Logfile of HijackThis v1.96.1
Scan saved at 20:24:54, on 30-09-03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAMMER\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMER\FæLLES FILER\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAMMER\ADIOS POP-UPS\ADIOS POP-UPS.EXE
C:\PROGRAMMER\FæLLES FILER\REAL\UPDATE_OB\RNATHCHK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\UNZIPPED\HIJACKTHIS196\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMER\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dr.dk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr/*http://www.yahoo.com/ext/search/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr/*http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAMMER\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMER\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmer\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAMMER\YAHOO!\COMMON\YCOMP5_1_6_0.DLL
O4 - HKLM\..\Run: [Skan registreringsdatabase] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Job-oversigt] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe -osboot
O4 - HKLM\..\Run: [Adios Pop-Ups] C:\PROGRAMMER\ADIOS POP-UPS\ADIOS POP-UPS.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Planlægningsagent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmer\Fælles filer\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmer\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAMMER\YAHOO!\MESSENGER\ypager.exe -quiet
O8 - Extra context menu item: Yahoo! Search -
file:///C:\Programmer\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Yahoo! Dictionary -
file:///C:\Programmer\Yahoo!\Common/ycdict.htmO9 - Extra button: Real.com (HKLM)
O9 - Extra button: ICQ (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) -
http://download.yahoo.com/dl/installs/yinst.cabO16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dllO16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) -
http://chat.yahoo.com/cab/yuplapp.cabO16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) -
http://www.eb.dk/codekstra/cabs/cssweb.cabO16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) -
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cabO16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} -
http://akamai.downloadv3.com/binaries/IA/ia.cabO16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} -
http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_pack.cab