I have gone to sites with PHP-Fusion and after about 30 secs. I would be logged out. It is getting very annoying because Windows 98 is my only other choice and that computer is messed up just because it's old and my site is PHP-Fusion made. Please help me!
eltommyo 0 Junior Poster in Training
tayspen 28 <Insert title here> Team Colleague
Please post a HJT log. Do it same way you did it in your other thread :).
eltommyo 0 Junior Poster in Training
okiez, two things:
1. GPets Toolbar is my sites toolbar
2. I can get ewido on this computer!
Logfile:
Logfile of HijackThis v1.99.1
Scan saved at 4:49:46 PM, on 5/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM95\aim.exe
C:\Documents and Settings\Shared.TIMESAVER\Desktop\HijackThis.exe
c:\program files\mcafee.com\agent\mcupdate.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\toolbar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O3 - Toolbar: GPets toolbar - {3c87fe63-07fc-463f-95e9-95448f30cdaf} - C:\Program Files\GPets\tbGPet.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzed029DUUS_ZZzer000
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet: C:\Documents and Settings\Shared.TIMESAVER\Desktop\Tommy's Stuff\peskyadsbegone.css (file missing)
O20 - AppInit_DLLs: sfklg.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
tayspen 28 <Insert title here> Team Colleague
Sorry it took so long for a reply ;).
Please check these items in HJT.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O3 - Toolbar: GPets toolbar - {3c87fe63-07fc-463f-95e9-95448f30cdaf} - C:\Program Files\GPets\tbGPet.dll
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...9DUUS_ZZzer000
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...ploader_v6.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager...etOpPlugin.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - AppInit_DLLs: sfklg.dll
Click Fix Checked.
__________________________________________________
Go to Start>Control Panel>Add/Remove PRograms Uninstall: ViewPoint Media Player
__________________________________________________
Go to Start>Search.
Search for sfklg.dll, delete any instances found (You may need to go into safe mode to do this).
__________________________________________________
Begin by downloading CCleaner, and specifically choosing the most recent version.
Then, follow these steps:
1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.
Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):
C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch
After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.
Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.
__________________________________________________
Please download ewido anti-malware it is a free version of the program.
- Install ewido anti-malware
- When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
- Launch ewido, there should be an icon on your desktop, double-click it.
- The program will now open to the main screen.
- When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
- You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
- The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful" )
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Once the updates are installed do the following:
- Open up Ewido
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- You will be prompted to clean the first infection.
- Select "Perform action on all infections", then proceed.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop or a location where you can find it easily.
- Close ewido anti-malware.
Reboot.
_______________________________________________________
Post the ewido log, and a new HJT log
eltommyo 0 Junior Poster in Training
Ewido Scan:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 7:51:19 AM, 5/19/2006
+ Report-Checksum: 7006116C
+ Scan result:
HKU\S-1-5-21-1401908170-196881590-1984881829-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A19EF336-01D4-48E6-926A-FE7E1C747AED} -> Adware.MWSearch : Cleaned with backup
HKU\S-1-5-21-1401908170-196881590-1984881829-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4} -> Adware.MWSearch : Cleaned with backup
HKU\S-1-5-21-1401908170-196881590-1984881829-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Compaq_Owner\Desktop\backups\backup-20060518-204800-153.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Mikhail\Cookies\mikhail@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mikhail\Cookies\mikhail@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Mikhail\Cookies\mikhail@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Mikhail\Cookies\mikhail@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Mikhail\Cookies\mikhail@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Mikhail\Cookies\mikhail@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\Mikhail\Cookies\mikhail@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Mikhail\Cookies\mikhail@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Mikhail\Cookies\mikhail@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Mikhail\Cookies\mikhail@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Mikhail\Cookies\mikhail@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@ehg-wizardsofthecoast.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@spylog[2].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@vdn.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Shared\Cookies\shared@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Shared\Cookies\shared@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Shared\Cookies\shared@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Shared\Cookies\shared@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Shared\Cookies\shared@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Shared\Cookies\shared@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Shared\Cookies\shared@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Shared\Cookies\shared@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Shared\Cookies\shared@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Shared\Cookies\shared@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Shared\Cookies\shared@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Shared\Cookies\shared@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Shared\Cookies\shared@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Program Files\MediaGateway\MediaGateway.exe -> Adware.WinAD : Cleaned with backup
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Cleaned with backup
C:\RECYCLER\S-1-5-21-1401908170-196881590-1984881829-1011\Dc150.zip/AIMInvader.exe -> Not-A-Virus.Flooder.Win32.VB.n : Cleaned with backup
C:\RECYCLER\S-1-5-21-1401908170-196881590-1984881829-1011\Dc151\AIMInvader.exe -> Not-A-Virus.Flooder.Win32.VB.n : Cleaned with backup
C:\RECYCLER\S-1-5-21-1401908170-196881590-1984881829-1011\Dc203\trustin.dll -> Adware.Azesearch : Cleaned with backup
C:\RECYCLER\S-1-5-21-1614886703-2516698523-2930044957-1009\Dc11\Ultra Autobuyer - NBH (Neopets programs,cheats,hacks and more!)\Ultra Autobuyer - NBH.exe -> Backdoor.Small : Cleaned with backup
C:\RECYCLER\S-1-5-21-1614886703-2516698523-2930044957-1009\Dc7.zip/Ultra Autobuyer - NBH (Neopets programs,cheats,hacks and more!)/Ultra Autobuyer - NBH.exe -> Backdoor.Small : Cleaned with backup
C:\RECYCLER\S-1-5-21-1614886703-2516698523-2930044957-1010\Dc42.zip/Everything Neopets/Good AB/Ultra Autobuyer - NBH.exe -> Backdoor.Small : Cleaned with backup
C:\RECYCLER\S-1-5-21-1614886703-2516698523-2930044957-1010\Dc45\Ultra Autobuyer - NBH.exe -> Backdoor.Small : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\loader2.exe -> Adware.Azesearch : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\loader2.exe -> Adware.Azesearch : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Cleaned with backup
::Report End
Hijack This Log:
Logfile of HijackThis v1.99.1
Scan saved at 7:52:42 AM, on 5/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\AOL\1144542412\ee\aolsoftware.exe
c:\program files\common files\aol\1144542412\ee\aim6.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser[/url]
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [url]https://secure.logmein.com/activex/RACtrl.cab[/url]
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet: C:\Documents and Settings\Compaq_Owner\My Documents\peskyadsbegone.css (file missing)
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Edited by mike_2000_17 because: Fixed formatting
eltommyo 0 Junior Poster in Training
Even after the scans and stuff, I still can't stay logged in! Please help me!
eltommyo 0 Junior Poster in Training
plus, PHP-Fusion, when you are logging in, has a little checkbox, it doesnt say what it is, but when i check it, i can log in!!!! What's up wtih that?!?!
crunchie 990 Most Valuable Poster Team Colleague Featured Poster
That's probably the box that allows you to remain logged in :).
tayspen 28 <Insert title here> Team Colleague
Hehe, sounds like it does :)
caperjack 875 I hate 20 Questions Team Colleague
running both AVG and MCafee why ! only one is need and recomended
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.