WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
UPX! 8/30/05 7:28:16 PM 721 c:\log.txt
UPX! 8/30/05 7:16:46 PM 243 c:\win.txt
UPX! 8/30/05 7:26:22 PM 26 c:\windows.txt
Checking %ProgramFilesDir% folder...
UPX! 2/16/05 11:06:16 AM 218112 C:\Program Files\HijackThis.exe
Checking %WinDir% folder...
abetterinternet.com 9/1/05 7:53:50 PM RH 11071520 c:\windows\SYSTEM.DAT
winsync 9/1/05 7:53:50 PM RH 11071520 c:\windows\SYSTEM.DAT
Items found in c:\windows\HOSTS
UPX! 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
FSG! 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
PEC2 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
PECompact2 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
Umonitor 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
qoologic 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
aspack 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
PTech 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
urllogic 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
ad-beh 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
ad-behNior.com 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
sYVLLSAKY 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
_rtneg3 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
SAHAgent 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
buddy.exe 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
ZepMon 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
aurora.exe 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
;2x(V]@BMD 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
Tlji7Mk 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
KavSvc 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
69.59.186.63 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
209.66.67.134 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
66.63.167.97 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
66.63.167.77 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
abetterinternet.com 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
8B!7F\(T 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
testpopup 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
web-nex 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
yourkey 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
winsync 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
rec2_run 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
WinShutDown 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
ad-w-a-r-e.com 9/1/05 12:50:22 PM 16777216 c:\windows\WIN386.SWP
69.59.186.63 9/1/05 7:52:10 PM 133120 c:\windows\fkfmw.dll
209.66.67.134 9/1/05 7:52:10 PM 133120 c:\windows\fkfmw.dll
web-nex 9/1/05 7:52:10 PM 133120 c:\windows\fkfmw.dll
winsync 9/1/05 7:52:10 PM 133120 c:\windows\fkfmw.dll
PECompact2 8/29/05 11:37:02 PM 15707121 c:\windows\VPTNFILE.809
qoologic 8/29/05 11:37:02 PM 15707121 c:\windows\VPTNFILE.809
SAHAgent 8/29/05 11:37:02 PM 15707121 c:\windows\VPTNFILE.809
UPX! 5/3/05 11:44:44 AM 25157 c:\windows\RMAgentOutput.dll
UPX! 1/10/05 4:17:24 PM 170053 c:\windows\tsc.exe
PECompact2 8/29/05 11:37:02 PM 15707121 c:\windows\lpt$vpn.809
qoologic 8/29/05 11:37:02 PM 15707121 c:\windows\lpt$vpn.809
SAHAgent 8/29/05 11:37:02 PM 15707121 c:\windows\lpt$vpn.809
UPX! 2/18/05 6:40:14 PM 1044560 c:\windows\vsapi32.dll
aspack 2/18/05 6:40:14 PM 1044560 c:\windows\vsapi32.dll
Checking %System% folder...
PTech 11/9/99 10:55:54 PM 88571 c:\windows\SYSTEM\MDACRDME.HTM
PTech 8/21/98 5:24:08 PM 74460 c:\windows\SYSTEM\OLFAXDRV.DRV
PTech 8/3/05 10:33:42 AM 520456 c:\windows\SYSTEM\LegitCheckControl.DLL
Checking %System%\Drivers folder and sub-folders...
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/1/05 7:53:50 PM RH 11071520 c:\windows\SYSTEM.DAT
9/1/05 7:58:00 PM RH 1310752 c:\windows\USER.DAT
7/26/05 1:25:30 PM H 26929 c:\windows\ttfCache
9/1/05 7:47:30 PM H 374987 c:\windows\ShellIconCache
9/1/05 7:50:38 PM HS 1092 c:\windows\Application Data\Microsoft\Internet Explorer\Desktop.htt
9/1/05 7:50:40 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\6A9LCCIK\desktop.ini
9/1/05 7:50:40 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\STYR0L6B\desktop.ini
9/1/05 7:50:40 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\SEE0VABB\desktop.ini
9/1/05 7:50:40 PM HS 67 c:\windows\Temporary Internet Files\Content.IE5\MPQDUHUV\desktop.ini
9/1/05 7:50:16 PM H 6 c:\windows\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 4/23/99 10:22:00 PM 221280 c:\windows\SYSTEM\DESK.CPL
Microsoft Corporation 8/29/02 292352 c:\windows\SYSTEM\INETCPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 60928 c:\windows\SYSTEM\INTL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 420864 c:\windows\SYSTEM\MMSYS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 93248 c:\windows\SYSTEM\MODEM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14448 c:\windows\SYSTEM\NETCPL.CPL
Microsoft Corporation 8/8/99 3:17:12 AM 41232 c:\windows\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 47104 c:\windows\SYSTEM\PASSWORD.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 51984 c:\windows\SYSTEM\POWERCFG.CPL
Microsoft Corporation 10/30/01 8:10:00 AM 442368 c:\windows\SYSTEM\JOY.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 66048 c:\windows\SYSTEM\ACCESS.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 72192 c:\windows\SYSTEM\APPWIZ.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 103424 c:\windows\SYSTEM\MAIN.CPL
4/23/99 10:22:00 PM 70656 c:\windows\SYSTEM\STICPL.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 387072 c:\windows\SYSTEM\SYSDM.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 14848 c:\windows\SYSTEM\TELEPHON.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 37376 c:\windows\SYSTEM\TIMEDATE.CPL
Microsoft Corporation 4/23/99 10:22:00 PM 15360 c:\windows\SYSTEM\THEMES.CPL
Creative Technology Ltd. 3/19/98 1:00:00 AM 18432 c:\windows\SYSTEM\AUDIOHQ.CPL
Microsoft Corporation 2/10/99 11:48:46 AM 40960 c:\windows\SYSTEM\FINDFAST.CPL
8/30/05 2:47:00 PM 31744 c:\windows\SYSTEM\vgactl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
9/1/05 7:52:08 PM 417792 C:\WINDOWS\Start Menu\Programs\StartUp\nrna.exe
8/27/05 8:05:00 PM 451 C:\WINDOWS\Start Menu\Programs\StartUp\SpySubtract.lnk
8/18/05 6:55:42 PM 376 C:\WINDOWS\Start Menu\Programs\StartUp\SpywareGuard.lnk
8/20/05 9:30:10 AM 404 C:\WINDOWS\Start Menu\Programs\StartUp\WinZip Quick Pick.lnk
Checking files in %USERPROFILE%\Application Data folder...
