ogfile of HijackThis v1.99.1
Scan saved at 10:01:37 PM, on 2/25/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\WINWV.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APIDB.EXE
C:\WINDOWS\SYSTEM\NTOA.EXE
C:\WINDOWS\SYSTEM\ADDYA.EXE
C:\WINDOWS\SYSTEM\NTLT.EXE
C:\WINDOWS\SYSTEM\MSAV32.EXE
C:\WINDOWS\WINEF.EXE
C:\WINDOWS\CROA.EXE
C:\WINDOWS\ATLED.EXE
C:\WINDOWS\SYSTEM\NETVW32.EXE
C:\WINDOWS\IERO32.EXE
C:\WINDOWS\SYSTEM\SYSTX32.EXE
C:\WINDOWS\NTTI.EXE
C:\WINDOWS\SDKNR.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\CRPK.EXE
C:\WINDOWS\CRNB32.EXE
C:\WINDOWS\IPNS.EXE
C:\WINDOWS\SYSTEM\ADDFV32.EXE
C:\WINDOWS\SYSTEM\CRNR.EXE
C:\WINDOWS\SYSTEM\ADDFP32.EXE
C:\WINDOWS\JAVAPJ32.EXE
C:\WINDOWS\SYSTEM\NETCU32.EXE
C:\WINDOWS\CRRS32.EXE
C:\WINDOWS\ADDEZ.EXE
C:\WINDOWS\MSIN.EXE
C:\WINDOWS\MFCDZ32.EXE
C:\WINDOWS\NETVX32.EXE
C:\WINDOWS\SYSTEM\APPLB32.EXE
C:\WINDOWS\JAVASO.EXE
C:\WINDOWS\SYSTEM\JAVATA32.EXE
C:\WINDOWS\SYSTEM\IPQK32.EXE
C:\WINDOWS\IPTD32.EXE
C:\WINDOWS\SYSTEM\D3GA.EXE
C:\WINDOWS\SDKTD.EXE
C:\WINDOWS\SYSTEM\NTEX32.EXE
C:\WINDOWS\ATLSU32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\IPNF.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTTRAYAPP.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\PROGRAM FILES\A.C\SCROLL-IN-MOUSE V2.12\SCROLL.EXE
C:\WINDOWS\SYSTEM\SYSTX32.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\CRNR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\APIDB.EXE
C:\WINDOWS\SYSTEM\SYSTX32.EXE
C:\WINDOWS\WINEF.EXE
C:\WINDOWS\MFCDZ32.EXE
C:\WINDOWS\SYSTEM\NETCU32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\APPOU32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\ADDEZ.EXE
C:\WINDOWS\MFCDZ32.EXE
C:\WINDOWS\APPIR.EXE
C:\WINDOWS\SYSTEM\NTLT.EXE
C:\WINDOWS\SYSTEM\SYSTX32.EXE
C:\WINDOWS\DESKTOP\UTILITIES\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.megavision.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tdreo.dll/sp.html#37049%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tdreo.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tdreo.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\tdreo.dll/sp.html#37049%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\tdreo.dll/sp.html#37049%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tdreo.dll/sp.html#37049%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\tdreo.dll/sp.html#37049%resultposition.net
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Class - {A8C8EC41-2064-11BF-72C0-1F7287B758A0} - C:\WINDOWS\SYSTEM\MSGH32.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [IPNF.EXE] C:\WINDOWS\SYSTEM\IPNF.EXE
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\RunServices: [WINWV.EXE] C:\WINDOWS\WINWV.EXE /s
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [GhostStartService] C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON GHOST\GHOSTSTARTSERVICE.EXE
