0

I have gone to sites with PHP-Fusion and after about 30 secs. I would be logged out. It is getting very annoying because Windows 98 is my only other choice and that computer is messed up just because it's old and my site is PHP-Fusion made. Please help me!

4
Contributors
9
Replies
10
Views
11 Years
Discussion Span
Last Post by caperjack
0

okiez, two things:

1. GPets Toolbar is my sites toolbar
2. I can get ewido on this computer!

Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 4:49:46 PM, on 5/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AIM95\aim.exe
C:\Documents and Settings\Shared.TIMESAVER\Desktop\HijackThis.exe
c:\program files\mcafee.com\agent\mcupdate.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\toolbar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O3 - Toolbar: GPets toolbar - {3c87fe63-07fc-463f-95e9-95448f30cdaf} - C:\Program Files\GPets\tbGPet.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzed029DUUS_ZZzer000
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager/plugin/IENetOpPlugin.ocx
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet: C:\Documents and Settings\Shared.TIMESAVER\Desktop\Tommy's Stuff\peskyadsbegone.css (file missing)
O20 - AppInit_DLLs: sfklg.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

0

Sorry it took so long for a reply ;).

Please check these items in HJT.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TY...rm1=seconduser

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll

O3 - Toolbar: GPets toolbar - {3c87fe63-07fc-463f-95e9-95448f30cdaf} - C:\Program Files\GPets\tbGPet.dll

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...9DUUS_ZZzer000

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab

O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn...taller_gmn.cab

O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bej...ploader_v6.cab

O16 - DPF: {E991BDE0-9816-4094-853E-6BDB60F0342D} (Get_ActiveX Control) - http://apps.corel.com/nos_dl_manager...etOpPlugin.ocx

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326

O20 - AppInit_DLLs: sfklg.dll

Click Fix Checked.

__________________________________________________

Go to Start>Control Panel>Add/Remove PRograms Uninstall: ViewPoint Media Player

__________________________________________________

Go to Start>Search.

Search for sfklg.dll, delete any instances found (You may need to go into safe mode to do this).

__________________________________________________

Begin by downloading CCleaner, and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files". 9. Press the "Apply" button and then the "OK" button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\Local Settings\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.

Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.

__________________________________________________

Please download ewido anti-malware it is a free version of the program.

  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  3. Launch ewido, there should be an icon on your desktop, double-click it.
  4. The program will now open to the main screen.
  5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  6. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

  • Open up Ewido
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
  • Close ewido anti-malware.

Reboot.

_______________________________________________________

Post the ewido log, and a new HJT log

0

Ewido Scan:

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:          7:51:19 AM, 5/19/2006
 + Report-Checksum:     7006116C

 + Scan result:

    HKU\S-1-5-21-1401908170-196881590-1984881829-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A19EF336-01D4-48E6-926A-FE7E1C747AED} -> Adware.MWSearch : Cleaned with backup
    HKU\S-1-5-21-1401908170-196881590-1984881829-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA7FF3F8-08BE-4CAC-BC00-94D91C6AE7F4} -> Adware.MWSearch : Cleaned with backup
    HKU\S-1-5-21-1401908170-196881590-1984881829-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\Compaq_Owner\Desktop\backups\backup-20060518-204800-153.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.11:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.63:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.68:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.69:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.70:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.71:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.72:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.74:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.75:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.76:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.77:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.78:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.79:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.96:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.97:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.104:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.105:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.106:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.129:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.130:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.132:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.136:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.156:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.157:C:\Documents and Settings\Mikhail\Application Data\Mozilla\Firefox\Profiles\default.m6r\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
    C:\Documents and Settings\Mikhail\Cookies\mikhail@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Mikhail\Cookies\mikhail@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Mikhail\Cookies\mikhail@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Mikhail\Cookies\mikhail@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
    C:\Documents and Settings\Mikhail\Cookies\mikhail@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\Mikhail\Cookies\mikhail@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
    C:\Documents and Settings\Mikhail\Cookies\mikhail@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Mikhail\Cookies\mikhail@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Mikhail\Cookies\mikhail@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Mikhail\Cookies\mikhail@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Mikhail\Cookies\mikhail@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@commission-junction[2].txt -> TrackingCookie.Commission-junction : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@com[2].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@ehg-wizardsofthecoast.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@spylog[2].txt -> TrackingCookie.Spylog : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@vdn.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
    C:\Documents and Settings\Mikhail.TIMESAVER\Cookies\mikhail@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.8:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.9:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Shared\Application Data\Mozilla\Firefox\Profiles\default.8q8\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Shared\Cookies\shared@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Shared\Cookies\shared@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Shared\Cookies\shared@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Shared\Cookies\shared@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\Shared\Cookies\shared@clickagents[1].txt -> TrackingCookie.Clickagents : Cleaned with backup
    C:\Documents and Settings\Shared\Cookies\shared@com[2].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Shared\Cookies\shared@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\Shared\Cookies\shared@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\Shared\Cookies\shared@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
    C:\Documents and Settings\Shared\Cookies\shared@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\Shared\Cookies\shared@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Shared\Cookies\shared@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Shared\Cookies\shared@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    C:\Program Files\MediaGateway\MediaGateway.exe -> Adware.WinAD : Cleaned with backup
    C:\Program Files\Mozilla Firefox\plugins\npclntax.dll -> Adware.Zango : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1401908170-196881590-1984881829-1011\Dc150.zip/AIMInvader.exe -> Not-A-Virus.Flooder.Win32.VB.n : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1401908170-196881590-1984881829-1011\Dc151\AIMInvader.exe -> Not-A-Virus.Flooder.Win32.VB.n : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1401908170-196881590-1984881829-1011\Dc203\trustin.dll -> Adware.Azesearch : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1614886703-2516698523-2930044957-1009\Dc11\Ultra Autobuyer - NBH (Neopets programs,cheats,hacks and more!)\Ultra Autobuyer - NBH.exe -> Backdoor.Small : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1614886703-2516698523-2930044957-1009\Dc7.zip/Ultra Autobuyer - NBH (Neopets programs,cheats,hacks and more!)/Ultra Autobuyer - NBH.exe -> Backdoor.Small : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1614886703-2516698523-2930044957-1010\Dc42.zip/Everything Neopets/Good AB/Ultra Autobuyer - NBH.exe -> Backdoor.Small : Cleaned with backup
    C:\RECYCLER\S-1-5-21-1614886703-2516698523-2930044957-1010\Dc45\Ultra Autobuyer - NBH.exe -> Backdoor.Small : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\loader2.exe -> Adware.Azesearch : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\loader2.exe -> Adware.Azesearch : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
    C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Cleaned with backup


::Report End

Hijack This Log:

Logfile of HijackThis v1.99.1
Scan saved at 7:52:42 AM, on 5/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\AOL\1144542412\ee\aolsoftware.exe
c:\program files\common files\aol\1144542412\ee\aim6.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser[/url]
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Neopets - {CD292324-974F-4224-D074-CACA427AA030} - C:\PROGRA~1\Neopets\Toolbar\toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - [url]https://secure.logmein.com/activex/RACtrl.cab[/url]
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet: C:\Documents and Settings\Compaq_Owner\My Documents\peskyadsbegone.css (file missing)
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Edited by mike_2000_17: Fixed formatting

0

Even after the scans and stuff, I still can't stay logged in! Please help me!

0

plus, PHP-Fusion, when you are logging in, has a little checkbox, it doesnt say what it is, but when i check it, i can log in!!!! What's up wtih that?!?!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.