I get a pop-up window when I boot. It also creates a directory called ecommerce with a couple files in it. In addition, it creates an icon on my desktop. When I delete these things, and re-boot, the directory, icons, files, and pop-up re-appear. I use AOL with dial up access so I know I'm not online when this happens. I have run startuplist and included it here for analysis:
StartupList report, 1/9/03, 8:36:48 PM
StartupList version: 1.50
Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.51 SP2 (5.51.4807.2300)
* Using default options
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\IRE\CISCO SECURE VPN CLIENT\IPSECMON.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\S3TRAY.EXE
C:\WINDOWS\SYSTEM\TOSHIBSU.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\WINDOWS\SYSTEM\PWRTRAY.EXE
C:\WINDOWS\SYSTEM\PSPCCARD.EXE
C:\WINDOWS\SYSTEM\TESCKEY.EXE
C:\WINDOWS\SYSTEM\TFUNCKEY.EXE
C:\TOSHIBA\IVP\ISM\PINGER.EXE
C:\PROGRAM FILES\TIOGA\CLIENT\BIN\TGCMD.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\DSLAUNCH.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\STARTUPLIST.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
aol.lnk = C:\Program Files\America Online 8.0\aol.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
S3TRAY = S3tray.exe
TOSHIBSU = TOSHIBSU.EXE
THotkey = THotkey.exe
TDspOff = TDspOff.Exe B
PowerTray = PwrTray.EXE
PsPCCard = PsPCCard.EXE
TEscKey = TEscKey.exe
TFunckey = TFuncKey.exe
EM_EXEC = c:\mouse\system\em_exec.exe
Pinger = C:\TOSHIBA\IVP\ISM\pinger.exe
TgAddServer = "C:\Program Files\tioga\Client\bin\tgfix.exe" /fds "http://vtsupport.answerteam.com/global"
Tgcmd = "C:\Program Files\tioga\Client\bin\tgcmd.exe" /nosystray
tgsetsite = "C:\Program Files\tioga\Client\bin\tgfix.exe" /i /f "C:\Program Files\tioga\client\bin\toshibasup.dna"
IrMon = IrMon.exe
YAMAHA DS-XG Launcher = c:\windows\dslaunch.exe
mdac_runonce = C:\WINDOWS\SYSTEM\runonce.exe
Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
NPROTECT = C:\Program Files\Norton Utilities\NPROTECT.EXE
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
SystemTasks = C:\sexicamz.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
Encompass_ENCMONTR = C:\Program Files\Easy Internet\ENCMONTR.EXE
HDDPwd =
IREIKE = C:\Program Files\IRE\Cisco Secure VPN Client\IreIKE.exe start
IPSecMon = C:\Program Files\IRE\Cisco Secure VPN Client\IPSecMon.exe start
NPROTECT = C:\Program Files\Norton Utilities\NPROTECT.EXE
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\IE4UINIT.EXE
[>PerUser_MSN_Clean] *
StubPath = c:\windows\msnmgsr1.exe
[PerUser_LinkBar_URLs] *
StubPath = c:\windows\COMMAND\sulfnbk.exe /L
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=
run=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\SCIENCE.SCR
drivers=mmsystem.dll power.drv
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 5/1/2003, 12:20:44)
[rename]
nul=c:\windows\TEMP\~f1d055.tmp
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
@C:\PROGRA~1\NORTON~1\NAVDX.EXE /Startup
PATH=C:\DOS
IF EXIST TOSCD001 LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:TOSCD001
--------------------------------------------------
C:\CONFIG.SYS listing:
DEVICE=C:\WINDOWS\HIMEM.SYS
DEVICE=C:\WINDOWS\EMM386.EXE X=C000-CFFF
LASTDRIVE=Z
DEVICE=c:\windows\Panning.SYS
--------------------------------------------------
C:\WINDOWS\DOSSTART.BAT listing:
@echo off
REM
REM
IF EXIST TOSCD001 C:\WINDOWS\COMMAND\MSCDEX.EXE /D:TOSCD001
c:\mouse\mouse.exe
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - (no file) - {004A5840-FF59-11d2-B50D-0090271D3FD4}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Tune-up Application Start.job
Scan For Viruses.job
--------------------------------------------------
Enumerating Download Program Files:
[{51045741-8C4E-4EAC-8F03-08E43A6FBB29}]
CODEBASE = http://aft.ancestry.com/aftfiles/files/install/AncestryFamilyTree.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://www.pandasoftware.com/activescan/as/asinst.cab
--------------------------------------------------
End of report, 7,818 bytes
Report generated in 0.848 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
StartupList report, 1/9/03, 8:36:48 PM
StartupList version: 1.50
Started from : C:\WINDOWS\TEMP\STARTUPLIST.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v5.51 SP2 (5.51.4807.2300)
* Using default options
==================================================
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\IRE\CISCO SECURE VPN CLIENT\IPSECMON.EXE
C:\PROGRAM FILES\NORTON UTILITIES\NPROTECT.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\S3TRAY.EXE
C:\WINDOWS\SYSTEM\TOSHIBSU.EXE
C:\WINDOWS\SYSTEM\THOTKEY.EXE
C:\WINDOWS\SYSTEM\PWRTRAY.EXE
C:\WINDOWS\SYSTEM\PSPCCARD.EXE
C:\WINDOWS\SYSTEM\TESCKEY.EXE
C:\WINDOWS\SYSTEM\TFUNCKEY.EXE
