Please clean up my comp.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

etheth

Thread Starter
Joined
Aug 21, 2005
Messages
122
Logfile of HijackThis v1.99.1
Scan saved at 5:11:28 PM, on 12/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS.0\System32\smss.exe
c:\windows.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
c:\windows.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\system32\EXSHOW95.EXE
C:\program files\creative\shared files\CamTray.exe
C:\WINDOWS.0\system32\cisvc.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS.0\Logi_MwX.Exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Z:\Program Files\Music Match\mm_tray.exe
C:\WINDOWS.0\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS.0\BCMSMMSG.exe
C:\WINDOWS.0\system32\ICO.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Yahoo!\Messenger\ypager.exe
Z:\Program Files\IFNS\ifns.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
Z:\PROGRA~1\MUSICM~1\MMDiag.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\WINDOWS.0\System32\wltrysvc.exe
C:\WINDOWS.0\System32\bcmwltry.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
Z:\Program Files\Music Match\mim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS.0\explorer.exe
Z:\Program Files\DAP\DAP.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Game_Maker6\Game_Maker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Ethan Roseman\My Documents\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - Z:\Program Files\DAP\dapbho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] c:\program files\creative\shared files\CamTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS.0\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS.0\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.0\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] Z:\PROGRA~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "Z:\Program Files\Music Match\mm_tray.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "Z:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Instant File Name Search] Z:\Program Files\IFNS\ifns.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Download with &DAP - Z:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - Z:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS.0\System32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} - http://thesims.ea.com/teleport/hotdate/NPC/MaxisHotDateTeleX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd/downloads/iaieplay.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {356E71A0-B0F1-4AF7-877C-A4E9B4D6BED5} (DeepCreatorViewer Control) - http://www.radishworks.com/Viewer/RWViewer.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {56830284-4E2F-4418-8D26-3DEF348C16F1} (OSAKit.OSA_Kit) - http://www.osakit.com/OSAKit.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127914842031
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures03.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.6.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B038A6C8-441B-11D4-BD8F-000021E2C68B} (ICFViewer Control) - http://www.rapidform.com/english/icfviewer/bin/icfviewer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr_ext.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F1946764-3B40-4BE3-A87D-F371B112308F} (WPActiveX Control) - http://localhost:7777/wp/wpax.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab
O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} - http://download.test.toontown.com/sv1.0.10.20.test/tt_test.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTSvcCDA.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS.0\System32\wltrysvc.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Uninstall Viewpoint Manager from Add/Remove Programs.

Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
 

etheth

Thread Starter
Joined
Aug 21, 2005
Messages
122
Logfile of HijackThis v1.99.1
Scan saved at 8:37:10 PM, on 12/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS.0\System32\smss.exe
c:\windows.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\ctfmon.exe
C:\Documents and Settings\Ethan Roseman\My Documents\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - Z:\Program Files\DAP\dapbho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] c:\program files\creative\shared files\CamTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS.0\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS.0\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.0\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] Z:\PROGRA~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "Z:\Program Files\Music Match\mm_tray.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "Z:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Instant File Name Search] Z:\Program Files\IFNS\ifns.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Download with &DAP - Z:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - Z:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS.0\System32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} - http://thesims.ea.com/teleport/hotdate/NPC/MaxisHotDateTeleX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd/downloads/iaieplay.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {356E71A0-B0F1-4AF7-877C-A4E9B4D6BED5} (DeepCreatorViewer Control) - http://www.radishworks.com/Viewer/RWViewer.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {56830284-4E2F-4418-8D26-3DEF348C16F1} (OSAKit.OSA_Kit) - http://www.osakit.com/OSAKit.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127914842031
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures03.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.6.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B038A6C8-441B-11D4-BD8F-000021E2C68B} (ICFViewer Control) - http://www.rapidform.com/english/icfviewer/bin/icfviewer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr_ext.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F1946764-3B40-4BE3-A87D-F371B112308F} (WPActiveX Control) - http://localhost:7777/wp/wpax.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab
O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} - http://download.test.toontown.com/sv1.0.10.20.test/tt_test.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS.0\System32\wltrysvc.exe
 

etheth

Thread Starter
Joined
Aug 21, 2005
Messages
122
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:34:54 PM, 12/23/2005
+ Report-Checksum: 9A8D1294

