Messages

1

Tech Clinic / All kinds of problems :(

« on: March 05, 2006, 04:24:35 AM »

Computer is running much better now. Thank you so much!

I use both adaware and spybot, will start use ewido as well as it caught some the others did not.

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         3:22:00 AM, 3/5/2006
 + Report-Checksum:      6421A360

 + Scan result:

   C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\Cache\3D103E1Ed01 -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.26:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
   :mozilla.28:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
   :mozilla.30:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.34:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
   :mozilla.40:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.41:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.42:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.55:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.64:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.65:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.66:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.79:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.81:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.83:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.84:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.85:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.86:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.87:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.88:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
   :mozilla.89:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.90:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.91:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.92:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.93:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.94:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.95:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.97:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.98:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.99:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.100:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.101:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.102:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.103:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.104:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.105:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.113:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.114:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.120:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.121:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.122:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.123:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.139:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.140:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.141:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.142:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.143:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
   :mozilla.145:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.146:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.147:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.148:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.149:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.150:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.151:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.169:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.170:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.171:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.176:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.177:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.178:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.179:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.180:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.181:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.182:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.185:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.198:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.199:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.201:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
   :mozilla.206:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.218:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.219:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.220:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   :mozilla.221:C:\Documents and Settings\Matt Carter\Application Data\Mozilla\Firefox\Profiles\xdcfpvm3.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned with backup
   C:\WINDOWS\SYSTEM32\pmkjj.dll -> Adware.Virtumonde : Cleaned with backup


::Report End


HIJACK THIS

Logfile of HijackThis v1.99.1
Scan saved at 3:23:36 AM, on 3/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\Matt Carter\Desktop\Anti-Spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://bcs.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://bcs.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://bcs.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_1us.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://f2.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

2

Tech Clinic / All kinds of problems :(

« on: March 05, 2006, 12:42:05 AM »

VundoFix.txt:

VundoFix V4.2.28
Scan started at 11:37:02 PM 3/4/2006

Listing files found while scanning....

C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.bak1

C:\WINDOWS\SYSTEM32\bccdd.bak1
C:\WINDOWS\SYSTEM32\bccdd.ini
C:\WINDOWS\SYSTEM32\ddccb.dll
 Attempting to delete C:\WINDOWS\system32\ddccb.dll
C:\WINDOWS\system32\ddccb.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bccdd.ini
C:\WINDOWS\system32\bccdd.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\bccdd.bak1
C:\WINDOWS\system32\bccdd.bak1 Has been deleted!

Performing Repairs to the registry.
Done!


New HiJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:40:57 PM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Matt Carter\Desktop\Anti-Spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! MLB StatTracker - http://aud3.sports.yahoo.com/java/y/mlbst8296_x.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://bcs.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/315695f521de34de3705/...ip/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://bcs.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://bcs.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_1us.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://f2.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

3

Tech Clinic / All kinds of problems :(

« on: March 05, 2006, 12:17:30 AM »

Well my fiance has recently joined myspace.com and I think she has been downloading crap because my computer has been having major problems with pop-ups and browser hijackers lately. Particularly winfixer and one from amaena.com.

Here is my hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 11:14:39 PM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\McAfee\QuickClean\Plguni.exe
C:\Program Files\DIGStream\digstream.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
C:\WINDOWS\kdx\KHost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Matt Carter\Desktop\Anti-Spyware\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WTLHelper Object - {75DC57F8-D831-4AB8-86B7-4F826F4A0873} - C:\WINDOWS\system32\ddccb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_2_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\Plguni.exe" /START
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~2\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [kdx] C:\WINDOWS\kdx\KHost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe \RESET
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! MLB StatTracker - http://aud3.sports.yahoo.com/java/y/mlbst8296_x.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://bcs.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-12.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/315695f521de34de3705/...ip/RdxIE601.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.y...ctl_0_0_0_1.ocx
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://bcs.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://bcs.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_1us.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://f2.pg.photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O20 - Winlogon Notify: ddccb - C:\WINDOWS\system32\ddccb.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE


I can have downloaded VundoFix if I need to run that as well...

Any help is greatly appreciated