Hi, I am new here and I have read some of the posts, but I never seen anything on what msiesh is. I have the same problem, when i start my internet, a differant start page pops up then my home page. It is some kind of search page. Oh and i just started getting pop-ups. Please help. mark
StartupList report, 6/9/04, 1:06:12 PM
StartupList version: 1.52
Started from : C:\WINDOWS\TEMP\HIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.50 SP1 (5.50.4522.1800)
* Using default options
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\CGXSNKL.EXE
C:\WINDOWS\SYSTEM\A.EXE
C:\WINDOWS\APPLICATION DATA\DOLL.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WNSCPSV.EXE
C:\PROGRAM FILES\CLOCKSYNC\SYNC.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Welcome = C:\WINDOWS\Welcome.exe /R
ScanRegistry = C:\WINDOWS\scanregw.exe /autorun
TaskMonitor = C:\WINDOWS\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
mdac_runonce = C:\WINDOWS\SYSTEM\runonce.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
MyWebSearch Email Plugin = C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
QuickTime Task = "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
Image = rundll32 C:\WINDOWS\JAVAGD.DLL,Install
hxnqjhkzwk = C:\WINDOWS\SYSTEM\cgxsnkl.exe
ALCHEM = C:\WINDOWS\ALCHEM.exe
systray = C:\WINDOWS\SYSTEM\A.EXE
qpotyb = C:\WINDOWS\qpotyb.exe
ijsf = C:\WINDOWS\ijsf.exe
xpsystem = C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
ccEvtMgr = "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
ScriptBlocking = "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
MyWebSearch Email Plugin = C:\PROGRA~1\MYWEBS~1\BAR\1.BIN\MWSOEMON.EXE
Anwm = C:\WINDOWS\Application Data\doll.exe
WNSI = C:\WINDOWS\SYSTEM\wnscpsv.exe
ClockSync = C:\PROGRA~1\CLOCKS~1\Sync.exe
xpsystem = C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
Image = rundll32 C:\WINDOWS\JAVAGD.DLL,Install
--------------------------------------------------
File association entry for .SCR:
HKEY_CLASSES_ROOT\AutoCADScriptFile\shell\open\command
(Default) = C:\WINDOWS\NOTEPAD.EXE "%1"
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=
run=C:\WINDOWS\SYSTEM\SERVICES\MSXMIDI.EXE
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=mmsystem.dll power.drv
--------------------------------------------------
C:\WINDOWS\WININIT.INI listing:
(Created 9/6/2004, 13:4:40)
[Rename]
NUL=C:\WINDOWS\TEMP\DRP4173.TMP\THNALL1T.EXE
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 9/6/2004, 11:41:54)
[Rename]
NUL=C:\WINDOWS\TEMP\BDL14025.EXE
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
path c:\tablet;c:\summasoft;C:\ANVIL
SET PATH=%PATH%;C:\PROGRA~1\COMMON~1\AUTODE~1
--------------------------------------------------
Enumerating Browser Helper Objects:
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
mwsBar BHO - C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL (file missing) - {07B18EA1-A523-4961-B6BB-170DE4475CCA}
MyWebSearch Search Assistant BHO - C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL (file missing) - {00A6FAF1-072E-44cf-8957-5838F569A31D}
(no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
OsbornTech Popup Blocker - C:\WINDOWS\SYSTEM\MSHELPER.DLL (file missing) - {FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880}
ShowSearch module - C:\WINDOWS\APPLICATION DATA\IEKI\IPTK32.DLL - {E2DDF680-9905-4dee-8C64-0A5DE7FE133C}
(no name) - (no file) - {5321E378-FFAD-4999-8C62-03CA8155F0B3}
(no name) - C:\WINDOWS\MSOPT.DLL (file missing) - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing) - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\WINDOWS\MXTARGET.DLL - {0000607D-D204-42C7-8E46-216055BF9918}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Tune-up Application Start.job
Symantec NetDetect.job
Norton AntiVirus - Scan my computer.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
[{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}]
CODEBASE = http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38145.2723032407
[QuickTime Object]
InProcServer32 = C:\WINDOWS\SYSTEM\QTPLUGIN.OCX
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab
[Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ISTACTIVEX.DLL
CODEBASE = http://www.xxxtoolbar.com/ist/softwares/v4.0/0006_regular.cab
[MediaTicketsInstaller Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\MEDIAT~1.OCX
CODEBASE = http://www.mt-download.com/MediaTicketsInstaller.cab
--------------------------------------------------
Enumerating ShellServiceObjectDelayLoad items:
WebCheck: C:\WINDOWS\SYSTEM\WEBCHECK.DLL
DDE Control Module: *Registry key not found*
--------------------------------------------------
End of report, 8,030 bytes
Report generated in 0.201 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
