Weird Behavior

T

Tom Kosel

I have a Windows ME machine (sorry) running IE6. When the
machine boots, after a short time I get a
message "Explorer has caused an error in ~856881792.tmp
Explorer will now close" with an OK button. If I click
the OK button, the machine locks. When error is
displayed, I can navigate the computer, but task manager
is unavailable. I can ping the outside world and navigate
may LAN but am unable to access the internet with IE6 or
any other internet applications. I have run HIJACKTHIS
and the log is reproduced below. Can anyone help?

Logfile of HijackThis v1.97.7
Scan saved at 9:35:01 AM, on 7/15/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON
FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT
SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
C:\PROGRAM FILES\TIMESINK\ADGATEWAY\TSADBOT.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHSURVEY.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT
UPDATER\RULAUNCH.EXE
C:\WINDOWS\DESKTOP\TOMS STUF\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0
\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-
6889D1E74167} - C:\WINDOWS\HOST.DLL
O2 - BHO: (no name) - {4115122B-85FF-4DD3-9515-
F075BEDE5EB5} - C:\PROGRAM
FILES\SURFXCCELERATOR\PBHELPER.DLL
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-
82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL
(file missing)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DFF7-
EC6BF4D5FA7D} - C:\WINDOWS\GSIM.DLL
O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-
00e02913a9e0} - C:\PROGRAM
FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-
072E-44cf-8957-5838F569A31D} - C:\PROGRAM
FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-
76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-
D89CA8C249B8} - C:\PROGRAM FILES\DASHBAR\DASHBAR15.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-
E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth]
C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [Speed racer] C:\Program
Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [MMTray] C:\Program
Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON
FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [PrecisionTime] C:\PROGRA~1
\PrecisionTime\PrecisionTime.exe
O4 - HKLM\..\Run: [Date Manager] "C:\PROGRA~1\Date
Manager\DateManager.exe"
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program
Files\TimeSink\AdGateway\TSADBOT.EXE"
O4 - HKLM\..\Run: [QuickTime
Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ScanRegistry]
C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program
Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program
Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [SUSP] C:\WINDOWS\SUSP.exe
O4 - HKLM\..\Run: [wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program
Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program
Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [devldr16.exe]
C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV]
C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1
\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON
FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr]
C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService]
C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1
\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!
\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program
Files\Logitech\WingMan
Software\lwtest.exe" /detect /quiet /launch "C:\Program
Files\Logitech\WingMan Software\lwemon.exe /noui"
O4 - HKCU\..\Run:
[McAfee.InstantUpdate.Monitor] "C:\PROGRAM
FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT
UPDATER\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1
\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1
\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2}
(GigexCtrl ActiveX) -
http://www.gigex.com/tv/igor/gigexagent.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl
Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE}
(TDServer Control) -
http://www.bitstream.com/wfplayer/tdserver.cab
O16 - DPF: {9BB641DB-045B-42B4-BAE2-CBAAD66B0CC4}
(Spotlife Composer) -
http://yahoo.spotlife.net/install/composer/1.5.0.223/SLCmps
er.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
(ExentInf Class) -
http://us.games2.yimg.com/download.games.yahoo.com/games/pl
ay/client/exentctl_0_0_0_0.ocx
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE}
(Microsoft Office Tools on the Web Control) -
http://officeupdate.microsoft.com/TemplateGallery/downloads
/outc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/
sw.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68}
(InstallShield International Setup Player) -
http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
B?38138.3484606482
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei/Popu
larScreenSaversInitialSetup1.0.0.8.cab
 
L

Lust Detector

I suspect "R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=127.0.0.1:6711". That defines a proxy server for
IE to be on your own computer at port 6711. There might be reason for that,
but that's very suspicious setting.

Do you really like to use http://websearch.drsnsrch.com for your searches?

Also "O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-6889D1E74167} -
C:\WINDOWS\HOST.DLL"
and "O2 - BHO: (no name) - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} -
C:\PROGRAM FILES\SURFXCCELERATOR\PBHELPER.DLL"
What is that "O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} -
C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL (file missing)" ?
Or this "O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DFF7-EC6BF4D5FA7D} -
C:\WINDOWS\GSIM.DLL"?
Or "O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} -
C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL"
This isn't good "O3 - Toolbar: DashBar Toolbar -
{CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - C:\PROGRAM
FILES\DASHBAR\DASHBAR15.DLL".
or this "O2 - BHO: MyWebSearch Search Assistant BHO -
{00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\PROGRAM
FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL"

You seem to have lot of bad things. Try Spybot search & destroy. After that
repost your hijack this log.


Tom Kosel said:
I have a Windows ME machine (sorry) running IE6. When the
machine boots, after a short time I get a
message "Explorer has caused an error in ~856881792.tmp
Explorer will now close" with an OK button. If I click
the OK button, the machine locks. When error is
displayed, I can navigate the computer, but task manager
is unavailable. I can ping the outside world and navigate
may LAN but am unable to access the internet with IE6 or
any other internet applications. I have run HIJACKTHIS
and the log is reproduced below. Can anyone help?