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{49DB48FF-02B5-4645-B676-94A4DF1AA026} -> Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKU\S-1-5-21-776561741-1220945662-725345543-1004\Software\IST -> Spyware.ISTBar : Cleaned with backup
C:\!Submit\cxdxregt.exe -> Spyware.ZenoSearch : Cleaned with backup
C:\!Submit\eetu.exe -> Downloader.PurityScan.ag : Cleaned with backup
C:\!Submit\pokapoka70.exe -> Spyware.EliteBar : Cleaned with backup
C:\!Submit\pxdxregr.exe -> Spyware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Application Data\Mozilla\Firefox\Profiles\9k3nmnst.default\Cache\80AF5FF1d01 -> Spyware.WinAD : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Ethan Roseman\Application Data\Mozilla\Firefox\Profiles\9k3nmnst.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Ethan Roseman\Application Data\Mozilla\Firefox\Profiles\9k3nmnst.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Ethan Roseman\Application Data\Mozilla\Firefox\Profiles\9k3nmnst.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Ethan Roseman\Application Data\Mozilla\Firefox\Profiles\9k3nmnst.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Ethan Roseman\Application Data\Mozilla\Firefox\Profiles\9k3nmnst.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Ethan Roseman\Application Data\Mozilla\Firefox\Profiles\9k3nmnst.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\# BitDefender Professional Plus 9.09.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\14 Autodesk AutoCAD 2006 Products.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\240 Nature desktops.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\30 Flash Templates.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\71 Premium XP Wallpapers (Brand new Se.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Absolute Video to Audio Converter 2.6.5.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Adware Away 2.2.86.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Age of Empires III.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Agnitum Outpost Firewall Pro 3.0.557.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Ahead DVD Ripper Standard 1.3.9.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\All Sound Recorder XP 2.18.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Allok Audio Converter 1.0.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Amigo Easy Video Converter 4.2.12.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Audio Edit Magic 7.5.9.675.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\BalloNrain 1.0d.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Black and White 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Britney Spears - Someday I Will Unders.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Broken Sword 3 - Sleeping Dragonbroke.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Championship Manager 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Codecs pack AIO 4 In 1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Conflict Global Terror.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Crime Life Gang Wars.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Database Convert 3.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\DivX 6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Download Accelerator Plus 7.4.0.2 + WO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Dracula III - Legacy.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Dragon Warrior VII CD1 (PSX).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Dragon Warrior VII CD2 (PSX).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Duke Nukem Manhattan Project.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\EasyPDF 2.2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Elektra(2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Eudora 7.0.1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Eurotrip (2004).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Evidence Eraser Pro 3.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\FirmTools AlbumCreator 3.4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Flash Web Design The Art Of Motion G.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Flash2Video 3.06.490.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Games and more.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Harry Potter and the Goblet of Fire.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Heroes of the Pacific.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\How to Make Anyone Fall in Love with Y.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Hundreds Of Rapidshare Links.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\ImTOO PSP Video Converter 2.1.55.1205.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Invision Power Board 2.1.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Jarhead (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Java Programming with Oracle JDBC.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\jv16 PowerTools 2005 1.5.0.278.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Kasparov Chessmate 3D.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\King Kong (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Macromedia Studio 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Madonna - Confessions On A Dance Floor.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Magicbit DVD Ripper Deluxe 1.3.20.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Mathematically Beautiful Screen Savers.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Matrix Path of Neo.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Mcirosoft Frontpage 2003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Microsoft Exchange Server 2003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Microsoft Office Proofing Tools 2003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Microsoft Visio 2003 Professional.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Microsoft Visual Studio 2005 Professio.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\MicrosoftOneNote 2003.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\MixMeister Pro 6.1.3.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Modern Desktop 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\MP3 Karaoke Collection - Part 2 (2Gb).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\MSN Messenger 8.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Native Instruments Traktor DJ Studio 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Nero 7.0.1.4 Premium.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\No1 Video Converter 3.9.6.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Norton Ghost 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Norton SystemWorks 2006.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Norton Utilities 2006 + Ghost 10 Tool Pack.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Outpost Firewall Pro 3.0.557.5918.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Password Door 8.2.11.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\PC Magazine - December 27 2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\PCBoost 3.12.5.2005.