yep, they were ALL set to 127.0.0.1
here is the updated startup list :
StartupList report, 1/9/03, 8:03:44 PM
StartupList version: 1.50
Started from : C:\UNZIPPED\STARTUPLIST15\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\ROXIO\GOBACK\GBPOLL.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\SYSTEM\MSGLOOP.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\NISUM.EXE
C:\PROGRAM FILES\NORTON INTERNET SECURITY\CCPXYSVC.EXE
C:\WINDOWS\SYSTEM\MSG32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\USBMMKBD.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\WT\UPDATER\WCMDMGR.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\CFGWIZ.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\ROXIO\GOBACK\GBTRAY.EXE
C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\AIM95\AIM.EXE
C:\WINDOWS\TEMP\_IU14D2N.TMP
C:\UNZIPPED\STARTUPLIST15\STARTUPLIST.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.Exe
Keyboard Manager = C:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
USBMMKBD = usbmmkbd.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
SpyBotSnD = C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY 1.1\SPYBOTSD.EXE
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
GoBack Polling Service = C:\Program Files\Roxio\GoBack\GBPoll.exe
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {89820200-ECBD-11cf-8B85-00AA005B4383}
[>PerUser_MSN_Clean] *
StubPath = c:\windows\msnmgsr1.exe
[PerUser_LinkBar_URLs] *
StubPath = c:\windows\COMMAND\sulfnbk.exe /L
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper {7790769C-0471-11d2-AF11-00C04FA35D02}
[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP
[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:\WINDOWS\SYSTEM\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=
run=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\BOUNCI~1.SCR
drivers=mmsystem.dll power.drv
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
--------------------------------------------------
C:\WINDOWS\WININIT.INI listing:
(Created 9/1/2003, 20:2:48)
[rename]
NUL=c:\windows\TEMP\_iu14D2N.tmp
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 9/1/2003, 15:29:18)
[Rename]
C:\WINDOWS\SYSTEM\SYMSTORE.DLL=C:\WINDOWS\SYSTEM\SYM41CB.TMP
C:\WINDOWS\SYSTEM\SYMREDIR.DLL=C:\WINDOWS\SYSTEM\SYM41D2.TMP
C:\WINDOWS\SYSTEM\SYMNETI.DLL=C:\WINDOWS\SYSTEM\SYM41D5.TMP
C:\PROGRA~1\NORTON~3\ALERTAST.EXE=C:\PROGRA~1\NORTON~3\ALERTAST.EX^
C:\PROGRA~1\NORTON~3\FREINTEG.DLL=C:\PROGRA~1\NORTON~3\FREINTEG.DL^
C:\PROGRA~1\NORTON~3\HNETCORE.DLL=C:\PROGRA~1\NORTON~3\HNETCORE.DL^
