Tech Support Forum - View Single Post - Explorer freezing, Computer extremely slow.

Radja40 · 04-24-2006, 12:53 PM

Thanks again for your help. The logs are posted below. I had two issues with the steps that you gave me.
1. I could not find the file C:\keys.ini
2. I removed the YourEnhance 1.0 file from the add/remove panel, but it is still on my computer after I rebooted.

Please let me know what else needs to be done.
Thanks

Logfile of HijackThis v1.99.1
Scan saved at 2:48:10 PM, on 4/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\wanmpsvc.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\WINNT\system32\wscntfy.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\SK9910DM.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\Computer Tools\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [WorkFlo] D:\BrdJmp\WorkFlow.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/game...s/y/blt1_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Bridge - http://download.games.yahoo.com/game...ts/y/bt1_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/game...ts/y/ht1_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/game.../y/mjst3_x.cab
O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/game...s/y/ywt0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/game...ts/y/wt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123364265156
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145472866651
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...39/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: CAISafe - Unknown owner - C:\Program Files\Yahoo!\Antivirus\ISafe.exe (file missing)
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINNT\system32\cisvc.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINNT\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINNT\system32\YPCSER~1.EXE

Incident Status Location

Spyware:spyware/whazit Not disinfected c:\winnt\system32\fiz1
Adware:adware/delfinmedia Not disinfected c:\keys.ini
Potentially unwanted tool:application/funweb Not disinfected hkey_current_user\software\Fun Web Products
Adware:adware/navipromo Not disinfected Windows Registry
Spyware:spyware/safesurf Not disinfected Windows Registry
Adware:adware/novo Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/sahagent Not disinfected Windows Registry
Adware:adware/activshopper Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][dp-k13w13.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][IEDRIVER.EXE]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][sx.htm]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][ieupdate.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][td.exe]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[install_tag002.exe]
Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[dist1_1_00.exe]
Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[SaveInstCsSm.exe]
Adware:Adware/eZula Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[ezStub.exe]
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[apropos_client_loader.exe]
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[ClrSchP071.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[wmedia_bbi8015.exe]
Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][dp-k13w13.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][IEDRIVER.EXE]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][sx.htm]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][ieupdate.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][td.exe]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[install_tag002.exe]
Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[dist1_1_00.exe]
Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[SaveInstCsSm.exe]
Adware:Adware/eZula Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[ezStub.exe]
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[apropos_client_loader.exe]
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[ClrSchP071.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[wmedia_bbi8015.exe]
Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][dp-k13w13.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][IEDRIVER.EXE]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][sx.htm]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][ieupdate.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][td.exe]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[install_tag002.exe]
Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[dist1_1_00.exe]
Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[SaveInstCsSm.exe]
Adware:Adware/eZula Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[ezStub.exe]
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[apropos_client_loader.exe]
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[ClrSchP071.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[wmedia_bbi8015.exe]
Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][dp-k13w13.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][IEDRIVER.EXE]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][sx.htm]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][ieupdate.exe]
Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][td.exe]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[install_tag002.exe]
Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[dist1_1_00.exe]
Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[SaveInstCsSm.exe]
Adware:Adware/eZula Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[ezStub.exe]
Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[apropos_client_loader.exe]
Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[ClrSchP071.exe]
Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[wmedia_bbi8015.exe]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Cookies\owner@qksrv[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:28:13 PM, 4/24/2006
+ Report-Checksum: 65EE7A84

+ Scan result:

C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP214\A0053391.exe -> Adware.PurityScan : Cleaned with backup