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\PDF Stamp 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\PHP Ades Guestbook 2.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Pragma 4.00.0043.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Project IGI.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Quake 4 CLONECD.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Quake 4.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Quality Outlook Express Backup 2.0.48.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Rayman 2 The Great Escape.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Registry Help Pro 1.15.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\RioDVD Region Free Player 1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\RM to AVI MPEG WMV VCD DVD Converter 2.6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Search and Replace 5.3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\SkyMark PathMaker 6.0.21.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Sony Sound Forge Audio Studio 8.0a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Steganos Security Suite.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Steinberg Cubase SX 3.1.1.944.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Street Fighter Alpha Zero 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Style XP 3.14.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Super Norton System Works 2006 AIO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\SuperAVConverter 6.2.10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Swellog Inventory 2.50.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Symbian S60 Games - King Kong.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Symbian S60 Prince of Persia The Two Thrones.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\System Software Collection.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\The 40 Years Old Virgin.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\The Chronicles Of Narnia.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\The JukeBoxer 3.7.0.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\The Village.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Theme Hospital (Game).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Top 8 Games.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Train Driver.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Trendy Flash Site Builder.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Ulead VideoStudio 9.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Ultra DVD Creator 1.4.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Unearthed Catacombs (RPG).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\UnityPro Thumbs Up 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Utility Ping 1.2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\VIDEOzilla 2.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Voice Over MPLS Planning and Design Ne.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\War of the Worlds.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Watermill 3D Screensaver 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Winamp 5.1.1 Pro.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Windows Geniune Advantage Validation T.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\WinTools.net Professional 6.71.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\WMA To MP3 Encoder 5.07.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\WMV to AVI MPEG WMV VCD DVD Converter 2.6.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Complete\Your Uninstaller! 2006 Pro 5.0.0.203.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@counter4.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@counter9.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@ehg-techtarget.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@hg1.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@hotlog[2].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@sexlist[1].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@spylog[1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Cookies\ethan roseman@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Local Settings\Temp\180sainstallernusac.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Local Settings\Temp\180sainstallernusac.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Local Settings\Temp\Del1BE.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Local Settings\Temp\Del5C.tmp -> Downloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Local Settings\Temp\Del84.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Local Settings\Temp\Del8C.tmp -> Downloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Local Settings\Temp\res5D.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Local Settings\Temp\res8D.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Local Settings\Temporary Internet Files\Content.IE5\HXDWCSBO\mm[1].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\My Documents\Games\Runescape\runescape_toolkit\ProcessMagic.exe -> Trojan.Rootkit.Agent.x : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Shared\10 Secrets To Great Sex - Secret 3.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Shared\Cute Twinks Having Sex In Gym\Video.exe -> Dropper.WinAD.h : Cleaned with backup
C:\Documents and Settings\Ethan Roseman\Shared\Cute Twinks Having Sex In Gym.zip/Video.exe -> Dropper.WinAD.h : Cleaned with backup
C:\Program Files\Alexa Toolbar\uninstall.exe -> Spyware.AlexaBar : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\26F41959-B028-4454-A4FC-9AD7BC\D267A713-EFA5-45CC-B365-C6A111 -> Downloader.Qoologic.ad : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5FB3BA92-426B-4953-BD9F-8010C8\1E275854-89FA-4B1A-9A01-AC59F7 -> Downloader.Qoologic.ad : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\AF0F4510-432A-4251-B755-2FEA91\5609834D-C50C-4410-8005-3C436F -> Downloader.Qoologic.ad : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C14A911F-730C-4E5A-ABB4-D1745E\CC6C3CA7-D0E7-49D7-A855-752386 -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\CA1433F6-41D1-4838-82B6-66CE03\120D2694-F2DA-471E-BFCA-13F72D -> Downloader.Qoologic.ad : Cleaned with backup
C:\Program Files\winupdates\a.tmp -> Worm.VB.an : Cleaned with backup
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqEB.tmp -> Spyware.Cookie.Com : Cleaned with backup
C:\System Volume Information\_restore{B5B08B82-15EF-48C8-B28B-A38582784839}\RP112\A0039151.exe -> Downloader.IstBar.lu : Cleaned with backup
C:\System Volume Information\_restore{B5B08B82-15EF-48C8-B28B-A38582784839}\RP114\A0041190.exe -> Worm.VB.an : Cleaned with backup
C:\WINDOWS.0\Downloaded Program Files\miniclipGameLoader.dll -> Downloader.Small : Cleaned with backup
C:\WINDOWS.0\system32\screg.exe -> Backdoor.BadCo.10 : Cleaned with backup
C:\WINDOWS.0\system32\zxinst_cs001.exe -> Spyware.ZenoSearch : Cleaned with backup
Z:\Program Files\softnyx\GunboundWC\GunBound.gme -> Backdoor.Agobot.agh : Cleaned with backup