C:\PROGRA~1\NORTON~3\HNETWIZ.EXE=C:\PROGRA~1\NORTON~3\HNETWIZ.EX^
C:\PROGRA~1\NORTON~3\IAMSTATS.EXE=C:\PROGRA~1\NORTON~3\IAMSTATS.EX^
C:\PROGRA~1\NORTON~3\INTROWIZ.EXE=C:\PROGRA~1\NORTON~3\INTROWIZ.EX^
C:\PROGRA~1\NORTON~3\INTRWRAP.DLL=C:\PROGRA~1\NORTON~3\INTRWRAP.DL^
C:\PROGRA~1\NORTON~3\LICALERT.DLL=C:\PROGRA~1\NORTON~3\LICALERT.DL^
C:\PROGRA~1\NORTON~3\NISFSTDL.DLL=C:\PROGRA~1\NORTON~3\NISFSTDL.DL^
C:\PROGRA~1\NORTON~3\NIS_SMUI.DLL=C:\PROGRA~1\NORTON~3\NIS_SMUI.DL^
C:\PROGRA~1\NORTON~3\NISABOUT.DLL=C:\PROGRA~1\NORTON~3\NISABOUT.DL^
C:\PROGRA~1\NORTON~3\NISEMAIL.DLL=C:\PROGRA~1\NORTON~3\NISEMAIL.DL^
C:\PROGRA~1\NORTON~3\NISFETA.DLL=C:\PROGRA~1\NORTON~3\NISFETA.DL^
C:\PROGRA~1\NORTON~3\NISFETP.DLL=C:\PROGRA~1\NORTON~3\NISFETP.DL^
C:\PROGRA~1\NORTON~3\NISLCOM.DLL=C:\PROGRA~1\NORTON~3\NISLCOM.DL^
C:\PROGRA~1\NORTON~3\NISLUCBK.DLL=C:\PROGRA~1\NORTON~3\NISLUCBK.DL^
C:\PROGRA~1\NORTON~3\NISOPTS.DLL=C:\PROGRA~1\NORTON~3\NISOPTS.DL^
C:\PROGRA~1\NORTON~3\NISPLUG.DLL=C:\PROGRA~1\NORTON~3\NISPLUG.DL^
C:\PROGRA~1\NORTON~3\NISPROD.DLL=C:\PROGRA~1\NORTON~3\NISPROD.DL^
C:\PROGRA~1\NORTON~3\PCWIZ.DLL=C:\PROGRA~1\NORTON~3\PCWIZ.DL^
C:\PROGRA~1\NORTON~3\PCWIZ.EXE=C:\PROGRA~1\NORTON~3\PCWIZ.EX^
C:\PROGRA~1\NORTON~3\RLEVEL.DLL=C:\PROGRA~1\NORTON~3\RLEVEL.DL^
C:\PROGRA~1\NORTON~3\SYMMONI.EXE=C:\PROGRA~1\NORTON~3\SYMMONI.EX^
C:\PROGRA~1\NORTON~3\SYMURL.DLL=C:\PROGRA~1\NORTON~3\SYMURL.DL^
C:\PROGRA~1\NORTON~3\TDIT_MSG.DLL=C:\PROGRA~1\NORTON~3\TDIT_MSG.DL^
C:\PROGRA~1\NORTON~3\URLUPDAT.EXE=C:\PROGRA~1\NORTON~3\URLUPDAT.EX^
C:\PROGRA~1\NORTON~3\ACDISP.DLL=C:\PROGRA~1\NORTON~3\ACDISP.DL^
C:\PROGRA~1\NORTON~3\ALESCAN.EXE=C:\PROGRA~1\NORTON~3\ALESCAN.EX^
C:\PROGRA~1\NORTON~3\ATRACK.DLL=C:\PROGRA~1\NORTON~3\ATRACK.DL^
C:\PROGRA~1\NORTON~3\CCALE.DLL=C:\PROGRA~1\NORTON~3\CCALE.DL^
C:\PROGRA~1\NORTON~3\CCANTISP.DLL=C:\PROGRA~1\NORTON~3\CCANTISP.DL^
C:\PROGRA~1\NORTON~3\CCFWRULS.DLL=C:\PROGRA~1\NORTON~3\CCFWRULS.DL^
C:\PROGRA~1\NORTON~3\CCFWSETG.DLL=C:\PROGRA~1\NORTON~3\CCFWSETG.DL^
C:\PROGRA~1\NORTON~3\CCPROXY.DLL=C:\PROGRA~1\NORTON~3\CCPROXY.DL^
C:\PROGRA~1\NORTON~3\CCPXYEVT.DLL=C:\PROGRA~1\NORTON~3\CCPXYEVT.DL^
C:\PROGRA~1\NORTON~3\CCPXYSVC.EXE=C:\PROGRA~1\NORTON~3\CCPXYSVC.EX^
C:\PROGRA~1\NORTON~3\CCRULEIO.DLL=C:\PROGRA~1\NORTON~3\CCRULEIO.DL^
C:\PROGRA~1\NORTON~3\CCSCANSP.DLL=C:\PROGRA~1\NORTON~3\CCSCANSP.DL^
C:\PROGRA~1\NORTON~3\DATAHTTP.DLL=C:\PROGRA~1\NORTON~3\DATAHTTP.DL^
C:\PROGRA~1\NORTON~3\EVTPWRAP.DLL=C:\PROGRA~1\NORTON~3\EVTPWRAP.DL^
C:\PROGRA~1\NORTON~3\FWUI.DLL=C:\PROGRA~1\NORTON~3\FWUI.DL^
