Logfile of HijackThis v1.99.1
Scan saved at 2:05:50 PM, on 5/13/02
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\DMI\WIN32\BIN\WIN32SL.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\ADVTOOLS\NPROTECT.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\DMI\WIN32\BIN\CLIIP32.EXE
C:\DMI\WIN32\BIN\DMIWDOG.EXE
C:\DMI\WIN32\BIN\HPCOMPC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\DMI\WIN32\BIN\HPALERT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MOUSEWAREPRO\MWPROENG.EXE
C:\WINDOWS\SYSTEM\HPMMKBD.EXE
C:\DMI\WIN32\BIN\HPTRAYICON.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\TPPALDR.EXE
C:\WINDOWS\SYSTEM\IPCT32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOHMR08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOEVM08.EXE
C:\WINDOWS\SYSTEM\HPZIPM12.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOSTS08.EXE
C:\WINDOWS\SYSTEM\MFCNP32.EXE
C:\WINDOWS\SYSTEM\MFCNP32.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\ccetf.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\ccetf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\ccetf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\ccetf.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\ccetf.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\ccetf.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\ccetf.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {40D52E4D-88EF-4038-EB92-B7CC25BCF511} - C:\WINDOWS\SYSTEM\APIVY.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [MWProEng] C:\PROGRAM FILES\MOUSEWAREPRO\MWProEng.exe
O4 - HKLM\..\Run: [HpMmKbd] HpMmKbd.exe
O4 - HKLM\..\Run: [HP Tray Icon] C:\DMI\Win32\Bin\HPTrayIcon.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] c:\PROGRA~1\NORTON~1\ADVTOOLS\ADVCHK.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\TPPALDR.EXE
O4 - HKLM\..\Run: [IPCT32.EXE] C:\WINDOWS\SYSTEM\IPCT32.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [HPLAUNCH] C:\DMI\Win32\Bin\HPLaunch.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [NPROTECT] C:\PROGRA~1\NORTON~1\ADVTOOLS\NPROTECT.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [APPRX.EXE] C:\WINDOWS\APPRX.EXE /s
O4 - HKLM\..\RunServices: [APPFM.EXE] C:\WINDOWS\APPFM.EXE /s
O4 - HKLM\..\RunServices: [MFCNP32.EXE] C:\WINDOWS\SYSTEM\MFCNP32.EXE /s
O4 - HKLM\..\RunServices: [ATLWW.EXE] C:\WINDOWS\ATLWW.EXE /s
O4 - HKLM\..\RunServices: [IPNL.EXE] C:\WINDOWS\IPNL.EXE /s
O4 - HKLM\..\RunServices: [NETGV.EXE] C:\WINDOWS\SYSTEM\NETGV.EXE /s
O4 - HKLM\..\RunServices: [NTCN.EXE] C:\WINDOWS\NTCN.EXE /s
O4 - HKLM\..\RunServices: [SYSOA.EXE] C:\WINDOWS\SYSOA.EXE /s