::Report End
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto

Boot into Safe Mode.

Find and delete this folder: C:\Program Files\winupdates

Also in Safe Mode navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

It's normal if some files don't delete!

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

Empty the Recycle Bin.

Reboot, post a new log.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
84,168
I'm curious as to why there's a C:\WINDOWS.0 folder.

------------------------------------------------------------------------------------

There are several programs running in the background that don't need to be, so we need to get that startup list trimmed down.

As soon as CheeseBall81 gives me the all-clear, I'll assist you with doing that.

-------------------------------------------------------------------------------------
 

etheth

Thread Starter
Joined
Aug 21, 2005
Messages
122
A long time ago, there were some MAJOR problems with my computer (missing system files) I thought I should reinstall win xp. Instead of reparing it, it made an other operating system. My dad wanted to call someone over to my house to fix the problem (i would of done the exact same thing he did.) He deleted the windows folder and changed the boot files to automatically run the Windows.0 folder. I don't want to rename it because bad things could happen.
 

etheth

Thread Starter
Joined
Aug 21, 2005
Messages
122
Logfile of HijackThis v1.99.1
Scan saved at 9:40:14 PM, on 12/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS.0\System32\smss.exe
c:\windows.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
c:\windows.0\system32\Ati2evxx.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\EXSHOW95.EXE
C:\program files\creative\shared files\CamTray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS.0\Logi_MwX.Exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Z:\Program Files\Music Match\mm_tray.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS.0\BCMSMMSG.exe
C:\WINDOWS.0\system32\ICO.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Z:\Program Files\DAP\DAP.EXE
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
Z:\PROGRA~1\MUSICM~1\MMDiag.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Yahoo!\Messenger\ypager.exe
Z:\Program Files\IFNS\ifns.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
Z:\Program Files\Music Match\mim.exe
C:\WINDOWS.0\system32\cisvc.exe
C:\WINDOWS.0\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\M-Audio Uno\UnoInst.exe
C:\WINDOWS.0\System32\wltrysvc.exe
C:\WINDOWS.0\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ethan Roseman\My Documents\hijackthis\HijackThis.exe