C:\PROGRA~1\NORTON~3\IAMAPP.DLL=C:\PROGRA~1\NORTON~3\IAMAPP.DL^
C:\PROGRA~1\NORTON~3\IAMPW.DLL=C:\PROGRA~1\NORTON~3\IAMPW.DL^
C:\PROGRA~1\NORTON~3\LOGEXPRT.EXE=C:\PROGRA~1\NORTON~3\LOGEXPRT.EX^
C:\PROGRA~1\NORTON~3\NISADBLK.DLL=C:\PROGRA~1\NORTON~3\NISADBLK.DL^
C:\PROGRA~1\NORTON~3\NISALERT.DLL=C:\PROGRA~1\NORTON~3\NISALERT.DL^
C:\PROGRA~1\NORTON~3\NISCMNHT.DLL=C:\PROGRA~1\NORTON~3\NISCMNHT.DL^
C:\PROGRA~1\NORTON~3\NISCONFD.DLL=C:\PROGRA~1\NORTON~3\NISCONFD.DL^
C:\PROGRA~1\NORTON~3\NISEVT.DLL=C:\PROGRA~1\NORTON~3\NISEVT.DL^
C:\PROGRA~1\NORTON~3\NISUM.EXE=C:\PROGRA~1\NORTON~3\NISUM.EX^
C:\PROGRA~1\NORTON~3\NISUMPS.DLL=C:\PROGRA~1\NORTON~3\NISUMPS.DL^
C:\PROGRA~1\NORTON~3\PPROFILE.DLL=C:\PROGRA~1\NORTON~3\PPROFILE.DL^
C:\PROGRA~1\NORTON~3\PXYHTTP.DLL=C:\PROGRA~1\NORTON~3\PXYHTTP.DL^
C:\PROGRA~1\NORTON~3\PXYIM.DLL=C:\PROGRA~1\NORTON~3\PXYIM.DL^
C:\PROGRA~1\NORTON~3\PXYNNTP.DLL=C:\PROGRA~1\NORTON~3\PXYNNTP.DL^
C:\PROGRA~1\NORTON~3\STRMFILT.DLL=C:\PROGRA~1\NORTON~3\STRMFILT.DL^
C:\PROGRA~1\NORTON~3\SYMICONV.DLL=C:\PROGRA~1\NORTON~3\SYMICONV.DL^
C:\PROGRA~1\NORTON~3\TLEVEL.DLL=C:\PROGRA~1\NORTON~3\TLEVEL.DL^
C:\PROGRA~1\NORTON~3\UMCBK.DLL=C:\PROGRA~1\NORTON~3\UMCBK.DL^
C:\PROGRA~1\NORTON~3\WRAPUM.DLL=C:\PROGRA~1\NORTON~3\WRAPUM.DL^
C:\PROGRA~1\NORTON~3\NISFIRST.EXE=C:\PROGRA~1\NORTON~3\NISFIRST.EX^
C:\PROGRA~1\NORTON~3\NISRES.DLL=C:\PROGRA~1\NORTON~3\NIS44AA.TMP
C:\PROGRA~1\NORTON~2\BOOTWARN.EXE=C:\PROGRA~1\NORTON~2\BOOTWARN.EX^
C:\PROGRA~1\NORTON~2\ABOUTPLG.DLL=C:\PROGRA~1\NORTON~2\ABOUTPLG.DL^
C:\PROGRA~1\NORTON~2\APWUTIL.DLL=C:\PROGRA~1\NORTON~2\APWUTIL.DL^
C:\PROGRA~1\NORTON~2\CCIMSCAN.DLL=C:\PROGRA~1\NORTON~2\CCIMSCAN.DL^
C:\PROGRA~1\NORTON~2\CCIMSCAN.EXE=C:\PROGRA~1\NORTON~2\CCIMSCAN.EX^
C:\PROGRA~1\NORTON~2\CFGWIZ.DLL=C:\PROGRA~1\NORTON~2\CFGWIZ.DL^
C:\PROGRA~1\NORTON~2\CFGWIZ.EXE=C:\PROGRA~1\NORTON~2\CFGWIZ.EX^
C:\PROGRA~1\NORTON~2\DEC2.DLL=C:\PROGRA~1\NORTON~2\DEC2.DL^
C:\PROGRA~1\NORTON~2\DEC2AMG.DLL=C:\PROGRA~1\NORTON~2\DEC2AMG.DL^
C:\PROGRA~1\NORTON~2\DEC2ARJ.DLL=C:\PROGRA~1\NORTON~2\DEC2ARJ.DL^
C:\PROGRA~1\NORTON~2\DEC2CAB.DLL=C:\PROGRA~1\NORTON~2\DEC2CAB.DL^
C:\PROGRA~1\NORTON~2\DEC2EXE.DLL=C:\PROGRA~1\NORTON~2\DEC2EXE.DL^
C:\PROGRA~1\NORTON~2\DEC2GZIP.DLL=C:\PROGRA~1\NORTON~2\DEC2GZIP.DL^
C:\PROGRA~1\NORTON~2\DEC2HQX.DLL=C:\PROGRA~1\NORTON~2\DEC2HQX.DL^
C:\PROGRA~1\NORTON~2\DEC2ID.DLL=C:\PROGRA~1\NORTON~2\DEC2ID.DL^
C:\PROGRA~1\NORTON~2\DEC2LHA.DLL=C:\PROGRA~1\NORTON~2\DEC2LHA.DL^
C:\PROGRA~1\NORTON~2\DEC2LZ.DLL=C:\PROGRA~1\NORTON~2\DEC2LZ.DL^
C:\PROGRA~1\NORTON~2\DEC2RTF.DLL=C:\PROGRA~1\NORTON~2\DEC2RTF.DL^
