Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Up


  • Please log in to reply
8 replies to this topic

#1 rosevelt

rosevelt

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 14 June 2006 - 03:32 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:00:39 PM, on 6/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
c:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\efax\HotTray.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\efax\Dllcmd32.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\NoAdware4\NoAdware4.exe
C:\Palm\palm.exe
C:\Palm\AlarmApp.exe
C:\PROGRA~1\MICROS~2\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131985099120
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v46/wof/wof.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\d4j0le1m1h.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Computer Corporation - c:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 14 June 2006 - 05:28 PM

http://www.atribune.org/ccount/click.php?id=7 to download Look2Me-Destroyer.exe and save it to your desktop.
· Close all windows before continuing.
· Double-click Look2Me-Destroyer.exe to run it.
· click the Scan for L2M button, your desktop icons will disappear, this is normal.
· Once it's done scanning, click the Remove L2M button.
· You will receive a Done Scanning message, click OK.
· When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
· Your computer will then shutdown.
· Turn your computer back on.
· Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.

http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX
==========================

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 rosevelt

rosevelt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 16 June 2006 - 10:40 PM

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 6/16/2006 8:17:03 PM

Infected! C:\WINDOWS\system32\j4j60e1seh.dll
Infected! C:\WINDOWS\SYSTEM32\bcdispl.dll
Infected! C:\WINDOWS\SYSTEM32\ctmdlg32.dll
Infected! C:\WINDOWS\SYSTEM32\dhser.dll
Infected! C:\WINDOWS\SYSTEM32\dWvclnt.dll
Infected! C:\WINDOWS\SYSTEM32\e2jm0c11ef.dll
Infected! C:\WINDOWS\SYSTEM32\e8jm0i11e8.dll
Infected! C:\WINDOWS\SYSTEM32\en88l1lu1.dll
Infected! C:\WINDOWS\SYSTEM32\f2l00c3mef.dll
Infected! C:\WINDOWS\SYSTEM32\h4n0le5m1h.dll
Infected! C:\WINDOWS\SYSTEM32\i8nm0i51e8.dll
Infected! C:\WINDOWS\SYSTEM32\ir64l5jq1.dll
Infected! C:\WINDOWS\SYSTEM32\irj4l51q1.dll
Infected! C:\WINDOWS\SYSTEM32\itm32.dll
Infected! C:\WINDOWS\SYSTEM32\j4j60e1seh.dll
Infected! C:\WINDOWS\SYSTEM32\l8n4li5q18.dll
Infected! C:\WINDOWS\SYSTEM32\lv2809fue.dll
Infected! C:\WINDOWS\SYSTEM32\lv2u09f9e.dll
Infected! C:\WINDOWS\SYSTEM32\lv4609hse.dll
Infected! C:\WINDOWS\SYSTEM32\lvj8091ue.dll
Infected! C:\WINDOWS\SYSTEM32\lvpq0975e.dll
Infected! C:\WINDOWS\SYSTEM32\m628lgfu1628.dll
Infected! C:\WINDOWS\SYSTEM32\miihnd.dll
Infected! C:\WINDOWS\SYSTEM32\o4840elqehqe0.dll
Infected! C:\WINDOWS\SYSTEM32\opbcbcp.dll
Infected! C:\WINDOWS\SYSTEM32\owbccr32.dll
Infected! C:\WINDOWS\SYSTEM32\p68q0gl5e6q.dll
Infected! C:\WINDOWS\SYSTEM32\r46ulej91ho.dll
Infected! C:\WINDOWS\SYSTEM32\uuimdmat.dll
Infected! C:\WINDOWS\SYSTEM32\wvspdmod.dll
Infected! C:\WINDOWS\SYSTEM32\wxdap32.dll
Infected! C:\WINDOWS\SYSTEM32\xmnroll.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\j4j60e1seh.dll
C:\WINDOWS\system32\j4j60e1seh.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\bcdispl.dll
C:\WINDOWS\SYSTEM32\bcdispl.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\ctmdlg32.dll
C:\WINDOWS\SYSTEM32\ctmdlg32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\dhser.dll
C:\WINDOWS\SYSTEM32\dhser.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\dWvclnt.dll