C:\TOSHIBA\IVP\ISM\PINGER.EXE
C:\PROGRAM FILES\TIOGA\CLIENT\BIN\TGCMD.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\DSLAUNCH.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\NORTON UTILITIES\SYSDOC32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\AOL.EXE
C:\PROGRAM FILES\AMERICA ONLINE 8.0\WAOL.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\STARTUPLIST.EXE
--------------------------------------------------
Listing of startup folders:
Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
Norton System Doctor.lnk = C:\Program Files\Norton Utilities\SYSDOC32.EXE
aol.lnk = C:\Program Files\America Online 8.0\aol.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ScanRegistry = c:\windows\scanregw.exe /autorun
TaskMonitor = c:\windows\taskmon.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
S3TRAY = S3tray.exe
TOSHIBSU = TOSHIBSU.EXE
THotkey = THotkey.exe
TDspOff = TDspOff.Exe B
PowerTray = PwrTray.EXE
PsPCCard = PsPCCard.EXE
TEscKey = TEscKey.exe
TFunckey = TFuncKey.exe
EM_EXEC = c:\mouse\system\em_exec.exe
Pinger = C:\TOSHIBA\IVP\ISM\pinger.exe
TgAddServer = "C:\Program Files\tioga\Client\bin\tgfix.exe" /fds "http://vtsupport.answerteam.com/global"
Tgcmd = "C:\Program Files\tioga\Client\bin\tgcmd.exe" /nosystray
tgsetsite = "C:\Program Files\tioga\Client\bin\tgfix.exe" /i /f "C:\Program Files\tioga\client\bin\toshibasup.dna"
IrMon = IrMon.exe
YAMAHA DS-XG Launcher = c:\windows\dslaunch.exe
mdac_runonce = C:\WINDOWS\SYSTEM\runonce.exe
Norton Auto-Protect = C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
NPROTECT = C:\Program Files\Norton Utilities\NPROTECT.EXE
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
SystemTasks = C:\sexicamz.exe
--------------------------------------------------
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent = mstask.exe
Encompass_ENCMONTR = C:\Program Files\Easy Internet\ENCMONTR.EXE
HDDPwd =
IREIKE = C:\Program Files\IRE\Cisco Secure VPN Client\IreIKE.exe start
IPSecMon = C:\Program Files\IRE\Cisco Secure VPN Client\IPSecMon.exe start
NPROTECT = C:\Program Files\Norton Utilities\NPROTECT.EXE
--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Taskbar Display Controls = RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
--------------------------------------------------
Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)
[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\SYSTEM\IE4UINIT.EXE
[>PerUser_MSN_Clean] *
StubPath = c:\windows\msnmgsr1.exe
[PerUser_LinkBar_URLs] *
StubPath = c:\windows\COMMAND\sulfnbk.exe /L
[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
[>IEPerUser] *
StubPath = RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP
--------------------------------------------------
Load/Run keys from C:\WINDOWS\WIN.INI:
load=
run=
--------------------------------------------------
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\SCIENCE.SCR
drivers=mmsystem.dll power.drv
--------------------------------------------------
Checking for EXPLORER.EXE instances:
C:\WINDOWS\Explorer.exe: PRESENT!
C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
--------------------------------------------------
C:\WINDOWS\WININIT.BAK listing:
(Created 5/1/2003, 12:20:44)
[rename]
nul=c:\windows\TEMP\~f1d055.tmp
--------------------------------------------------
C:\AUTOEXEC.BAT listing:
@C:\PROGRA~1\NORTON~1\NAVDX.EXE /Startup
PATH=C:\DOS
IF EXIST TOSCD001 LH C:\WINDOWS\COMMAND\MSCDEX.EXE /D:TOSCD001
--------------------------------------------------
C:\CONFIG.SYS listing:
DEVICE=C:\WINDOWS\HIMEM.SYS
DEVICE=C:\WINDOWS\EMM386.EXE X=C000-CFFF
LASTDRIVE=Z
DEVICE=c:\windows\Panning.SYS
--------------------------------------------------
C:\WINDOWS\DOSSTART.BAT listing:
@echo off
REM
REM
IF EXIST TOSCD001 C:\WINDOWS\COMMAND\MSCDEX.EXE /D:TOSCD001
c:\mouse\mouse.exe
--------------------------------------------------
Checking for superhidden extensions:
.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden
--------------------------------------------------
Enumerating Browser Helper Objects:
(no name) - (no file) - {004A5840-FF59-11d2-B50D-0090271D3FD4}
--------------------------------------------------
Enumerating Task Scheduler jobs:
Tune-up Application Start.job
Scan For Viruses.job
--------------------------------------------------
Enumerating Download Program Files:
[{51045741-8C4E-4EAC-8F03-08E43A6FBB29}]
CODEBASE = http://aft.ancestry.com/aftfiles/files/install/AncestryFamilyTree.cab
[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\ASINST.DLL
CODEBASE = http://www.pandasoftware.com/activescan/as/asinst.cab
--------------------------------------------------
End of report, 7,818 bytes
Report generated in 0.848 seconds
Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only