Jump to content


Photo

Please help rid my computer of msiesh


  • This topic is locked This topic is locked
5 replies to this topic

#1 gemstar

gemstar

    Member

  • New Member
  • Pip
  • 3 posts

Posted 16 May 2004 - 08:52 AM

Hello, I am trying to remove msiesh from my computer. I have run a HijackThis log and got this back:

Logfile of HijackThis v1.97.7
Scan saved at 9:58:11 AM, on 16/05/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\COMMON FILES\KODAK\HYDRA_DR\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\AU10TRAY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\BACKWEB-7288971.EXE
C:\COREL\SUITE8\PROGRAMS\DAD8.EXE
C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\FREECELL.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.audioseek.net/iesearch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} -   ŚC:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -   ŚC:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
O2 - BHO: (no name) - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} -   ŚC:\WINDOWS\SYSTEM\AHIEHELP.DLL (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -   Śc:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Adult Links - {765E6B09-6832-4738-BDBE-25F226BA2AB0} -   ŚC:\WINDOWS\SYSTEM\QCBAR.DLL (file missing)
O2 - BHO: (no name) - {21055000-59E8-11D7-B64E-0010B50E3D56} -   ŚC:\WINDOWS\SYSTEM\MO030414S.DLL (file missing)
O2 - BHO: (no name) - {1BB70961-80E7-11D7-B64E-0010B50E3D56} -   ŚC:\WINDOWS\SYSTEM\BWCLREEX.DLL (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} -   ŚC:\WINDOWS\TWAINTEC.DLL (file missing)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000001} - C:\WINDOWS\SYSTEM\SAFESEARCH.DLL (file missing)
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\IEXH\IEXH32.DLL
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\MSNT\MSIESH.DLL
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\IEXH\MSSEARCH.DLL
O3 - Toolbar: Comet Cursor Companion - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\WINDOWS\SYSTEM\COMET\BIN\CSIETB.DLL (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adult Links - {765E6B09-6832-4738-BDBE-25F226BA2AB0} -   ŚC:\WINDOWS\SYSTEM\QCBAR.DLL (file missing)
O3 - Toolbar: PrimeSoft - {00000000-0000-0000-0000-000000000001} - C:\WINDOWS\SYSTEM\SAFESEARCH.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au10setp.exe 3
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE
O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHERBUG.EXE 1
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\WINDOWS\NEWDOT~2.DLL,NewDotNetStartup
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [Dcfssvc] C:\PROGRA~1\COMMON~1\KODAK\HYDRA_DR\DCFSSVC.EXE --pdr: ""C:\Program Files\Common Files\KODAK\HYDRA_DR\dcmnter.pdr""
O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE"
O4 - HKLM\..\Run: [SENTRY] C:\WINDOWS\SENTRY.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\IMAGE.NEW,Install
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [RealJukeboxSystray] C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE
O4 - HKCU\..\Run: [msbb] C:\PROGRAM FILES\N-CASE\MSBB.EXE
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\UPDATE.EXE /startup
O4 - HKCU\..\Run: [Rhss] C:\WINDOWS\Application Data\oabu.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\IMAGE.NEW,Install
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Startup: PowerReg SchedulerV2.exe
O4 - Startup: Corel DAD 8 (gestionnaire des applications du bureau).LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: @Home (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .hlq: C:\PROGRA~1\INTERN~1\PLUGINS\nphcd32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.excite.ca/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E98B87EE-3FCB-11D3-8A62-00C0F03C3792} (FTWL Class) - http://download1.fir...WebLauncher.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: Yahoo! Pyramids - http://download.yaho...ts/y/pyr0_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://download.yaho...nts/y/ks5_x.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://64.89.104.83/surferplugin.ocx
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.20...im2/NSupd9x.cab
O16 - DPF: {765E6B09-6832-4738-BDBE-25F226BA2AB0} (Adult Links) - http://www.mainentry...inkzz/QcBar.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess....wser_Plugin.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab

Thank you for any help you can give me.

#2 Metallica

Metallica

    Forum Deity

  • Expert
  • PipPipPipPipPip
  • 849 posts

Posted 16 May 2004 - 09:26 AM

Hi gemstar,

Go to Add/Remove Software and see if you can remove NewDotNet aka New.Net (Domains) there, either way continue with the following.

Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.audioseek.net/iesearch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://mshp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://mshp.dll/index.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://mshp.dll/sp.html#37049

O2 - BHO: (no name) - {1E6F1D6A-1F20-11D4-8859-00A0CCE26836} - ŚC:\PROGRAM FILES\SVA PLAYER\SVAPLAYER.DLL (file missing)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - ŚC:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX (file missing)
O2 - BHO: (no name) - {FFCBEECE-FB0C-11D2-AB16-00104B9BBBD2} - ŚC:\WINDOWS\SYSTEM\AHIEHELP.DLL (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - Śc:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: Adult Links - {765E6B09-6832-4738-BDBE-25F226BA2AB0} - ŚC:\WINDOWS\SYSTEM\QCBAR.DLL (file missing)
O2 - BHO: (no name) - {21055000-59E8-11D7-B64E-0010B50E3D56} - ŚC:\WINDOWS\SYSTEM\MO030414S.DLL (file missing)
O2 - BHO: (no name) - {1BB70961-80E7-11D7-B64E-0010B50E3D56} - ŚC:\WINDOWS\SYSTEM\BWCLREEX.DLL (file missing)
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - ŚC:\WINDOWS\TWAINTEC.DLL (file missing)
O2 - BHO: (no name) - {00000000-0000-0000-0000-000000000001} - C:\WINDOWS\SYSTEM\SAFESEARCH.DLL (file missing)
O2 - BHO: . - {587DBF2D-9145-4c9e-92C2-1F953DA73773} - C:\WINDOWS\IEXH\IEXH32.DLL
O2 - BHO: (no name) - {FD9BC004-8331-4457-B830-4759FF704C22} - C:\WINDOWS\MSNT\MSIESH.DLL
O2 - BHO: ShowSearch module - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C} - C:\WINDOWS\IEXH\MSSEARCH.DLL
O3 - Toolbar: Comet Cursor Companion - {FE6BC4EF-5676-484B-88AE-883323913256} - C:\WINDOWS\SYSTEM\COMET\BIN\CSIETB.DLL (file missing)