C:\WINDOWS\SYSTEM32\dWvclnt.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\e2jm0c11ef.dll
C:\WINDOWS\SYSTEM32\e2jm0c11ef.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\e8jm0i11e8.dll
C:\WINDOWS\SYSTEM32\e8jm0i11e8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\en88l1lu1.dll
C:\WINDOWS\SYSTEM32\en88l1lu1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\f2l00c3mef.dll
C:\WINDOWS\SYSTEM32\f2l00c3mef.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\h4n0le5m1h.dll
C:\WINDOWS\SYSTEM32\h4n0le5m1h.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\i8nm0i51e8.dll
C:\WINDOWS\SYSTEM32\i8nm0i51e8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\ir64l5jq1.dll
C:\WINDOWS\SYSTEM32\ir64l5jq1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\irj4l51q1.dll
C:\WINDOWS\SYSTEM32\irj4l51q1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\itm32.dll
C:\WINDOWS\SYSTEM32\itm32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\j4j60e1seh.dll
C:\WINDOWS\SYSTEM32\j4j60e1seh.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\l8n4li5q18.dll
C:\WINDOWS\SYSTEM32\l8n4li5q18.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\lv2809fue.dll
C:\WINDOWS\SYSTEM32\lv2809fue.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\lv2u09f9e.dll
C:\WINDOWS\SYSTEM32\lv2u09f9e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\lv4609hse.dll
C:\WINDOWS\SYSTEM32\lv4609hse.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\lvj8091ue.dll
C:\WINDOWS\SYSTEM32\lvj8091ue.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\lvpq0975e.dll
C:\WINDOWS\SYSTEM32\lvpq0975e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\m628lgfu1628.dll
C:\WINDOWS\SYSTEM32\m628lgfu1628.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\miihnd.dll
C:\WINDOWS\SYSTEM32\miihnd.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\o4840elqehqe0.dll
C:\WINDOWS\SYSTEM32\o4840elqehqe0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\opbcbcp.dll
C:\WINDOWS\SYSTEM32\opbcbcp.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\owbccr32.dll
C:\WINDOWS\SYSTEM32\owbccr32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\p68q0gl5e6q.dll
C:\WINDOWS\SYSTEM32\p68q0gl5e6q.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\r46ulej91ho.dll
C:\WINDOWS\SYSTEM32\r46ulej91ho.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\uuimdmat.dll
C:\WINDOWS\SYSTEM32\uuimdmat.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\wvspdmod.dll
C:\WINDOWS\SYSTEM32\wvspdmod.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\wxdap32.dll
C:\WINDOWS\SYSTEM32\wxdap32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\SYSTEM32\xmnroll.dll
C:\WINDOWS\SYSTEM32\xmnroll.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Nls

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{33175D6F-0B25-4DBC-851A-09D808EF1770}"
HKCR\Clsid\{33175D6F-0B25-4DBC-851A-09D808EF1770}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F6B59E25-0AAD-4386-BB25-44EF5A4472B6}"
HKCR\Clsid\{F6B59E25-0AAD-4386-BB25-44EF5A4472B6}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:22 AM

Posted 16 June 2006 - 11:16 PM

Hi rosevelt

You'll note I've merged your latest log with your original thread.

You still need to post a fresh HJT log per MFDnSC request.

Please keep all future responses on this subject in this thread by using the
ADD Reply button at the bottom right of the page.

good luck,
and Regards
KoanYorel

Edited by KoanYorel, 16 June 2006 - 11:16 PM.

The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 rosevelt

rosevelt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 21 June 2006 - 12:07 AM

Thanks for the help! it made a huge difference.
Following is the latest HJT log.