Logfile of HijackThis v1.97.7
Scan saved at 9:35:01 AM, on 7/15/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON
FILES\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
C:\PROGRAM FILES\COMMON FILES\MICROSOFT
SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVSYNMGR.EXE
C:\WINDOWS\SYSTEM\DEVLDR16.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\COMMON FILES\CMEII\CMESYS.EXE
C:\PROGRAM FILES\PRECISIONTIME\PRECISIONTIME.EXE
C:\PROGRAM FILES\TIMESINK\ADGATEWAY\TSADBOT.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\EVNTSVC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\PROGRAM FILES\MCAFEE\MCAFEE VIRUSSCAN\ALOGSERV.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\COMMON FILES\GMT\GMT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\MULTIMEDIA KEYBOARD\TRAYMON.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAM FILES\WEBHANCER\PROGRAMS\WHSURVEY.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT
UPDATER\RULAUNCH.EXE
C:\WINDOWS\DESKTOP\TOMS STUF\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search
Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search
Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,CustomizeSearch =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet
Explorer\Search,SearchAssistant =
http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,
(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0
\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {00000273-8230-4DD4-BE4F-
6889D1E74167} - C:\WINDOWS\HOST.DLL
O2 - BHO: (no name) - {4115122B-85FF-4DD3-9515-
F075BEDE5EB5} - C:\PROGRAM
FILES\SURFXCCELERATOR\PBHELPER.DLL
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-
82F2F98635CB} - C:\PROGRAM FILES\KONTIKI\BIN\BH309190.DLL
(file missing)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-DFF7-
EC6BF4D5FA7D} - C:\WINDOWS\GSIM.DLL
O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-
00e02913a9e0} - C:\PROGRAM
FILES\WEBHANCER\PROGRAMS\WHIEHLPR.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-
072E-44cf-8957-5838F569A31D} - C:\PROGRAM
FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-
76E68DC4AB2E} - C:\WINDOWS\SYSTB.DLL
O3 - Toolbar: DashBar Toolbar - {CC90CDA0-74A0-45b4-80EF-
D89CA8C249B8} - C:\PROGRAM FILES\DASHBAR\DASHBAR15.DLL
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-
E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth]
C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [Speed racer] C:\Program
Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program
Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [MMTray] C:\Program
Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CMESys] "C:\PROGRAM FILES\COMMON
FILES\CMEII\CMESYS.EXE"
O4 - HKLM\..\Run: [PrecisionTime] C:\PROGRA~1
\PrecisionTime\PrecisionTime.exe
O4 - HKLM\..\Run: [Date Manager] "C:\PROGRA~1\Date
Manager\DateManager.exe"
O4 - HKLM\..\Run: [TimeSink Ad Client] "C:\Program
Files\TimeSink\AdGateway\TSADBOT.EXE"
O4 - HKLM\..\Run: [QuickTime
Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common
Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [ScanRegistry]
C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program
Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [Alogserv] C:\Program
Files\McAfee\McAfee VirusScan\alogserv.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [SUSP] C:\WINDOWS\SUSP.exe
O4 - HKLM\..\Run: [wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [webHancer Agent] "C:\Program
Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program
Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [devldr16.exe]
C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV]
C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1
\SYSTEM\MOSEARCH\BIN\MOSEARCH.EXE
O4 - HKLM\..\RunServices: [MDM7] "C:\PROGRAM FILES\COMMON
FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE"
O4 - HKLM\..\RunServices: [ATIPOLAB] ati2evxx.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [*StateMgr]
C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [McAfeeVirusScanService]
C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL
deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MSMSGS] "C:\PROGRA~1\MESSEN~1
\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!
\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program
Files\Logitech\WingMan
Software\lwtest.exe" /detect /quiet /launch "C:\Program
Files\Logitech\WingMan Software\lwemon.exe /noui"
O4 - HKCU\..\Run:
[McAfee.InstantUpdate.Monitor] "C:\PROGRAM
FILES\MCAFEE\MCAFEE SHARED COMPONENTS\INSTANT
UPDATER\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\SYSTEM\msmc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! Search -
file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! Dictionary -
file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1
\Plugins\NPDocBox.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1
\PLUGINS\nppdf32.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
(Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swf
lash.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
(QuickTime Object) -
http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6D5FCFCB-FA6C-4CFB-9918-5F0A9F7365F2}
(GigexCtrl ActiveX) -
http://www.gigex.com/tv/igor/gigexagent.dll
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl
Class) - https://www.gamespyid.com/alaunch.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE}
(TDServer Control) -
http://www.bitstream.com/wfplayer/tdserver.cab
O16 - DPF: {9BB641DB-045B-42B4-BAE2-CBAAD66B0CC4}
(Spotlife Composer) -
http://yahoo.spotlife.net/install/composer/1.5.0.223/SLCmps
er.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
(ExentInf Class) -
http://us.games2.yimg.com/download.games.yahoo.com/games/pl
ay/client/exentctl_0_0_0_0.ocx
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE}
(Microsoft Office Tools on the Web Control) -
http://officeupdate.microsoft.com/TemplateGallery/downloads
/outc.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN
Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}
(YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
(Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/
sw.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68}
(InstallShield International Setup Player) -
http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update
Class) -
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CA
B?38138.3484606482
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei/Popu
larScreenSaversInitialSetup1.0.0.8.cab
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

IE searches re directed to Morwill 1
PLS HELP...(about: blank) 1
DNS but no page access / email access 2
elite***32.exe [*** = random char] and EliteToolBar - please help remove 2
Help with highjack please 5
IE NOT RESPONDING 1
IE6 slow and hangs when launched 4
IE 6 becomes unstable, eventually locking up computer 1

Top