINDOWS\SYSTEM\MO030414S.DLL (file missing)

O2 - BHO: (no name) - {1BB70961-80E7-11D7-B64E-0010B50E3D56} -   ¦C:\WINDOWS\SYSTEM\BWCLREEX.DLL (file missing)

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} -   ¦C:\WINDOWS\TWAINTEC.DLL (file missing)

O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000001} - C:\WINDOWS\SYSTEM\SAFESEARCH.DLL (file missing)

O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\IEXH\IEXH32.DLL

O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\MSNT\MSIESH.DLL

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\IEXH\MSSEARCH.DLL

O3 - Toolbar: Comet Cursor Companion - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\WINDOWS\SYSTEM\COMET\BIN\CSIETB.DLL (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adult Links - {765E6B09-6832-4738-BDBE-25F226BA2AB0} -   ¦C:\WINDOWS\SYSTEM\QCBAR.DLL (file missing)

O3 - Toolbar: PrimeSoft - {00000000-0000-0000-0000-000000000001} - C:\WINDOWS\SYSTEM\SAFESEARCH.DLL (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe

O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au10setp.exe 3

O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [sVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE

O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHERBUG.EXE 1

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\WINDOWS\NEWDOT~2.DLL,NewDotNetStartup

O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize

O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE

O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [Dcfssvc] C:\PROGRA~1\COMMON~1\KODAK\HYDRA_DR\DCFSSVC.EXE --pdr: ""C:\Program Files\Common Files\KODAK\HYDRA_DR\dcmnter.pdr""

O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE"

O4 - HKLM\..\Run: [sENTRY] C:\WINDOWS\SENTRY.exe

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\IMAGE.NEW,Install

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [RealJukeboxSystray] C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE

O4 - HKCU\..\Run: [msbb] C:\PROGRAM FILES\N-CASE\MSBB.EXE

O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\UPDATE.EXE /startup

O4 - HKCU\..\Run: [Rhss] C:\WINDOWS\Application Data\oabu.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\IMAGE.NEW,Install

O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O4 - Startup: PowerReg SchedulerV2.exe

O4 - Startup: Corel DAD 8 (gestionnaire des applications du bureau).LNK = C:\Corel\Suite8\Programs\DAD8.EXE

O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe

O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: @Home (HKCU)

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .hlq: C:\PROGRA~1\INTERN~1\PLUGINS\nphcd32.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .wav: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll

O14 - IERESET.INF: START_PAGE_URL=http://home.excite.ca/

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E98B87EE-3FCB-11D3-8A62-00C0F03C3792} (FTWL Class) - http://download1.firetalk.com/FireTalk/MFT...WebLauncher.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: Yahoo! Pyramids - http://download.yahoo.com/games/clients/y/pyr0_x.cab

O16 - DPF: Yahoo! Klondike Solitaire - http://download.yahoo.com/games/clients/y/ks5_x.cab

O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://64.89.104.83/surferplugin.ocx

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200112...meInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.201/quickdl/proclaim2/NSupd9x.cab

O16 - DPF: {765E6B09-6832-4738-BDBE-25F226BA2AB0} (Adult Links) - http://www.mainentrypoint.com/linkzz/QcBar.cab

O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/dn/Browser_Plugin.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

 

Thank you for any help you can give me.

Share this post


Link to post
Share on other sites

Hi gemstar,

 

Go to Add/Remove Software and see if you can remove NewDotNet aka New.Net (Domains) there, either way continue with the following.

 

Check the following items in HijackThis.

Close all windows except HijackThis and click Fix checked:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.audioseek.net/iesearch/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049

 

O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} - ¦C:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.DLL (file missing)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - ¦C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)

O2 - BHO: (no name) - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - ¦C:\WINDOWS\SYSTEM\AHIEHELP.DLL (file missing)

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - ¦c:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)

O2 - BHO: Adult Links - {765E6B09-6832-4738-BDBE-25F226BA2AB0} - ¦C:\WINDOWS\SYSTEM\QCBAR.DLL (file missing)

O2 - BHO: (no name) - {21055000-59E8-11D7-B64E-0010B50E3D56} - ¦C:\WINDOWS\SYSTEM\MO030414S.DLL (file missing)

O2 - BHO: (no name) - {1BB70961-80E7-11D7-B64E-0010B50E3D56} - ¦C:\WINDOWS\SYSTEM\BWCLREEX.DLL (file missing)

O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - ¦C:\WINDOWS\TWAINTEC.DLL (file missing)

O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000001} - C:\WINDOWS\SYSTEM\SAFESEARCH.DLL (file missing)

O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\IEXH\IEXH32.DLL

O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\MSNT\MSIESH.DLL

O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\IEXH\MSSEARCH.DLL

O3 - Toolbar: Comet Cursor Companion - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\WINDOWS\SYSTEM\COMET\BIN\CSIETB.DLL (file missing)

 

O3 - Toolbar: Adult Links - {765E6B09-6832-4738-BDBE-25F226BA2AB0} - ¦C:\WINDOWS\SYSTEM\QCBAR.DLL (file missing)

O3 - Toolbar: PrimeSoft - {00000000-0000-0000-0000-000000000001} - C:\WINDOWS\SYSTEM\SAFESEARCH.DLL (file missing)