O4 - HKLM\..\RunServices: [MFCVE32.EXE] C:\WINDOWS\SYSTEM\MFCVE32.EXE /s
O4 - HKLM\..\RunServices: [SYSGV32.EXE] C:\WINDOWS\SYSGV32.EXE /s
O4 - HKLM\..\RunServices: [MFCZR.EXE] C:\WINDOWS\SYSTEM\MFCZR.EXE /s
O4 - HKLM\..\RunServices: [NETQT32.EXE] C:\WINDOWS\SYSTEM\NETQT32.EXE /s
O4 - HKLM\..\RunServices: [IPYZ32.EXE] C:\WINDOWS\IPYZ32.EXE /s
O4 - HKLM\..\RunServices: [ADDXZ32.EXE] C:\WINDOWS\ADDXZ32.EXE /s
O4 - HKLM\..\RunServices: [ADDUS.EXE] C:\WINDOWS\ADDUS.EXE /s
O4 - HKLM\..\RunServices: [NTNS32.EXE] C:\WINDOWS\NTNS32.EXE /s
O4 - HKLM\..\RunServices: [NTHN.EXE] C:\WINDOWS\SYSTEM\NTHN.EXE /s
O4 - HKLM\..\RunServices: [MSQZ32.EXE] C:\WINDOWS\MSQZ32.EXE /s
O4 - HKLM\..\RunServices: [APIZD32.EXE] C:\WINDOWS\SYSTEM\APIZD32.EXE /s
O4 - HKLM\..\RunServices: [CRGO.EXE] C:\WINDOWS\SYSTEM\CRGO.EXE /s
O4 - HKLM\..\RunServices: [SYSAL32.EXE] C:\WINDOWS\SYSTEM\SYSAL32.EXE /s
O4 - HKLM\..\RunServices: [ATLEP.EXE] C:\WINDOWS\SYSTEM\ATLEP.EXE /s
O4 - HKLM\..\RunServices: [APIZI.EXE] C:\WINDOWS\APIZI.EXE /s
O4 - HKLM\..\RunServices: [APPJQ32.EXE] C:\WINDOWS\APPJQ32.EXE /s
O4 - HKLM\..\RunServices: [CRWF32.EXE] C:\WINDOWS\SYSTEM\CRWF32.EXE /s
O4 - HKLM\..\RunServices: [MSSI.EXE] C:\WINDOWS\SYSTEM\MSSI.EXE /s
O4 - HKLM\..\RunServices: [MSOP.EXE] C:\WINDOWS\MSOP.EXE /s
O4 - HKLM\..\RunServices: [APPTP.EXE] C:\WINDOWS\SYSTEM\APPTP.EXE /s
O4 - HKLM\..\RunServices: [CRFI.EXE] C:\WINDOWS\SYSTEM\CRFI.EXE /s
O4 - HKLM\..\RunServices: [ATLUE.EXE] C:\WINDOWS\ATLUE.EXE /s
O4 - HKLM\..\RunServices: [APPQT.EXE] C:\WINDOWS\SYSTEM\APPQT.EXE /s
O4 - HKLM\..\RunServices: [IPWJ32.EXE] C:\WINDOWS\SYSTEM\IPWJ32.EXE /s
O4 - HKLM\..\RunServices: [SYSWP.EXE] C:\WINDOWS\SYSWP.EXE /s
O4 - HKLM\..\RunServices: [WINBI32.EXE] C:\WINDOWS\WINBI32.EXE /s
O4 - HKLM\..\RunServices: [MFCRB.EXE] C:\WINDOWS\MFCRB.EXE /s
O4 - HKLM\..\RunServices: [NETPY32.EXE] C:\WINDOWS\NETPY32.EXE /s
O4 - HKLM\..\RunServices: [NETQJ.EXE] C:\WINDOWS\SYSTEM\NETQJ.EXE /s
O4 - HKLM\..\RunServices: [APIOA.EXE] C:\WINDOWS\APIOA.EXE /s
O4 - HKLM\..\RunServices: [APPGN32.EXE] C:\WINDOWS\APPGN32.EXE /s
O4 - HKLM\..\RunServices: [IPTD32.EXE] C:\WINDOWS\SYSTEM\IPTD32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZG32.EXE] C:\WINDOWS\SYSTEM\JAVAZG32.EXE /s
O4 - HKLM\..\RunServices: [SYSYH.EXE] C:\WINDOWS\SYSTEM\SYSYH.EXE /s
O4 - HKLM\..\RunServices: [ADDCA.EXE] C:\WINDOWS\SYSTEM\ADDCA.EXE /s
O4 - HKLM\..\RunServices: [NETQW32.EXE] C:\WINDOWS\SYSTEM\NETQW32.EXE /s
O4 - HKLM\..\RunServices: [IESZ32.EXE] C:\WINDOWS\IESZ32.EXE /s
O4 - HKLM\..\RunServices: [D3MA32.EXE] C:\WINDOWS\SYSTEM\D3MA32.EXE /s
O4 - HKLM\..\RunServices: [NTTL.EXE] C:\WINDOWS\SYSTEM\NTTL.EXE /s