Rosevelt

ile of HijackThis v1.99.1
Scan saved at 10:02:52 PM, on 6/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
c:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\efax\HotTray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\efax\Dllcmd32.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131985099120
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v46/wof/wof.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Iap - Dell Computer Corporation - c:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

#6 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 21 June 2006 - 08:50 AM

OK L2M is gone but let's do one more thing

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.
Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#7 rosevelt

rosevelt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 21 June 2006 - 07:36 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:30:10 PM, on 6/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
c:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\efax\HotTray.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Common Files\efax\Dllcmd32.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: HotSync Manager.LNK = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: eFax.com Tray Menu.lnk = C:\Program Files\Common Files\efax\HotTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Live Menu.lnk = C:\Program Files\Common Files\efax\Dllcmd32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1131985099120
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ssi...ureUploader.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinner.com/games/v46/wof/wof.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Iap - Dell Computer Corporation - c:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Ewido Log:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:20:00 PM 6/21/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{392BAF48-A26A-45B5-9263-97128E429268} -> Adware.AdBlaster : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\D75FBB6A-53DA-42B9-A34F-D6B0E3\2FE0FC87-E7CD-4926-913E-B6732F -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\D75FBB6A-53DA-42B9-A34F-D6B0E3\D46ABD45-3D65-4305-A5F3-810F48 -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\09705B8D-E3B8-4461-80EF-31D49D\37FCF4AC-DEF2-4948-ADF1-5A707B -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\151606E0-6B7F-4D4B-8042-63F352\C1387AE1-FC1C-43C0-AE52-C5C182 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1EF55659-12ED-4B1D-8B47-4153BF\8E1FECCF-A832-4E1D-8702-78EED9 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\225431ED-CF34-48E1-A711-3B9119\4A85D378-C84F-4DAC-96B2-DB3CF0 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\25EFC9A3-B6A0-4FFE-90BD-2A9253\EF410AA5-B445-479A-990E-DE5F75 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\3D06C624-D812-4D79-86DC-A9B591\F3CB9083-0F95-4872-838C-081076 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\56EE9DD6-0CBD-4D9F-8EDD-AE6696\BE63B62D-06D5-40D1-BAAF-6A1B78 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\57A97EAB-39B4-440E-B3CF-3942B9\011562AC-55FF-4DE9-AB93-BA1794 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\6056795E-9129-42BE-8575-359A16\881206A1-416E-4B33-9257-7A7E7C -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\68091AF6-9C9D-41B4-BEF6-9DA20C\5ED01C65-8DC6-4706-BA7D-CA33A8 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\78B244E8-0D9A-4139-B265-D15BEF\7D47A2A4-FC7B-4AE7-A323-17B0DB -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\7C819407-9FE1-4B27-B27F-79B4CE\0338F2E1-3B5C-49BF-ACA6-CB4749 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\82A091E2-4D68-400A-B077-22C8B8\EAE6521B-0F6B-41C9-88B0-D082D5 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\8C74162F-24E9-43B9-8A0A-3524A0\B69582B3-CB21-4FB2-8F52-6505F9 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\8CC7938B-9E50-429D-ABF0-9AE4FB\54E8D9C6-2594-412A-804B-9E351B -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\8F63C1ED-5434-4DC5-863B-885C7C\591E34F7-EC76-4487-97B8-CD1730 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\9A3A88C1-DB74-4854-9AB3-E90130\95034DD4-5F27-4509-AF44-28DD79 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\9D1DE3D6-414E-470D-A556-DCD864\56AD49BA-8571-4A9B-80DE-EFA261 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\9FBADA6E-A772-49B0-9A56-BDA220\73E76635-E26D-4AE4-AF21-C5082A -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\A16F844D-8BBC-4E13-B2FE-0D551B\4354C2BD-0C5E-4F7C-9E1B-B862D9 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\A3C5B86C-B05E-4F6A-A6DE-1BEC5F\BBC92ADE-C2D9-4221-97B5-257900 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\A4E451A8-E5DD-46B1-B1B2-548B9C\83481BF1-24D3-4C8C-BA74-6EC98D -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\AA6BF430-6980-4EDB-B655-1C1DAD\55C2D252-4A7A-4E71-91C9-AAA4CC -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\B972B91D-4095-4D2A-A91C-110547\BD2A7E9E-E745-41F6-A3AB-225DDE -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\BB107FBE-93A4-4BDA-B8EA-1AF9DB\B7C946EA-36A8-4898-8DFF-70BB80 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\BC6C55C8-D6B3-48C9-97E0-ABD5F5\03FE30FB-FA8B-4109-8DD8-E9184F -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\CDE16BD7-BC6A-4ADC-BA8B-8CB1E2\33CC8588-E2A5-41C5-86C2-CF7E3C -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\ED5A0274-5C02-4280-BC82-ECF260\9124806F-EC29-49D9-BB92-069F66 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\ED93A4DD-7B11-4FAE-A81B-51FC2A\83C4AE12-B554-40E2-A5C4-B0E2F7 -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000036.