O4 - HKLM\..\RunServices: [APPIR.EXE] C:\WINDOWS\APPIR.EXE /s
O4 - HKLM\..\RunServices: [APIDB.EXE] C:\WINDOWS\APIDB.EXE /s
O4 - HKLM\..\RunServices: [NTOA.EXE] C:\WINDOWS\SYSTEM\NTOA.EXE /s
O4 - HKLM\..\RunServices: [ADDYA.EXE] C:\WINDOWS\SYSTEM\ADDYA.EXE /s
O4 - HKLM\..\RunServices: [NTLT.EXE] C:\WINDOWS\SYSTEM\NTLT.EXE /s
O4 - HKLM\..\RunServices: [MSAV32.EXE] C:\WINDOWS\SYSTEM\MSAV32.EXE /s
O4 - HKLM\..\RunServices: [WINEF.EXE] C:\WINDOWS\WINEF.EXE /s
O4 - HKLM\..\RunServices: [CROA.EXE] C:\WINDOWS\CROA.EXE /s
O4 - HKLM\..\RunServices: [ATLED.EXE] C:\WINDOWS\ATLED.EXE /s
O4 - HKLM\..\RunServices: [NETVW32.EXE] C:\WINDOWS\SYSTEM\NETVW32.EXE /s
O4 - HKLM\..\RunServices: [IERO32.EXE] C:\WINDOWS\IERO32.EXE /s
O4 - HKLM\..\RunServices: [SYSTX32.EXE] C:\WINDOWS\SYSTEM\SYSTX32.EXE /s
O4 - HKLM\..\RunServices: [NTTI.EXE] C:\WINDOWS\NTTI.EXE /s
O4 - HKLM\..\RunServices: [SDKNR.EXE] C:\WINDOWS\SDKNR.EXE /s
O4 - HKLM\..\RunServices: [CRPK.EXE] C:\WINDOWS\CRPK.EXE /s
O4 - HKLM\..\RunServices: [CRNB32.EXE] C:\WINDOWS\CRNB32.EXE /s
O4 - HKLM\..\RunServices: [IPNS.EXE] C:\WINDOWS\IPNS.EXE /s
O4 - HKLM\..\RunServices: [ADDFV32.EXE] C:\WINDOWS\SYSTEM\ADDFV32.EXE /s
O4 - HKLM\..\RunServices: [CRNR.EXE] C:\WINDOWS\SYSTEM\CRNR.EXE /s
O4 - HKLM\..\RunServices: [ADDFP32.EXE] C:\WINDOWS\SYSTEM\ADDFP32.EXE /s
O4 - HKLM\..\RunServices: [JAVAPJ32.EXE] C:\WINDOWS\JAVAPJ32.EXE /s
O4 - HKLM\..\RunServices: [NETCU32.EXE] C:\WINDOWS\SYSTEM\NETCU32.EXE /s
O4 - HKLM\..\RunServices: [CRRS32.EXE] C:\WINDOWS\CRRS32.EXE /s
O4 - HKLM\..\RunServices: [ADDEZ.EXE] C:\WINDOWS\ADDEZ.EXE /s
O4 - HKLM\..\RunServices: [MSIN.EXE] C:\WINDOWS\MSIN.EXE /s
O4 - HKLM\..\RunServices: [MFCDZ32.EXE] C:\WINDOWS\MFCDZ32.EXE /s
O4 - HKLM\..\RunServices: [NETVX32.EXE] C:\WINDOWS\NETVX32.EXE /s
O4 - HKLM\..\RunServices: [APPLB32.EXE] C:\WINDOWS\SYSTEM\APPLB32.EXE /s
O4 - HKLM\..\RunServices: [JAVASO.EXE] C:\WINDOWS\JAVASO.EXE /s
O4 - HKLM\..\RunServices: [JAVATA32.EXE] C:\WINDOWS\SYSTEM\JAVATA32.EXE /s
O4 - HKLM\..\RunServices: [IPQK32.EXE] C:\WINDOWS\SYSTEM\IPQK32.EXE /s
O4 - HKLM\..\RunServices: [IPTD32.EXE] C:\WINDOWS\IPTD32.EXE /s
O4 - HKLM\..\RunServices: [D3GA.EXE] C:\WINDOWS\SYSTEM\D3GA.EXE /s
O4 - HKLM\..\RunServices: [SDKTD.EXE] C:\WINDOWS\SDKTD.EXE /s
O4 - HKLM\..\RunServices: [NTEX32.EXE] C:\WINDOWS\SYSTEM\NTEX32.EXE /s
O4 - HKLM\..\RunServices: [ATLSU32.EXE] C:\WINDOWS\ATLSU32.EXE /s
O4 - HKLM\..\RunServices: [APPOU32.EXE] C:\WINDOWS\APPOU32.EXE /s
O4 - Startup: Scroll-In-Mouse V2.12.lnk = C:\Program Files\A.C\Scroll-In-Mouse V2.12\Scroll.exe
O4 - Startup: NetMedia.lnk = C:\Program Files\NetMedia\Versato.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmwordtrans.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate Page into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://world.yahoo.com
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab