Incident Status Location
Spyware:Cookie/fe.lea.lycos Not disinfected C:\WINDOWS\Cookies\evan@fe.lea.lycos[1].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\WINDOWS\Cookies\evan@smni[1].txt
Spyware:Cookie/LinkExchange Not disinfected C:\WINDOWS\Cookies\default@linkexchange[1].txt
Spyware:Cookie/Preferences Not disinfected C:\WINDOWS\Cookies\default@preferences[1].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\default@go[1].txt
Spyware:Cookie/GoStats Not disinfected C:\WINDOWS\Cookies\evan@c2.gostats[3].txt
Spyware:Cookie/LinkExchange Not disinfected C:\WINDOWS\Cookies\evan@linkexchange[1].txt
Spyware:Cookie/web-stat Not disinfected C:\WINDOWS\Cookies\evan@www.web-stat[1].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\evan@go[1].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\evan@go[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\WINDOWS\Cookies\evan@mediaplex[1].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\louise@go[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\WINDOWS\Cookies\evan@doubleclick[1].txt
Spyware:Cookie/GoStats Not disinfected C:\WINDOWS\Cookies\evan@c2.gostats[4].txt
Spyware:Cookie/web-stat Not disinfected C:\WINDOWS\Cookies\evan@www.web-stat[3].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\evan@com[3].txt
Spyware:Cookie/Seeq Not disinfected C:\WINDOWS\Cookies\evan@www48.seeq[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\Cookies\evan@rn11[1].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\evan@go[3].txt
Spyware:Cookie/web-stat Not disinfected C:\WINDOWS\Cookies\evan@www.web-stat[2].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\WINDOWS\Cookies\evan@www.affiliatefuel[1].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\evan@go[4].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\WINDOWS\Cookies\evan@smni[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\WINDOWS\Cookies\evan@ad.yieldmanager[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\Cookies\evan@atdmt[2].txt
Spyware:Cookie/Buzztone Not disinfected C:\WINDOWS\Cookies\evan@www.buzztone[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\evan@www.myaffiliateprogram[2].txt
Spyware:Cookie/Advertising Not disinfected C:\WINDOWS\Cookies\evan@advertising[2].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\evan@go[6].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\evan@dist.belnk[3].txt
Spyware:Cookie/Mp3s Hits Not disinfected C:\WINDOWS\Cookies\evan@www.mp3shits[1].txt
Spyware:Cookie/Target Not disinfected C:\WINDOWS\Cookies\evan@target[1].txt
Spyware:Cookie/Target Not disinfected C:\WINDOWS\Cookies\evan@target[4].txt
Spyware:Cookie/Gorillanation Not disinfected C:\WINDOWS\Cookies\evan@ads.gorillanation[1].txt
Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Cookies\evan@xiti[1].txt
Spyware:Cookie/Buzztone Not disinfected C:\WINDOWS\Cookies\evan@www.buzztone[1].txt
Spyware:Cookie/Xmts Not disinfected C:\WINDOWS\Cookies\evan@xmts[1].txt
Spyware:Cookie/did-it Not disinfected C:\WINDOWS\Cookies\evan@did-it[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\evan@www.myaffiliateprogram[3].txt
Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\Cookies\evan@rn11[3].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\evan@go[5].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\evan@go[11].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\evan@www.myaffiliateprogram[1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\evan@ath.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\evan@belnk[3].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\evan@dist.belnk[4].txt
Spyware:Cookie/360i Not disinfected C:\WINDOWS\Cookies\evan@ct.360i[1].txt
Spyware:Cookie/Enhance Not disinfected C:\WINDOWS\Cookies\evan@c.enhance[1].txt
Spyware:Cookie/Target Not disinfected C:\WINDOWS\Cookies\evan@target[2].txt
Spyware:Cookie/GoStats Not disinfected C:\WINDOWS\Cookies\evan@c2.gostats[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\evan@www.burstbeacon[2].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\evan@go[7].txt
Spyware:Cookie/Rightmedia Not disinfected C:\WINDOWS\Cookies\evan@rightmedia[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\evan@www.myaffiliateprogram[4].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\WINDOWS\Cookies\evan@fe.lea.lycos[2].txt
Spyware:Cookie/360i Not disinfected C:\WINDOWS\Cookies\louise@ct.360i[1].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\evan@go[10].txt
