Logfile of HijackThis v1.99.1 Scan saved at 3:17:40 PM, on 2/22/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.00 (5.00.2614.3500) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\CMD32.EXE C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE C:\WINDOWS\X~V\URL_MON32.EXE C:\WINDOWS\APPLICATION DATA\SORW.EXE C:\WINDOWS\SYSTEM\MMA.EXE C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\DISTILLR\ACROTRAY.EXE C:\WINDOWS\SYSTEM\PSTORES.EXE C:\MY DOCUMENTS\DESKTOP\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://c:\windows\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://c:\windows\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://c:\windows\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\ACROBAT\ACTIVEX\ACROIEHELPER.OCX O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\SYSTEM\DSMANA~1.DLL O2 - BHO: (no name) - {CF676E70-8590-F436-B56D-F97AE5B050C3} - C:\WINDOWS\SYSTEM\FZQKMUH.DLL O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\CERBMOD.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {09FEA921-84E2-11D9-A66B-00108DB8A659} - C:\WINDOWS\SYSTEM\EINEBAA.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\SYSTEM\cmd32.exe internat.dll,LoadKeyboardProfile O4 - HKLM\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe O4 - HKLM\..\Run: [vptray] c:\Program Files\Norton AntiVirus\vptray.exe O4 - HKLM\..\RunServices: [ntddetect] WS\SYSTEM\ntddetect.exe O4 - HKLM\..\RunServices: [rtvscn95] c:\Program Files\Norton AntiVirus\rtvscn95.exe O4 - HKLM\..\RunServices: [defwatch] c:\Program Files\Norton AntiVirus\defwatch.exe O4 - HKCU\..\Run: [ntddetect] WS\SYSTEM\ntddetect.exe O4 - Startup: BTRBOX95.EXE O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O15 - Trusted Zone: *.windupdates.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.searchbarcash.com O15 - Trusted Zone: *.skoobidoo.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.ysbweb.com O15 - Trusted Zone: *.slotchbar.com O15 - Trusted Zone: *.mt-download.com (HKLM) O15 - Trusted Zone: *.windupdates.com (HKLM) O15 - Trusted Zone: *.searchbarcash.com (HKLM) O15 - Trusted Zone: *.searchmiracle.com (HKLM) O15 - Trusted Zone: *.skoobidoo.com (HKLM) O15 - Trusted Zone: *.my-internet.info (HKLM) O15 - Trusted Zone: *.xxxtoolbar.com (HKLM) O15 - Trusted Zone: *.slotch.com (HKLM) O15 - Trusted Zone: *.flingstone.com (HKLM) O15 - Trusted Zone: *.blazefind.com (HKLM) O15 - Trusted Zone: *.clickspring.net (HKLM) O15 - Trusted Zone: *.ysbweb.com (HKLM) O15 - Trusted Zone: *.slotchbar.com (HKLM) O15 - Trusted IP range: 67.19.185.246 O15 - Trusted IP range: 67.19.185.246 (HKLM) O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = penn-gate O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.1.6,192.168.20.3 O18 - Filter: text/html - {09FEA920-84E2-11D9-A66B-0010E2F403C2} - C:\WINDOWS\SYSTEM\EINEBAA.DLL O18 - Filter: text/plain - {09FEA920-84E2-11D9-A66B-0010E2F403C2} - C:\WINDOWS\SYSTEM\EINEBAA.DLL O21 - SSODL: eplrr - {ACA143C0-84E4-11D9-A66B-0010B5E784A8} - C:\WINDOWS\SYSTEM\DllName (file missing)