4/19/04 8:28:22 AM 37159 C:\WINDOWS\Application Data\Comma Separated Values (DOS).ADR
9/24/04 7:43:48 AM 37159 C:\WINDOWS\Application Data\Comma Separated Values (Windows).ADR
11/28/04 3:03:04 PM 2566 C:\WINDOWS\Application Data\dw.log
6/2/05 12:33:48 PM 65000 C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT
8/27/05 3:46:08 PM 26 C:\WINDOWS\Application Data\Sskcwrd.dll
8/27/05 7:32:14 AM 448179 C:\WINDOWS\Application Data\Sskknwrd.dll
8/27/05 1:45:46 PM 39 C:\WINDOWS\Application Data\Sskuknwrd.dll
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
acc= =
acc=ventura5 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{81559C35-8464-49F7-BB0E-07A383BEF910} = C:\PROGRAM FILES\SPYWAREGUARD\SPYWAREGUARD.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Norton WipeInfo
{30424D42-5946-11D2-B8E5-006097C9C6FF} = C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\WFSHELEX.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\StuffIt Compress Menu
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NetwareUNCMenu
{B91C21C0-0050-101B-8A87-00AA000C4F5D} = mpr.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Norton WipeInfo
{30424D42-5946-11D2-B8E5-006097C9C6FF} = C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\WFSHELEX.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\StuffIt Compress Menu
=
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TaskMonitor c:\windows\taskmon.exe
SystemTray SysTray.Exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
AudioHQ C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
TCASUTIEXE TCAUDIAG -off
Microsoft IntelliType Pro "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
POINTER C:\Program Files\Microsoft Hardware\Mouse\point32.exe
Pop-Up Stopper "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
LoadQM loadqm.exe
NAV Agent c:\PROGRA~1\NORTON~2\NORTON~1\NAVAPW32.EXE
NPROTECT c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
autoupdate rundll32 C:\WINDOWS\SYSTEM\WUAUCLT.DLL,SHStart
winsync C:\WINDOWS\adatiu.exe reg_run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
MSFS Installed = 1
MAPI Installed = 1
IMAIL Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent mstask.exe
Machine Debug Manager C:\WINDOWS\SYSTEM\MDM.EXE
Hidserv Hidserv.exe run
ScriptBlocking "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
CSINJECT.EXE c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
NPROTECT c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
SymTray - Norton SystemWorks c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer
NoCDBurning 0
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
emqx.exe C:\WINDOWS\SYSTEM\emqx.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL
<<< WARNING! - NOT A VALID WIN98/ME KEY! >>>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs APITRAP.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/1/05 8:02:49 PM
Logfile of HijackThis v1.99.1
Scan saved at 8:23:57 PM, on 9/1/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\CREATIVE\SBLIVE\AUDIOHQ\AHQTB.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\KEYBOARD\SPEEDKEY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\ADATIU.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGMAIN.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\INTERMUTE\SPYSUBTRACT\SPYSUB.EXE
C:\PROGRAM FILES\SPYWAREGUARD\SGBHP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\HIJACK\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.nytimes.com/O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG -off
O4 - HKLM\..\Run: [Microsoft IntelliType Pro] "C:\Program Files\Microsoft Hardware\Keyboard\speedkey.exe"
O4 - HKLM\..\Run: [POINTER] C:\Program Files\Microsoft Hardware\Mouse\point32.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NAV Agent] c:\PROGRA~1\NORTON~2\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\WUAUCLT.DLL,SHStart
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\adatiu.exe reg_run
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Startup: nrna.exe
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) -
http://www.ravantivi...n/ravonline.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204