[metaxy6]

Hi and thanks for the awesome resource!
I've run the anti spyware, and it seems to have got an awful lot.
I have downloaded Hijack This, but to save time and trouble, 2 questions before I scan:

1.) What is this about moving it to a different location?
2.) Only about 2/3 of items are checked in my msconfig startup. Should I enable all items before scanning?

[Advertisements]

Hi and welcome metaxy6
To answer your first question, Make sure HJT is sitting in a dedicated folder, Not in a temp, If you created a dedicated folder to unzip HJT into you should be all set

secondly yes enable everything please

Thirly post a HJT log please

[don77]

Hi and welcome metaxy6
To answer your first question, Make sure HJT is sitting in a dedicated folder, Not in a temp, If you created a dedicated folder to unzip HJT into you should be all set

secondly yes enable everything please

Thirly post a HJT log please

[metaxy6]

Thanks Don.

Heres the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:22:00 PM, on 8/17/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\FLZDGGC.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMON32.EXE
C:\WINDOWS\SYSTEM\GSMEDIA3.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\COMMON FILES\MUWF\MUWFM.EXE
C:\WINDOWS\SYSTEM\MQEP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.marriott.att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F1 - win.ini: run=hpfsched
N1 - Netscape 4: user_pref("browser.startup.homepage", ""); (C:\Program Files\Netscape\Users\mzheng\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR52.DLL
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [flzdggc] C:\WINDOWS\SYSTEM\flzdggc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [ajaxbb] C:\WINDOWS\SYSTEM\yzmtkd.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\SYSTEM\psoft1.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\CFGMGR51.DLL,DllRun
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\SYSTEM\netsync.exe
O4 - HKLM\..\Run: [zigmqcjzwq] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [qdmjmos] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [cvwfqyw] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\SYSTEM\ps1.exe
O4 - HKLM\..\Run: [rgvwpoevva] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [TTFMTR] C:\WINDOWS\SYSTEM\TTFMTR.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [dpgpnzzxhxro] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [qcnnquaybrjmm] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [idmfrekxkg] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [xnjajuidt] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [nxpgyiho] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [OLUBLXB] C:\WINDOWS\SYSTEM\OLUBLXB.EXE
O4 - HKLM\..\Run: [tdnaivcdsvll] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [mupjjljmej] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [RUNGogoTools] C:\Program Files\GogoTools\Gogoware\LaunchAdware.exe
O4 - HKLM\..\Run: [ekmqam] C:\WINDOWS\SYSTEM\ekmqam.exe
O4 - HKLM\..\Run: [mqep] C:\WINDOWS\SYSTEM\mqep.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [G3] C:\WINDOWS\SYSTEM\GSMEDIA3.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [MUWF] C:\PROGRAM FILES\COMMON FILES\MUWF\MUWFM.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: SoftStuff Wallpaper Changer.lnk = C:\Softstuf\softstrt.exe
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe
O4 - Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Startup: DLHelperEXE.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\PROGRAM FILES\STARLUCK CASINO\BIN\IEEXTENSION_SL.DLL
O9 - Extra 'Tools' menuitem: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\PROGRAM FILES\STARLUCK CASINO\BIN\IEEXTENSION_SL.DLL
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://www.marriott.att.net
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150...etzip/RdxIE.cab
O16 - DPF: {9BB641DB-045B-42B4-BAE2-CBAAD66B0CC4} (Spotlife Composer) - http://yahoo.spotlif...23/SLCmpser.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181.../proxy/CCMP.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...bio5_3_16_0.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://webexevents....ent/ieatgpc.cab
O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwbb.ops.pl...quicksilver.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = uchicago.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 128.135.4.2,128.135.12.73,128.135.72.200

[don77]

Thats quite a mess you have there,,
Lets get it cleaned up,

First

Download the DelDomains zip file and unzip it to your desktop.

DelDomains

Right-click on the deldomains.inf file and select 'Install'

Next
Make sure you can view all Hidden Files/Folders


Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR52.DLL
O4 - HKLM\..\Run: [flzdggc] C:\WINDOWS\SYSTEM\flzdggc.exe
O4 - HKLM\..\Run: [ajaxbb] C:\WINDOWS\SYSTEM\yzmtkd.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\SYSTEM\psoft1.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\CFGMGR51.DLL,DllRun
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\SYSTEM\netsync.exe
O4 - HKLM\..\Run: [zigmqcjzwq] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [qdmjmos] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [cvwfqyw] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\SYSTEM\ps1.exe
O4 - HKLM\..\Run: [rgvwpoevva] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [TTFMTR] C:\WINDOWS\SYSTEM\TTFMTR.EXE
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [dpgpnzzxhxro] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [qcnnquaybrjmm] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [idmfrekxkg] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [xnjajuidt] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [nxpgyiho] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [OLUBLXB] C:\WINDOWS\SYSTEM\OLUBLXB.EXE
O4 - HKLM\..\Run: [tdnaivcdsvll] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [mupjjljmej] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [RUNGogoTools] C:\Program Files\GogoTools\Gogoware\LaunchAdware.exe
O4 - HKLM\..\Run: [ekmqam] C:\WINDOWS\SYSTEM\ekmqam.exe
O4 - HKLM\..\Run: [mqep] C:\WINDOWS\SYSTEM\mqep.exe
O4 - HKLM\..\Run: [G3] C:\WINDOWS\SYSTEM\GSMEDIA3.exe
O4 - HKCU\..\Run: [MUWF] C:\PROGRAM FILES\COMMON FILES\MUWF\MUWFM.EXE
O4 - Startup: DLHelperEXE.exe
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\PROGRAM FILES\STARLUCK CASINO\BIN\IEEXTENSION_SL.DLL
O9 - Extra 'Tools' menuitem: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\PROGRAM FILES\STARLUCK CASINO\BIN\IEEXTENSION_SL.DLL
O13 - WWW. Prefix: http://
O15 - Trusted Zone: <http://www.neededware.com>
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - <http://207.188.7.150...tzip/RdxIE.cab>
O16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) - http://activex.micro...n7/dlhelper.cab <http://activex.micro...7/dlhelper.cab>
O16 - DPF: NDWCab - <http://www.neededware.com/ndw4.cab>


Next Reboot into SAFE MODE
Search for and delete the Folders/Files highlighted in BOLD

C:\WINDOWS\SYSTEM\flzdggc.exe
C:\WINDOWS\SYSTEM\yzmtkd.exe
C:\WINDOWS\SYSTEM\wintask.exe
C:\WINDOWS\SYSTEM\psoft1.exe
C:\WINDOWS\SYSTEM\netsync.exe
C:\WINDOWS\SYSTEM\exp.exe
C:\WINDOWS\SYSTEM\ps1.exe
C:\WINDOWS\SYSTEM\TTFMTR.EXE
C:\WINDOWS\ALCHEM.exe
C:\WINDOWS\SYSTEM\YZMTKD.EXE
C:\WINDOWS\SYSTEM\OLUBLXB.EXE
C:\Program Files\GogoTools\Gogoware\LaunchAdware.exe<--Delete Folder
C:\WINDOWS\SYSTEM\ekmqam.exe
C:\WINDOWS\SYSTEM\mqep.exe
C:\WINDOWS\SYSTEM\GSMEDIA3.exe
C:\PROGRAM FILES\COMMON FILES\MUWF\MUWFM.EXE <--Delete Folder
C:\Program Files\EmpirePoker\EmpirePoker.exe <--Delete Folder
C:\Program Files\Bodog Poker\GameClient.exe <--Delete Folder
C:\Program Files\PartyPoker\PartyPoker.exe <--Delete Folder
C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
C:\PROGRAM FILES\STARLUCK CASINO\BIN\IEEXTENSION_SL.DLL <--Delete Folder

Restart your computer,

Next
Please run this online virus scan:
ActiveScan

Copy and post back the results of the Active scan along with a fresh HJT log please

[metaxy6]

Don -

I found and deleted some, but not all, of the files you listed when in Safe Mode.
Those that couldn't be found? Were they fixed by HJT?

I was not able to peform the Active Scan (unable to download - this may have something to do with enabling Active X controls? I can't figure out how to do this in Internet Options {the reason I am unable to do Microsoft update as well}).
Can you adivise?

Here is the new HJT log (you'll see that there I was unable to find and check to be fixed, including: O15 - Trusted Zone: http://www.neededware.com):

Logfile of HijackThis v1.99.1
Scan saved at 10:13:35 PM, on 8/17/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPCLIENT.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMON32.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.marriott.att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F1 - win.ini: run=hpfsched
N1 - Netscape 4: user_pref("browser.startup.homepage", ""); (C:\Program Files\Netscape\Users\mzheng\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [FLZDGGC] C:\WINDOWS\SYSTEM\FLZDGGC.EXE
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: SoftStuff Wallpaper Changer.lnk = C:\Softstuf\softstrt.exe
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe
O4 - Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.marriott.att.net
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {9BB641DB-045B-42B4-BAE2-CBAAD66B0CC4} (Spotlife Composer) - http://yahoo.spotlif...23/SLCmpser.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181.../proxy/CCMP.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...bio5_3_16_0.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://webexevents....ent/ieatgpc.cab
O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwbb.ops.pl...quicksilver.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = uchicago.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 128.135.4.2,128.135.12.73,128.135.72.200

[metaxy6]

Even after enabling Active X controls, still unable to download/run Active Scan.