C:\PROGRA~1\NORTON~2\DEC2SS.DLL=C:\PROGRA~1\NORTON~2\DEC2SS.DL^
C:\PROGRA~1\NORTON~2\DEC2TAR.DLL=C:\PROGRA~1\NORTON~2\DEC2TAR.DL^
C:\PROGRA~1\NORTON~2\DEC2TEXT.DLL=C:\PROGRA~1\NORTON~2\DEC2TEXT.DL^
C:\PROGRA~1\NORTON~2\DEC2TNEF.DLL=C:\PROGRA~1\NORTON~2\DEC2TNEF.DL^
C:\PROGRA~1\NORTON~2\DEC2UUE.DLL=C:\PROGRA~1\NORTON~2\DEC2UUE.DL^
C:\PROGRA~1\NORTON~2\DEC2ZIP.DLL=C:\PROGRA~1\NORTON~2\DEC2ZIP.DL^
C:\PROGRA~1\NORTON~2\DECSDK.DLL=C:\PROGRA~1\NORTON~2\DECSDK.DL^
C:\PROGRA~1\NORTON~2\DEFALERT.DLL=C:\PROGRA~1\NORTON~2\DEFALERT.DL^
C:\PROGRA~1\NORTON~2\N32CALL.DLL=C:\PROGRA~1\NORTON~2\N32CALL.DL^
C:\PROGRA~1\NORTON~2\N32EXCLU.DLL=C:\PROGRA~1\NORTON~2\N32EXCLU.DL^
C:\PROGRA~1\NORTON~2\N32VLIST.DLL=C:\PROGRA~1\NORTON~2\N32VLIST.DL^
C:\PROGRA~1\NORTON~2\NAVAP32.DLL=C:\PROGRA~1\NORTON~2\NAVAP32.DL^
C:\PROGRA~1\NORTON~2\NAVAPI.VXD=C:\PROGRA~1\NORTON~2\NAVAPI.VX^
C:\PROGRA~1\NORTON~2\NAVAPI32.DLL=C:\PROGRA~1\NORTON~2\NAVAPI32.DL^
C:\PROGRA~1\NORTON~2\NAVAPSCR.DLL=C:\PROGRA~1\NORTON~2\NAVAPSCR.DL^
C:\PROGRA~1\NORTON~2\NAVCOMUI.DLL=C:\PROGRA~1\NORTON~2\NAVCOMUI.DL^
C:\PROGRA~1\NORTON~2\NAVDEFS.DLL=C:\PROGRA~1\NORTON~2\NAVDEFS.DL^
C:\PROGRA~1\NORTON~2\NAVDX.EXE=C:\PROGRA~1\NORTON~2\NAVDX.EX^
C:\PROGRA~1\NORTON~2\NAVDX.OVL=C:\PROGRA~1\NORTON~2\NAVDX.OV^
C:\PROGRA~1\NORTON~2\NAVEMAIL.DLL=C:\PROGRA~1\NORTON~2\NAVEMAIL.DL^
C:\PROGRA~1\NORTON~2\NAVERROR.DLL=C:\PROGRA~1\NORTON~2\NAVERROR.DL^
C:\PROGRA~1\NORTON~2\NAVEVENT.DLL=C:\PROGRA~1\NORTON~2\NAVEVENT.DL^
C:\PROGRA~1\NORTON~2\NAVINOC.DLL=C:\PROGRA~1\NORTON~2\NAVINOC.DL^
C:\PROGRA~1\NORTON~2\NAVKRNLO.VXD=C:\PROGRA~1\NORTON~2\NAVKRNLO.VX^
C:\PROGRA~1\NORTON~2\NAVLCOM.DLL=C:\PROGRA~1\NORTON~2\NAVLCOM.DL^
C:\PROGRA~1\NORTON~2\NAVLNCH.DLL=C:\PROGRA~1\NORTON~2\NAVLNCH.DL^
C:\PROGRA~1\NORTON~2\NAVLOGV.DLL=C:\PROGRA~1\NORTON~2\NAVLOGV.DL^
C:\PROGRA~1\NORTON~2\NAVLUCBK.DLL=C:\PROGRA~1\NORTON~2\NAVLUCBK.DL^
C:\PROGRA~1\NORTON~2\NAVOPTS.DLL=C:\PROGRA~1\NORTON~2\NAVOPTS.DL^
C:\PROGRA~1\NORTON~2\NAVPROD.DLL=C:\PROGRA~1\NORTON~2\NAVPROD.DL^
C:\PROGRA~1\NORTON~2\NAVSCAN.DLL=C:\PROGRA~1\NORTON~2\NAVSCAN.DL^
C:\PROGRA~1\NORTON~2\NAVSHEXT.DLL=C:\PROGRA~1\NORTON~2\NAVSHEXT.DL^
C:\PROGRA~1\NORTON~2\NAVSTATS.DLL=C:\PROGRA~1\NORTON~2\NAVSTATS.DL^
C:\PROGRA~1\NORTON~2\NAVSTUB.EXE=C:\PROGRA~1\NORTON~2\NAVSTUB.EX^
C:\PROGRA~1\NORTON~2\NAVTASKS.DLL=C:\PROGRA~1\NORTON~2\NAVTASKS.DL^
C:\PROGRA~1\NORTON~2\NAVTSKWZ.DLL=C:\PROGRA~1\NORTON~2\NAVTSKWZ.DL^
C:\PROGRA~1\NORTON~2\NAVUI.DLL=C:\PROGRA~1\NORTON~2\NAVUI.DL^
C:\PROGRA~1\NORTON~2\NAVW32.EXE=C:\PROGRA~1\NORTON~2\NAVW32.EX^
C:\PROGRA~1\NORTON~2\NETBREXT.DLL=C:\PROGRA~1\NORTON~2\NETBREXT.DL^
