Logfile of HijackThis v1.99.1
Scan saved at 6:55:01 PM, on 10/09/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nationalgeographic.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nationalgeographic.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=proxy.att.com:8000;ftp=proxy.att.com:8000;https=proxy.att.com:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *att.com
O1 - Hosts: 135.37.9.18 as10
O1 - Hosts: 135.164.224.1 brouter
O1 - Hosts: 135.164.228.5 kpuxf
O1 - Hosts: 135.164.224.72 sasha
O1 - Hosts: 135.91.21.106 devcats devcats.jazz.att.com
O1 - Hosts: 135.91.21.110 catsweb
O1 - Hosts: 135.164.224.186 twister
O1 - Hosts: 135.147.103.248 inscatl
O1 - Hosts: 135.147.195.237 inscwp
O1 - Hosts: 135.91.21.107 kp2web
O1 - Hosts: 135.164.239.249 ptr01
O1 - Hosts: 135.37.9.18 as10 as10.its.att.com
O1 - Hosts: 135.38.244.3 ks10 ks10.its.att.com
O1 - Hosts: 135.71.27.39 attrh.att.com
O1 - Hosts: 135.164.224.25 kpuxc
O1 - Hosts: 135.194.4.25 griffin
O1 - Hosts: 135.91.21.100 inisdb
O1 - Hosts: 135.58.25.16 kciprs1
O1 - Hosts: 135.58.25.19 kciprs2
O1 - Hosts: 135.164.224.213 hp3si
O1 - Hosts: 135.33.44.241 hp3siwp
O1 - Hosts: 135.164.224.215 hp5m
O1 - Hosts: 135.91.21.108 ptsdev
O1 - Hosts: 135.91.21.109 ftsweb
O1 - Hosts: 135.36.232.1 atlcms1a
O1 - Hosts: 135.36.232.1 atlcms1
O1 - Hosts: 135.36.80.3 itamac
O1 - Hosts: 135.164.224.1 brouter
O1 - Hosts: 135.164.224.22 rip
O1 - Hosts: 135.164.224.24 ripjr
O1 - Hosts: 135.16.191.37 fraudhp
O1 - Hosts: 135.164.217.232 fraudhp2
O1 - Hosts: 135.37.46.195 sots msa1
O1 - Hosts: 135.164.73.10 brouter73
O1 - Hosts: 135.164.224.75 odie
O1 - Hosts: 135.164.224.73 solo
O1 - Hosts: 135.164.224.74 shogun
O1 - Hosts: 135.16.42.30 gsun
O1 - Hosts: 135.16.83.1 esun
O1 - Hosts: 135.16.68.2 gnet8
O1 - Hosts: 135.16.68.5 gnet4
O1 - Hosts: 135.16.68.7 gnet5
O1 - Hosts: 135.16.68.15 gnet9
O1 - Hosts: 135.91.45.10 trumpet
O1 - Hosts: 135.38.88.1 mvskc
O1 - Hosts: 135.52.11.3 attbrz01
O1 - Hosts: 135.68.25.2 projsun1
O1 - Hosts: 135.37.143.8 ah60
O1 - Hosts: 135.37.100.17 mh60
O1 - Hosts: 135.7.1.17 att
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O2 - BHO: CCHelper - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\CCHELPER.DLL
O2 - BHO: WinStat - {EE02B99B-1D55-48bc-B8DB-649A42CE45F6} - C:\WINDOWS\SYSTEM\WINSTAT12.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR51.DLL
O3 - Toolbar: Pa&nicware Pop-Up Stopper - {7E82235C-F31E-46CB-AF9F-1ADD94C585FF} - C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER\PSTOPPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [COMSMDEXE] comsmd.exe -off
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [DMILDR] C:\DMI\bin\dmildr.exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [NEWTEXE] C:\NETMANAG.95\NEWT32.EXE -r
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\CFGMGR51.DLL,DllRun
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [alw] C:\WINDOWS\SYSTEM\alw.exe
O4 - HKLM\..\Run: [strtas] LOCK1.EXE
O4 - HKLM\..\Run: [System service73] C:\WINDOWS\ETB\POKAPOKA73.EXE
O4 - HKLM\..\RunServices: [SNMP agent] SNMP.EXE
O4 - HKLM\..\RunServices: [Win32SL] C:\DMI\BIN\Win32sl.EXE -i
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAM FILES\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [strtas] LOCK1.EXE
O4 - HKCU\..\Run: [strtas] LOCK1.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: PrintKey20.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zonealarm.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://69.44.122.156...r/axscanner.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - http://download.zone...ctor/WebSWK.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab