Thanks Don.
Heres the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 7:22:00 PM, on 8/17/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\POPROXY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\FLZDGGC.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPCLIENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMON32.EXE
C:\WINDOWS\SYSTEM\GSMEDIA3.EXE
C:\PROGRAM FILES\SBC SELF SUPPORT TOOL\SMARTBRIDGE\MOTIVESB.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\COMMON FILES\MUWF\MUWFM.EXE
C:\WINDOWS\SYSTEM\MQEP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.marriott.att.netR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AT&T WorldNet Service
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F1 - win.ini: run=hpfsched
N1 - Netscape 4: user_pref("browser.startup.homepage", ""); (C:\Program Files\Netscape\Users\mzheng\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} - C:\WINDOWS\CFGMGR52.DLL
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Norton eMail Protect] C:\Program Files\Norton AntiVirus\POPROXY.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~2\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [flzdggc] C:\WINDOWS\SYSTEM\flzdggc.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\PROGRAM FILES\VISUAL NETWORKS\VISUAL IP INSIGHT\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [ajaxbb] C:\WINDOWS\SYSTEM\yzmtkd.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [PSoft1] C:\WINDOWS\SYSTEM\psoft1.exe
O4 - HKLM\..\Run: [cfgmgr51] RunDLL32.EXE C:\WINDOWS\CFGMGR51.DLL,DllRun
O4 - HKLM\..\Run: [RSync] C:\WINDOWS\SYSTEM\netsync.exe
O4 - HKLM\..\Run: [zigmqcjzwq] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [qdmjmos] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\SYSTEM\exp.exe
O4 - HKLM\..\Run: [cvwfqyw] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [PS1] C:\WINDOWS\SYSTEM\ps1.exe
O4 - HKLM\..\Run: [rgvwpoevva] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [TTFMTR] C:\WINDOWS\SYSTEM\TTFMTR.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\CFGMGR52.DLL,DllRun
O4 - HKLM\..\Run: [dpgpnzzxhxro] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [ALCHEM] C:\WINDOWS\ALCHEM.exe
O4 - HKLM\..\Run: [qcnnquaybrjmm] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [idmfrekxkg] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [xnjajuidt] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [nxpgyiho] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [OLUBLXB] C:\WINDOWS\SYSTEM\OLUBLXB.EXE
O4 - HKLM\..\Run: [tdnaivcdsvll] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [mupjjljmej] C:\WINDOWS\SYSTEM\YZMTKD.EXE
O4 - HKLM\..\Run: [RUNGogoTools] C:\Program Files\GogoTools\Gogoware\LaunchAdware.exe
O4 - HKLM\..\Run: [ekmqam] C:\WINDOWS\SYSTEM\ekmqam.exe
O4 - HKLM\..\Run: [mqep] C:\WINDOWS\SYSTEM\mqep.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [G3] C:\WINDOWS\SYSTEM\GSMEDIA3.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKCU\..\Run: [MUWF] C:\PROGRAM FILES\COMMON FILES\MUWF\MUWFM.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: SoftStuff Wallpaper Changer.lnk = C:\Softstuf\softstrt.exe
O4 - Startup: America Online 5.0 Tray Icon.lnk = C:\America Online 5.0\aoltray.exe
O4 - Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Startup: DLHelperEXE.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\GameClient.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\PROGRAM FILES\STARLUCK CASINO\BIN\IEEXTENSION_SL.DLL
O9 - Extra 'Tools' menuitem: StarLuck.com - {2B6AA6C9-1646-46e7-8D23-D54274F2F2F2} - C:\PROGRAM FILES\STARLUCK CASINO\BIN\IEEXTENSION_SL.DLL
O12 - Plugin for .swf: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npswf32.dll
O13 - WWW. Prefix: http://
O14 - IERESET.INF: START_PAGE_URL=http://www.marriott.att.net
O15 - Trusted Zone:
http://www.neededware.comO16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} -
http://207.188.7.150...etzip/RdxIE.cabO16 - DPF: {9BB641DB-045B-42B4-BAE2-CBAAD66B0CC4} (Spotlife Composer) -
http://yahoo.spotlif...23/SLCmpser.cabO16 - DPF: {7CF052DE-C74F-421B-B04A-3B3037EF5887} (CCMPGui Class) -
http://64.124.45.181.../proxy/CCMP.cabO16 - DPF: {4226E9B7-D637-40E8-893A-13298AB41477} -
http://www.callwave....DL_DownLoad.CABO16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
http://us.dl1.yimg.c...bio5_3_16_0.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://webexevents....ent/ieatgpc.cabO16 - DPF: {BF116476-3238-4EDA-A2D7-6D6814EF0DEC} (Quicksilver Class) -
http://scpwbb.ops.pl...quicksilver.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {AED98630-0251-4E83-917D-43A23D66D507} (WebHandler Class) -
http://activex.micro...n7/dlhelper.cabO16 - DPF: NDWCab -
http://www.neededware.com/ndw4.cabO17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = uchicago.edu
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 128.135.4.2,128.135.12.73,128.135.72.200