 

O4 - HKLM\..\Run: [sVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE

 

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\WINDOWS\NEWDOT~2.DLL,NewDotNetStartup

 

O4 - HKLM\..\Run: [sENTRY] C:\WINDOWS\SENTRY.exe

 

O4 - HKLM\..\Run: [image] rundll32 C:\WINDOWS\IMAGE.NEW,Install

 

O4 - HKCU\..\Run: [msbb] C:\PROGRAM FILES\N-CASE\MSBB.EXE

 

O4 - HKCU\..\Run: [Rhss] C:\WINDOWS\Application Data\oabu.exe

 

O4 - HKCU\..\RunServices: [image] rundll32 C:\WINDOWS\IMAGE.NEW,Install

O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

O4 - Startup: PowerReg SchedulerV2.exe

 

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

 

O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://64.89.104.83/surferplugin.ocx

 

O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.201/quickdl/proclaim2/NSupd9x.cab

O16 - DPF: {765E6B09-6832-4738-BDBE-25F226BA2AB0} (Adult Links) - http://www.mainentrypoint.com/linkzz/QcBar.cab

O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/dn/Browser_Plugin.cab

 

Download and run CWShredder

Use the Fix button and follow the instructions provided by the program.

 

Then reboot into safe mode and delete:

C:\PROGRAM FILES\N-CASE <= entire folder

C:\Program Files\SVA Player <= entire folder

C:\WINDOWS\IMAGE.NEW

C:\WINDOWS\Application Data\oabu.exe

 

You can download updEnabler.exe on http://www.handybits.com/update_service.asp

It will allow you to disable the Teknum update service.

Your program will still require Update.exe to load at startup, but it won't want to access the net any more.

 

Regards,

 

Pieter

Share this post


Link to post
Share on other sites

Thanks for the speedy help. I did what you said, and was able to remove NewDotNet. When I started in safe mode however, I didn't have any of the programs you told me to erase on my computer. Is that alright? Thanks again.

Share this post


Link to post
Share on other sites

Hi, this is what my HijackThis log says now:

 

Logfile of HijackThis v1.97.7

Scan saved at 4:01:10 PM, on 16/05/2004

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\MSTASK.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\SYSTEM\ATIPTAXX.EXE

C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE

C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE

C:\WINDOWS\SYSTEM\INTERNAT.EXE

C:\WINDOWS\LOADQM.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE

C:\WINDOWS\SYSTEM\QTTASK.EXE

C:\PROGRAM FILES\COMMON FILES\KODAK\HYDRA_DR\DCFSSVC.EXE

C:\WINDOWS\SYSTEM\LEXBCES.EXE

C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE

C:\COREL\SUITE8\PROGRAMS\DAD8.EXE

C:\WINDOWS\SYSTEM\RPCSS.EXE

C:\WINDOWS\AU10TRAY.EXE

C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE

C:\WINDOWS\RUNDLL32.EXE

C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE

C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\LEXPPS.EXE

C:\WINDOWS\SYSTEM\DDHELP.EXE

C:\COREL\SUITE8\PROGRAMS\WPWIN8.EXE

C:\WINDOWS\SYSTEM\SPOOL32.EXE

C:\WINDOWS\FREECELL.EXE

C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O4 - HKLM\..\Run: [scanRegistry] c:\windows\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe

O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au10setp.exe 3

O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [internat.exe] internat.exe

O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHERBUG.EXE 1

O4 - HKLM\..\Run: [LoadQM] loadqm.exe

O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize

O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE

O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING

O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe

O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE

O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE

O4 - HKLM\..\Run: [LexStart] Lexstart.exe

O4 - HKLM\..\Run: [Dcfssvc] C:\PROGRA~1\COMMON~1\KODAK\HYDRA_DR\DCFSSVC.EXE --pdr: ""C:\Program Files\Common Files\KODAK\HYDRA_DR\dcmnter.pdr""

O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE"

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\RunServices: [schedulingAgent] mstask.exe

O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE

O4 - HKLM\..\RunServices: [scriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg

O4 - HKCU\..\Run: [RealJukeboxSystray] C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE

O4 - HKCU\..\Run: [update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\UPDATE.EXE /startup

O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background

O4 - Startup: Corel DAD 8 (gestionnaire des applications du bureau).LNK = C:\Corel\Suite8\Programs\DAD8.EXE

O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe

O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE

O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O9 - Extra button: Related (HKLM)

O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: @Home (HKCU)

O12 - Plugin for .hlq: C:\PROGRA~1\INTERN~1\PLUGINS\nphcd32.dll

O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll

O12 - Plugin for .wav: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {E98B87EE-3FCB-11D3-8A62-00C0F03C3792} (FTWL Class) - http://download1.firetalk.com/FireTalk/MFT...WebLauncher.cab

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installengine.com/engine/isetup.cab

O16 - DPF: Yahoo! Pyramids - http://download.yahoo.com/games/clients/y/pyr0_x.cab

O16 - DPF: Yahoo! Klondike Solitaire - http://download.yahoo.com/games/clients/y/ks5_x.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200112...meInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8123.3872685185

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0