::Report End

04-24-2006, 12:53 PM	#8 (permalink)
Radja40 Registered User Join Date: May 2005 Posts: 14 OS: Win XP	Thanks again for your help. The logs are posted below. I had two issues with the steps that you gave me. 1. I could not find the file C:\keys.ini 2. I removed the YourEnhance 1.0 file from the add/remove panel, but it is still on my computer after I rebooted. Please let me know what else needs to be done. Thanks Logfile of HijackThis v1.99.1 Scan saved at 2:48:10 PM, on 4/24/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\Explorer.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINNT\system32\svchost.exe C:\WINNT\wanmpsvc.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\WINNT\System32\hkcmd.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Yahoo!\browser\ybrwicon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe C:\PROGRA~1\Yahoo!\YOP\yop.exe C:\PROGRA~1\Yahoo!\browser\ycommon.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe C:\WINNT\system32\wscntfy.exe C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINNT\system32\SK9910DM.EXE C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe C:\Program Files\Microsoft Money\System\mnyexpr.exe C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe C:\WINNT\system32\wuauclt.exe C:\Documents and Settings\Owner\Desktop\Computer Tools\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [ymetray] "C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe" O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" O4 - HKLM\..\Run: [WorkFlo] D:\BrdJmp\WorkFlow.exe O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [Keyboard Preload Check] C:\OEMDRVRS\KEYB\Preload.exe /DEVID: /CLASS:Keyboard /RunValue:"Keyboard Preload Check" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "c:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\xtras\mssysmgr.exe O4 - HKCU\..\Run: [Yahoo! Pager] 1 O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing) O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: JT's Blocks - http://download.games.yahoo.com/game...s/y/blt1_x.cab O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at0_x.cab O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab O16 - DPF: Yahoo! Bridge - http://download.games.yahoo.com/game...ts/y/bt1_x.cab O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/game...ts/y/ht1_x.cab O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/game.../y/mjst3_x.cab O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/game...s/y/ywt0_x.cab O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/game...ts/y/wt0_x.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1123364265156 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1145472866651 O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v5.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...39/mcfscan.cab O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll O23 - Service: CAISafe - Unknown owner - C:\Program Files\Yahoo!\Antivirus\ISafe.exe (file missing) O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINNT\system32\cisvc.exe (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINNT\system32\drivers\KodakCCS.exe (file missing) O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe (file missing) O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe O23 - Service: YPCService - Yahoo! Inc. - C:\WINNT\system32\YPCSER~1.EXE Incident Status Location Spyware:spyware/whazit Not disinfected c:\winnt\system32\fiz1 Adware:adware/delfinmedia Not disinfected c:\keys.ini Potentially unwanted tool:application/funweb Not disinfected hkey_current_user\software\Fun Web Products Adware:adware/navipromo Not disinfected Windows Registry Spyware:spyware/safesurf Not disinfected Windows Registry Adware:adware/novo Not disinfected Windows Registry Spyware:spyware/media-motor Not disinfected Windows Registry Potentially unwanted tool:application/mywebsearch Not disinfected hkey_classes_root\clsid\{147A976F-EEE1-4377-8EA7-4716E4CDD239} Adware:adware/sahagent Not disinfected Windows Registry Adware:adware/activshopper Not disinfected Windows Registry Adware:adware/ist.istbar Not disinfected Windows Registry Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][dp-k13w13.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][IEDRIVER.EXE] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][sx.htm] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][ieupdate.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][td.exe] Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[install_tag002.exe] Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[dist1_1_00.exe] Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[SaveInstCsSm.exe] Adware:Adware/eZula Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[ezStub.exe] Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[apropos_client_loader.exe] Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[ClrSchP071.exe] Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe._eac_qt_[wmedia_bbi8015.exe] Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][dp-k13w13.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][IEDRIVER.EXE] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][sx.htm] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][ieupdate.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][td.exe] Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[install_tag002.exe] Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[dist1_1_00.exe] Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[SaveInstCsSm.exe] Adware:Adware/eZula Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[ezStub.exe] Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[apropos_client_loader.exe] Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[ClrSchP071.exe] Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe._eac_qt_[wmedia_bbi8015.exe] Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][dp-k13w13.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][IEDRIVER.EXE] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][sx.htm] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][ieupdate.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[setup233.exe][td.exe] Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[install_tag002.exe] Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[dist1_1_00.exe] Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[SaveInstCsSm.exe] Adware:Adware/eZula Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[ezStub.exe] Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[apropos_client_loader.exe] Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[ClrSchP071.exe] Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe._eac_qt_[wmedia_bbi8015.exe] Virus:Trj/Downloader.OE Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][dp-k13w13.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][IEDRIVER.EXE] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][sx.htm] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][ieupdate.exe] Adware:Adware/IEDriver Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[setup233.exe][td.exe] Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[install_tag002.exe] Adware:Adware/BrowserAid Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[dist1_1_00.exe] Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[SaveInstCsSm.exe] Adware:Adware/eZula Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[ezStub.exe] Spyware:Spyware/Apropos Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[apropos_client_loader.exe] Spyware:Spyware/ClearSearch Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[ClrSchP071.exe] Adware:Adware/Exact.BargainBuddy Not disinfected C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe._eac_qt_[wmedia_bbi8015.exe] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Cookies\owner@apmebf[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Cookies\owner@qksrv[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 2:28:13 PM, 4/24/2006 + Report-Checksum: 65EE7A84 + Scan result: C:\System Volume Information\_restore{CF79470C-79F7-4821-8E34-8E6EA7D3E7B5}\RP214\A0053391.exe -> Adware.PurityScan : Cleaned with backup ::Report End