Was able to locate and fix the 2 things in HJT that I couldn't locate before.

So, here's the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:49:53 PM, on 8/17/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMON32.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.marriott.att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F1 - win.ini: run=hpfsched
N1 - Netscape 4: user_pref("browser.startup.homepage", ""); (C:\Program Files\Netscape\Users\mzheng\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [FLZDGGC] C:\WINDOWS\SYSTEM\FLZDGGC.EXE
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: SoftStuff Wallpaper Changer.lnk = C:\Softstuf\softstrt.exe
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe
O4 - Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.marriott.att.net
O16 - DPF: {9BB641DB-045B-42B4-BAE2-CBAAD66B0CC4} (Spotlife Composer) - http://yahoo.spotlif...23/SLCmpser.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181.../proxy/CCMP.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...bio5_3_16_0.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://webexevents....ent/ieatgpc.cab
O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwbb.ops.pl...quicksilver.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = uchicago.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 128.135.4.2,128.135.12.73,128.135.72.200

[don77]

Looks a whole lot better !

Please go to the TrendMicro website HERE

• Click Check my PC now
• On the next page it will verify that Trendmicro scan can be run.
• There should be 4 green checkmarks, if any of them stay a red X please let me know which one(s)
• Read the agreement, the click continue with Next Step
• Wait for the scanner to load, if you get a security warning about the Trend-Micro applet, click YES
• It will install "Core-Packages", then please run the scan - let me know how many infected items it found and if any of them couldn't be cleaned and the name/location

[metaxy6]

Minor complication:

When running the Trend Micro House Call, Norton popped up on one of the infections it located (bloodhound.w.32.EP) and froze the system.

Should I disable the background Norton?

I wouldn't mind entirely removing Norton, as my subscription lapsed long ago. That is what Trend Micro support suggested when I had troubles downloading Avast. They wrote:

<<You should download our setup file and download Norton removal tool from Symantec website. Uninstall Norton, run their removal tool and after that install
avast!.>>

For now, will ctrl+alt+del work to disable Nroton in the background so I can run the House Call? (There were about 9 other infections).

[don77]

Yes disable it for now and run the scan with TrendMicro.

You should remove Nortons through Add/Remove programs if you can, Don't do it now though hold off on and we will get it later,

[metaxy6]

k. done.

[don77]

Could you post back a fresh HJT log please,

Scan ran good and removed what it found ?

[metaxy6]

no. sorry. same thing happened even after disabling navpw32 from list of running processes. it happens after over an hour of house call's scan, so it is time consuming.

i guess i'll try again.

at this pont i'd be more than happy to just get the useless norton off my system.

[metaxy6]

3rd scan, same thing. Norton just won't let the scan continue.

[don77]

Could you post back a fresh HJT log please

[metaxy6]

Fresh HJT log:


Logfile of HijackThis v1.99.1
Scan saved at 6:32:21 AM, on 8/19/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPCLIENT.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMON32.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\SMARTBRIDGE\MOTIVESB.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.marriott.att.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F1 - win.ini: run=hpfsched
N1 - Netscape 4: user_pref("browser.startup.homepage", ""); (C:\Program Files\Netscape\Users\mzheng\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [FLZDGGC] C:\WINDOWS\SYSTEM\FLZDGGC.EXE
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: SoftStuff Wallpaper Changer.lnk = C:\Softstuf\softstrt.exe
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe
O4 - Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.marriott.att.net
O16 - DPF: {9BB641DB-045B-42B4-BAE2-CBAAD66B0CC4} (Spotlife Composer) - http://yahoo.spotlif...23/SLCmpser.cab
O16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) - http://64.124.45.181.../proxy/CCMP.cab
O16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} - http://www.callwave....DL_DownLoad.CAB
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.c...bio5_3_16_0.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://webexevents....ent/ieatgpc.cab
O16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) - http://scpwbb.ops.pl...quicksilver.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = uchicago.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 128.135.4.2,128.135.12.73,128.135.72.200