C:\PROGRA~1\NORTON~2\OEHEUR.DLL=C:\PROGRA~1\NORTON~2\OEHEUR.DL^
C:\PROGRA~1\NORTON~2\OFFICEAV.DLL=C:\PROGRA~1\NORTON~2\OFFICEAV.DL^
C:\PROGRA~1\NORTON~2\PATCH32I.DLL=C:\PROGRA~1\NORTON~2\PATCH32I.DL^
C:\PROGRA~1\NORTON~2\QCONRES.DLL=C:\PROGRA~1\NORTON~2\QCONRES.DL^
C:\PROGRA~1\NORTON~2\QCONSOLE.EXE=C:\PROGRA~1\NORTON~2\QCONSOLE.EX^
C:\PROGRA~1\NORTON~2\QSPAK32.DLL=C:\PROGRA~1\NORTON~2\QSPAK32.DL^
C:\PROGRA~1\NORTON~2\QUAR32.DLL=C:\PROGRA~1\NORTON~2\QUAR32.DL^
C:\PROGRA~1\NORTON~2\S32ALOGO.DLL=C:\PROGRA~1\NORTON~2\S32ALOGO.DL^
C:\PROGRA~1\NORTON~2\S32INTEG.DLL=C:\PROGRA~1\NORTON~2\S32INTEG.DL^
C:\PROGRA~1\NORTON~2\S32NAVO.DLL=C:\PROGRA~1\NORTON~2\S32NAVO.DL^
C:\PROGRA~1\NORTON~2\SAVRT.VXD=C:\PROGRA~1\NORTON~2\SAVRT.VX^
C:\PROGRA~1\NORTON~2\SAVRT32.DLL=C:\PROGRA~1\NORTON~2\SAVRT32.DL^
C:\PROGRA~1\NORTON~2\SAVRTPEL.VXD=C:\PROGRA~1\NORTON~2\SAVRTPEL.VX^
C:\PROGRA~1\NORTON~2\SCANDLVR.DLL=C:\PROGRA~1\NORTON~2\SCANDLVR.DL^
C:\PROGRA~1\NORTON~2\SCANDRES.DLL=C:\PROGRA~1\NORTON~2\SCANDRES.DL^
C:\PROGRA~1\NORTON~2\SCANMGR.DLL=C:\PROGRA~1\NORTON~2\SCANMGR.DL^
C:\PROGRA~1\NORTON~2\SCRIPTUI.DLL=C:\PROGRA~1\NORTON~2\SCRIPTUI.DL^
C:\PROGRA~1\NORTON~2\SDFLT32I.DLL=C:\PROGRA~1\NORTON~2\SDFLT32I.DL^
C:\PROGRA~1\NORTON~2\SDPCK32I.DLL=C:\PROGRA~1\NORTON~2\SDPCK32I.DL^
C:\PROGRA~1\NORTON~2\SDSND32I.DLL=C:\PROGRA~1\NORTON~2\SDSND32I.DL^
C:\PROGRA~1\NORTON~2\SDSOK32I.DLL=C:\PROGRA~1\NORTON~2\SDSOK32I.DL^
C:\PROGRA~1\NORTON~2\SDSTP32I.DLL=C:\PROGRA~1\NORTON~2\SDSTP32I.DL^
C:\PROGRA~1\NORTON~2\SFSTR32I.DLL=C:\PROGRA~1\NORTON~2\SFSTR32I.DL^
C:\PROGRA~1\NORTON~2\SMSTR32I.DLL=C:\PROGRA~1\NORTON~2\SMSTR32I.DL^
C:\PROGRA~1\NORTON~2\SYMNAVO.DLL=C:\PROGRA~1\NORTON~2\SYMNAVO.DL^
C:\PROGRA~1\NORTON~2\TKNV16O.DLL=C:\PROGRA~1\NORTON~2\TKNV16O.DL^
C:\PROGRA~1\NORTON~2\TKNV32O.DLL=C:\PROGRA~1\NORTON~2\TKNV32O.DL^
C:\PROGRA~1\NORTON~2\UNDOBOOT.EXE=C:\PROGRA~1\NORTON~2\UNDOBOOT.EX^
C:\PROGRA~1\NORTON~2\V32SCAN.DLL=C:\PROGRA~1\NORTON~2\V32SCAN.DL^
C:\WINDOWS\SYSTEM\SAVRTGUI.DLL=C:\WINDOWS\SYSTEM\SAVRTGUI.DL^
C:\PROGRA~1\NORTON~2\APWCMD9X.DLL=C:\PROGRA~1\NORTON~2\APWCMD9X.000
C:\PROGRA~1\NORTON~2\NAVAPW32.DLL=C:\PROGRA~1\NORTON~2\NAVAPW32.000
C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPP.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPP.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLUI.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLUI.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCERRDSP.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCERRDSP.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVT.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVT.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVTMGR.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVTMGR.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCLGVIEW.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCLGVIEW.EX^