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000037.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000038.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000039.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000040.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000041.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000042.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000043.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000044.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000045.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000046.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000047.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000048.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000049.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000050.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000051.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000052.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000053.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000054.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000055.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000056.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000057.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000058.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000059.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000060.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000061.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000062.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000063.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000064.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000065.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP5\A0000066.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\AXTAPI.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\DMRPSETU.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\IUSHLPR.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\KEDPO.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\KMDUZB.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\MAIOLE32.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\MMVCRT20.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\OIEACCRC.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\SM2EVNT1.DLL -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Program Files\Common Files\fmoq\fmoqp.exe -> Adware.Xupiter : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\B7F6F8F4-1044-4D2D-B2FC-E05674\A530B9EC-B43B-4F53-9106-FEA2C6 -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\B7F6F8F4-1044-4D2D-B2FC-E05674\DAC48BAA-E7C8-43A6-983B-B16F53 -> Adware.Zestyfind : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\byxvwtu.dll -> Downloader.ConHook.ab : Cleaned with backup (quarantined).
C:\WINDOWS\sp2update00.exe -> Downloader.VB.nh : Cleaned with backup (quarantined).
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\4P2BCLAN\new[1].htm -> Not-A-Virus.Constructor.Perl.Msdds.b : Ignored.
C:\Documents and Settings\Robert.Franklin\Local Settings\Temp\NoadwareBkupTemp\robert.franklin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@pch.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@wholesalemarketer.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Robert.Franklin\Local Settings\Temp\Cookies\robert.franklin@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Robert.Franklin\Cookies\robert.franklin@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Robert.Franklin\Cookies\robert.franklin@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Robert.Franklin\Local Settings\Temp\Cookies\robert.franklin@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Robert.Franklin\Cookies\robert.franklin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned.
C:\Documents and Settings\Robert.Franklin\Local Settings\Temp\Cookies\robert.franklin@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Robert.Franklin\Local Settings\Temp\Cookies\robert.franklin@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Robert.Franklin\Local Settings\Temp\Cookies\robert.franklin@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Robert.Franklin\Cookies\robert.franklin@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Robert.Franklin\Application Data\Earthlink\6.0\rfranklintx@earthlink.net\Cookies\robert.franklin@blp.valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Robert.Franklin\Local Settings\Temp\NoadwareBkupTemp\robert.franklin@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Robert.Franklin\Local Settings\Temp\Cookies\robert.franklin@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Robert.Franklin\Local Settings\Temp\Cookies\robert.franklin@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\Temp\Cookies\robert.franklin@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\adtech2005.exe -> Trojan.VB.afn : Cleaned with backup (quarantined).


::Report end

#8 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:09:22 AM

Posted 21 June 2006 - 07:53 PM

Purge the Microsoft AntiSpyware Quarantine

How are things??

Turn off restore points, boot, turn them back on – here’s how

XP
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#9 rosevelt

rosevelt
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:22 AM

Posted 21 June 2006 - 08:01 PM

things are great! Thanks for the help. This has saved me a huge amount of time during the day. Nothing worse then trying to present a product or complete a presentation when your dealing with pop-ups.
i will try the next step.

thanks again! :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users