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - Z:\Program Files\DAP\dapbho.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [EXSHOW95.EXE] EXSHOW95.EXE
O4 - HKLM\..\Run: [Creative WebCam Tray] c:\program files\creative\shared files\CamTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS.0\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS.0\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS.0\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS.0\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS.0\UpdReg.EXE
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] Z:\PROGRA~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "Z:\Program Files\Music Match\mm_tray.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "Z:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Instant File Name Search] Z:\Program Files\IFNS\ifns.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS.0\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Download with &DAP - Z:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - Z:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS.0\System32\shdocvw.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1671869C-25B3-4C80-9446-8AE6111F8765} - http://thesims.ea.com/teleport/hotdate/NPC/MaxisHotDateTeleX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2042B57E-6336-459E-B7CE-2A0F6C9E6AF8} (IEPlayInterface Class) - http://www.lotrdvd.com/dvdkey/extended_dvd/downloads/iaieplay.dll
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/bestfriends/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {356E71A0-B0F1-4AF7-877C-A4E9B4D6BED5} (DeepCreatorViewer Control) - http://www.radishworks.com/Viewer/RWViewer.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {56830284-4E2F-4418-8D26-3DEF348C16F1} (OSAKit.OSA_Kit) - http://www.osakit.com/OSAKit.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127914842031
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq.com/cab/prod/Driver_Detective_v43_Non_Member.CAB
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} (AIM UPF Control) - http://pictures03.aim.com/ygp/aol/plugin/upf/AOLUPF.en-US-AIM.9.5.1.6.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {B038A6C8-441B-11D4-BD8F-000021E2C68B} (ICFViewer Control) - http://www.rapidform.com/english/icfviewer/bin/icfviewer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr_ext.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {F1946764-3B40-4BE3-A87D-F371B112308F} (WPActiveX Control) - http://localhost:7777/wp/wpax.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - http://activex.microsoft.com/activex/controls/sdkupdate/sdkinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15014/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) - http://www.musicmatch.com/form/support/tech/diagnostics/cabs/DiagCollectionControl.cab
O16 - DPF: {FF791555-FDAC-43AB-B792-389E4CC0A6E5} - http://download.test.toontown.com/sv1.0.10.20.test/tt_test.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: F-Secure Anti-Virus 2005 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Anti-Virus\backweb\4476822\program\fsbwsys.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Uno Installer (UnoInstallerService) - Unknown owner - C:\Program Files\M-Audio Uno\UnoInst.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS.0\System32\wltrysvc.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
You're welcome :) I will let flav take over now and help you trim down that Startup list

Happy Holidays
 

etheth

Thread Starter
Joined
Aug 21, 2005
Messages
122
I had another topic where you helped me and he never came. Be sure to pm him or get his attention.
 

flavallee

Frank
Trusted Advisor
Joined
May 12, 2002
Messages
84,168
I don't respond to EVERY thread that CheeseBall does, but I did happen to respond to yours, so I'll be glad to help you.

Click Start - Run, type in MSCONFIG, then click OK - "Startup" tab. Remove the checkmark from

Logitech Utility (logi_mwx.exe)
(Note: If your Logitech mouse loses any functions after unchecking this one, recheck it. I have Logitech optical and cordless mice and they work fine with it unchecked)

MimBoot (mimboot.exe)

MMTray (mm_tray.exe)
(Note: The above 2 are associated with MusicMatch Jukebox. It can be started manually when needed)

MSMSGS (msmsgs.exe)
(Note: You'll also need to open Windows Messenger, go into its options/preferences settings, then disable the command that tells it to load when Windows starts. If you actually use this chat program, you can start it manually when needed)

QuickTime Task (qttask.exe)
(Note: There's no reason to have this one running in the background. The qttask.exe file is also known to generate error messages)

SunJavaUpdateSched (jusched.exe)
(Note: You can check for updates manually and don't need to have the update function running in the background)

TkBellExe (realsched.exe)
(Note: This one will recheck itself every time you use RealPlayer, so you'll need to uncheck again. I don't use it, so I don't know if it has a command in its options/preferences settings that can be disabled)

Yahoo! Pager (ypager.exe)
(Note: You can start this chat program manually when you're ready to use it)

Click Apply - OK afterwards, then reboot when prompted to. When the SCU window appears during reboot, place a checkmark in it, then click OK.

Run another scan with HijackThis, then post that new log here. We likely can disable a few more.

--------------------------------------------------------------------------------------
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top