C:\WINDOWS\SYSTEM\CCPASSWD.DLL=C:\WINDOWS\SYSTEM\CCPASSWD.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPWDSVC.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCPWDSVC.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGMON.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGMON.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGVFY.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCREGVFY.EX^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCSHTDWN.EXE=C:\PROGRA~1\COMMON~1\SYMANT~1\CCSHTDWN.EX^
C:\WINDOWS\SYSTEM\CCTRUST.DLL=C:\WINDOWS\SYSTEM\CCTRUST.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCWEBWND.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCWEBWND.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\SRNEW.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\SRNEW.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\SROLD.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\SROLD.DL^
C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPPHLP.DLL=C:\PROGRA~1\COMMON~1\SYMANT~1\CCAPPHLP.000
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
@ECHO OFF
rem
rem
rem
--------------------------------------------------
C:\CONFIG.SYS listing:
rem
rem
rem
--------------------------------------------------
C:\WINDOWS\DOSSTART.BAT listing:
@echo off
set path=c:\windows\command
mscdex.exe /d:IDECD000 /L:M
SET PROMPT=$p$g
SET TEMP=C:\windows\TEMP
SET TMP=C:\windows\TEMP
set DosOnly=1
call c:\dosboot\mousie.bat
c:\windows\smartdrv /q
c:
cd \windows
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - (no file) - {004A5840-FF59-11d2-B50D-0090271D3FD4}
(no name) - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Tune-up Application Start.job
Maintenance-Defragment programs.job
Maintenance-Clean up Start menu.job
Maintenance-ScanDisk.job
Maintenance-Disk cleanup.job
Run Norton System Check.job
Symantec NetDetect.job
Windows Critical Update Notification.job
--------------------------------------------------
Enumerating Download Program Files:
[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE =
http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[PWMediaSendControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PWACTIVEXIMGCTL.DLL
CODEBASE =