O4 - HKLM\..\RunServices: [ATLBV32.EXE] C:\WINDOWS\SYSTEM\ATLBV32.EXE /s
O4 - HKLM\..\RunServices: [NETBF32.EXE] C:\WINDOWS\SYSTEM\NETBF32.EXE /s
O4 - HKLM\..\RunServices: [D3SY32.EXE] C:\WINDOWS\SYSTEM\D3SY32.EXE /s
O4 - HKLM\..\RunServices: [NETVT.EXE] C:\WINDOWS\NETVT.EXE /s
O4 - HKLM\..\RunServices: [IPDR.EXE] C:\WINDOWS\SYSTEM\IPDR.EXE /s
O4 - HKLM\..\RunServices: [IEVZ32.EXE] C:\WINDOWS\SYSTEM\IEVZ32.EXE /s
O4 - HKLM\..\RunServices: [NTWI.EXE] C:\WINDOWS\NTWI.EXE /s
O4 - HKLM\..\RunServices: [WINIF32.EXE] C:\WINDOWS\SYSTEM\WINIF32.EXE /s
O4 - HKLM\..\RunServices: [IPBF.EXE] C:\WINDOWS\SYSTEM\IPBF.EXE /s
O4 - HKLM\..\RunServices: [NTUB.EXE] C:\WINDOWS\NTUB.EXE /s
O4 - HKLM\..\RunServices: [CRKF.EXE] C:\WINDOWS\CRKF.EXE /s
O4 - HKLM\..\RunServices: [NETZJ32.EXE] C:\WINDOWS\SYSTEM\NETZJ32.EXE /s
O4 - HKLM\..\RunServices: [WINOH32.EXE] C:\WINDOWS\WINOH32.EXE /s
O4 - HKLM\..\RunServices: [ADDXR.EXE] C:\WINDOWS\ADDXR.EXE /s
O4 - HKLM\..\RunServices: [NETKR32.EXE] C:\WINDOWS\SYSTEM\NETKR32.EXE /s
O4 - HKLM\..\RunServices: [NETLX32.EXE] C:\WINDOWS\NETLX32.EXE /s
O4 - HKLM\..\RunServices: [D3LW.EXE] C:\WINDOWS\D3LW.EXE /s
O4 - HKLM\..\RunServices: [NTLH32.EXE] C:\WINDOWS\SYSTEM\NTLH32.EXE /s
O4 - HKLM\..\RunServices: [NTVB.EXE] C:\WINDOWS\NTVB.EXE /s
O4 - HKLM\..\RunServices: [D3DQ32.EXE] C:\WINDOWS\D3DQ32.EXE /s
O4 - HKLM\..\RunServices: [APPEO.EXE] C:\WINDOWS\SYSTEM\APPEO.EXE /s
O4 - HKLM\..\RunServices: [MFCBS32.EXE] C:\WINDOWS\SYSTEM\MFCBS32.EXE /s
O4 - HKLM\..\RunServices: [SYSCN.EXE] C:\WINDOWS\SYSTEM\SYSCN.EXE /s
O4 - HKLM\..\RunServices: [MSJC32.EXE] C:\WINDOWS\MSJC32.EXE /s
O4 - HKLM\..\RunServices: [SYSXK32.EXE] C:\WINDOWS\SYSXK32.EXE /s
O4 - HKLM\..\RunServices: [MFCGX.EXE] C:\WINDOWS\MFCGX.EXE /s
O4 - HKLM\..\RunServices: [NTIP.EXE] C:\WINDOWS\SYSTEM\NTIP.EXE /s
O4 - HKLM\..\RunServices: [ATLXY.EXE] C:\WINDOWS\SYSTEM\ATLXY.EXE /s
O4 - HKLM\..\RunServices: [APIHL32.EXE] C:\WINDOWS\SYSTEM\APIHL32.EXE /s
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O4 - HKCU\..\RunServices: [WindowsFY] C:\WP.EXE
O4 - Startup: hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
O4 - Startup: hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - Startup: hp instant support.lnk = C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Microsoft AntiSpyware helper - {A590E7A0-C2D5-11D9-A667-0001024F3EBA} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A590E7A0-C2D5-11D9-A667-0001024F3EBA} - (no file) (HKCU)
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = sn
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 165.21.83.88