O3 - Toolbar: Adult Links - {765E6B09-6832-4738-BDBE-25F226BA2AB0} - ŚC:\WINDOWS\SYSTEM\QCBAR.DLL (file missing)
O3 - Toolbar: PrimeSoft - {00000000-0000-0000-0000-000000000001} - C:\WINDOWS\SYSTEM\SAFESEARCH.DLL (file missing)

O4 - HKLM\..\Run: [SVAPlayer] C:\Program Files\SVA Player\SVAPLAYER.EXE

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\WINDOWS\NEWDOT~2.DLL,NewDotNetStartup

O4 - HKLM\..\Run: [SENTRY] C:\WINDOWS\SENTRY.exe

O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\IMAGE.NEW,Install

O4 - HKCU\..\Run: [msbb] C:\PROGRAM FILES\N-CASE\MSBB.EXE

O4 - HKCU\..\Run: [Rhss] C:\WINDOWS\Application Data\oabu.exe

O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\IMAGE.NEW,Install
O4 - Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Startup: PowerReg SchedulerV2.exe

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://64.89.104.83/surferplugin.ocx

O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://204.177.92.20...im2/NSupd9x.cab
O16 - DPF: {765E6B09-6832-4738-BDBE-25F226BA2AB0} (Adult Links) - http://www.mainentry...inkzz/QcBar.cab
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess....wser_Plugin.cab

Download and run CWShredder
Use the Fix button and follow the instructions provided by the program.

Then reboot into safe mode and delete:
C:\PROGRAM FILES\N-CASE <= entire folder
C:\Program Files\SVA Player <= entire folder
C:\WINDOWS\IMAGE.NEW
C:\WINDOWS\Application Data\oabu.exe

You can download updEnabler.exe on http://www.handybits...ate_service.asp
It will allow you to disable the Teknum update service.
Your program will still require Update.exe to load at startup, but it won't want to access the net any more.

Regards,

Pieter

MVP Windows Security 2003-2015 mvp2.gif

Remove and prevent spyware


#3 gemstar

gemstar

    Member

  • New Member
  • Pip
  • 3 posts

Posted 16 May 2004 - 10:00 AM

Thanks for the speedy help. I did what you said, and was able to remove NewDotNet. When I started in safe mode however, I didn't have any of the programs you told me to erase on my computer. Is that alright? Thanks again.

#4 Metallica

Metallica

    Forum Deity

  • Expert
  • PipPipPipPipPip
  • 849 posts

Posted 16 May 2004 - 02:47 PM

Post a new HijackThis log please, so we can see if all the cr@p was at least disabled.

Regards,

Pieter

MVP Windows Security 2003-2015 mvp2.gif

Remove and prevent spyware


#5 gemstar

gemstar

    Member

  • New Member
  • Pip
  • 3 posts

Posted 16 May 2004 - 02:55 PM

Hi, this is what my HijackThis log says now:

Logfile of HijackThis v1.97.7
Scan saved at 4:01:10 PM, on 16/05/2004
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\COMMON FILES\KODAK\HYDRA_DR\DCFSSVC.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\COREL\SUITE8\PROGRAMS\DAD8.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\AU10TRAY.EXE
C:\PROGRAM FILES\KODAK\KODAK PICTURE TRANSFER SOFTWARE\PTS.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\COREL\SUITE8\PROGRAMS\WPWIN8.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\FREECELL.EXE
C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by @Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://proxy:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:8080
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [VortexTray] C:\WINDOWS\au10setp.exe 3
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\realplay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [Tray Temperature] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHERBUG.EXE 1
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Program Files\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Program Files\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [Dcfssvc] C:\PROGRA~1\COMMON~1\KODAK\HYDRA_DR\DCFSSVC.EXE --pdr: ""C:\Program Files\Common Files\KODAK\HYDRA_DR\dcmnter.pdr""
O4 - HKLM\..\Run: [ConMgr.exe] "C:\PROGRAM FILES\EARTHLINK 5.0\CONMGR.EXE"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMANTEC\LIVEUP~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [RealJukeboxSystray] C:\PROGRAM FILES\REAL\REALJUKEBOX\TSYSTRAY.EXE
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\COMMON~1\TEKNUM~1\UPDATE.EXE /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Corel DAD 8 (gestionnaire des applications du bureau).LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Startup: KODAK Picture Transfer Software.lnk = C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: @Home (HKCU)
O12 - Plugin for .hlq: C:\PROGRA~1\INTERN~1\PLUGINS\nphcd32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .wav: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npaudio.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E98B87EE-3FCB-11D3-8A62-00C0F03C3792} (FTWL Class) - http://download1.fir...WebLauncher.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://www.installen...gine/isetup.cab
O16 - DPF: Yahoo! Pyramids - http://download.yaho...ts/y/pyr0_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://download.yaho...nts/y/ks5_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v5.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8123.3872685185

#6 Metallica

Metallica

    Forum Deity

  • Expert
  • PipPipPipPipPip
  • 849 posts

Posted 21 May 2004 - 08:22 AM

Sorry it took me so long, but just to confirm that that is a clean log.

Regards,

Pieter

MVP Windows Security 2003-2015 mvp2.gif

Remove and prevent spyware





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button