http://216.249.24.141/code/PWActiveXImgCtl.CAB
[{41F17733-B041-4099-A042-B518BB6A408C}]
CODEBASE =
http://a1540.g.akamai.net/7/1540/52...le.com/samantha/us/win/QuickTimeInstaller.exe
[BJA Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BJA.OCX
CODEBASE =
http://mirror.worldwinner.com/games/v42/bjattack/bjattack.cab
[DepHlp Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\DEPHLP.OCX
CODEBASE =
http://www.worldwinner.com/games/shared/dephlp.cab
[Sol Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\SOL.OCX
CODEBASE =
http://mirror.worldwinner.com/games/v40/sol/sol.cab
[Word Cubes Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\WORDCUBE.OCX
CODEBASE =
http://mirror.worldwinner.com/games/v40/wordcube/wordcube.cab
[Trivia Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\TRIVIA.OCX
CODEBASE =
http://mirror.worldwinner.com//games/v41/trivia/trivia.cab
[FreeCell Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\FREECELL.OCX
CODEBASE =
http://mirror.worldwinner.com/games/v40/freecell/freecell.cab
[NetOnCourse Compatibility Test Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\MILIVE~1.OCX
CODEBASE =
http://212.199.43.24/events/bin/comptest/milivecomptest.ocx
[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\RUFSI.DLL
CODEBASE =
http://security1.norton.com/SSC/SharedContent/common/bin/cabsa.cab
[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AVSNIFF.DLL
CODEBASE =
http://security1.norton.com/SSC/SharedContent/vc/bin/AvSniff.cab
[NetOnCourse MILive Participant Control(MR)]
InProcServer32 = C:\WINDOWS\DOWNLO~1\MRLIVE~1.OCX
CODEBASE =
http://62.219.1.103/events/bin/media/2.2.2.0-2.0.2.3/MILive.cab
[Pulse V5 ActiveX Control]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\AXPULSE5.DLL
CODEBASE =
http://www.pulse3d.com/players/english/5.2/win/PulsePlayer5.2AxWin.cab
[Update Class]
InProcServer32 = C:\WINDOWS\SYSTEM\IUCTL.DLL
CODEBASE =
http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37620.6693981482
[TDServer Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\TDSERVER.OCX
CODEBASE =
http://www.truedoc.com/activex/tdserver.cab
[{8522F9B3-38C5-4AA4-AE40-7401F1BBC851}]
CODEBASE =
http://216.65.38.226/Download_Plugin.exe
[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE =
http://a840.g.akamai.net/7/840/537/2002121801/housecall.antivirus.com/housecall/xscan53.cab
--------------------------------------------------
End of report, 21,855 bytes
Report generated in 1.542 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
i will try to log on to symantec now... hopefully it works.