Spyware:Cookie/web-stat Not disinfected C:\WINDOWS\Cookies\evan@www.web-stat[4].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\evan@www.burstbeacon[3].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\evan@com[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\evan@www.myaffiliateprogram[5].txt
Spyware:Cookie/Buydomains Not disinfected C:\WINDOWS\Cookies\evan@www47.buydomains[1].txt
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Cookies\evan@atwola[1].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\WINDOWS\Cookies\evan@spywarestormer[1].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\evan@dist.belnk[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\evan@burstnet[1].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\evan@go[8].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\louise@dist.belnk[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\evan@www.burstbeacon[1].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\WINDOWS\Cookies\evan@spywarestormer[2].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\louise@belnk[2].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\louise@ath.belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\louise@burstnet[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\WINDOWS\Cookies\louise@i.screensavers[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\louise@www.myaffiliateprogram[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\louise@www.burstbeacon[2].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\WINDOWS\Cookies\louise@entrepreneur[1].txt
Spyware:Cookie/GoStats Not disinfected C:\WINDOWS\Cookies\louise@gostats[2].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\WINDOWS\Cookies\louise@spywarestormer[2].txt
Spyware:Cookie/Xiti Not disinfected C:\WINDOWS\Cookies\louise@xiti[1].txt
Spyware:Cookie/Target Not disinfected C:\WINDOWS\Cookies\louise@target[2].txt
Spyware:Cookie/web-stat Not disinfected C:\WINDOWS\Cookies\louise@www.web-stat[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\WINDOWS\Cookies\louise@rn11[2].txt
Spyware:Cookie/WinFixer Not disinfected C:\WINDOWS\Cookies\louise@winfixer[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\WINDOWS\Cookies\louise@stats1.reliablestats[1].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\louise@com[2].txt
Spyware:Cookie/did-it Not disinfected C:\WINDOWS\Cookies\louise@did-it[1].txt
Spyware:Cookie/64.62.232 Not disinfected C:\WINDOWS\Cookies\evan@64.62.232[4].txt
Spyware:Cookie/360i Not disinfected C:\WINDOWS\Cookies\evan@ct.360i[3].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\evan@ath.belnk[2].txt
Spyware:Cookie/Belnk Not disinfected C:\WINDOWS\Cookies\evan@belnk[1].txt
Spyware:Cookie/Yadro Not disinfected C:\WINDOWS\Cookies\evan@yadro[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\evan@www.myaffiliateprogram[6].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\evan@burstnet[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\evan@www.burstbeacon[5].txt
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Cookies\evan@atwola[2].txt
Spyware:Cookie/did-it Not disinfected C:\WINDOWS\Cookies\evan@did-it[1].txt
Spyware:Cookie/Servlet Not disinfected C:\WINDOWS\Cookies\evan@servlet[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\evan@burstnet[4].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\evan@www.burstbeacon[6].txt
Spyware:Cookie/Target Not disinfected C:\WINDOWS\Cookies\evan@target[5].txt
Spyware:Cookie/360i Not disinfected C:\WINDOWS\Cookies\evan@ct.360i[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\WINDOWS\Cookies\evan@cgi-bin[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\WINDOWS\Cookies\evan@entrepreneur[2].txt
Spyware:Cookie/did-it Not disinfected C:\WINDOWS\Cookies\evan@did-it[4].txt
Spyware:Cookie/360i Not disinfected C:\WINDOWS\Cookies\evan@ct.360i[4].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\WINDOWS\Cookies\evan@www.myaffiliateprogram[8].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\WINDOWS\Cookies\evan@cgi-bin[3].txt
Spyware:Cookie/Target Not disinfected C:\WINDOWS\Cookies\evan@target[3].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\WINDOWS\Cookies\evan@cgi-bin[4].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\evan@www.burstbeacon[7].txt
Spyware:Cookie/Target Not disinfected C:\WINDOWS\Cookies\anyuser@target[1].txt
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Cookies\anyuser@atwola[1].txt
Spyware:Cookie/Com.com Not disinfected C:\WINDOWS\Cookies\anyuser@com[1].txt
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\Cookies\evan@atwola[3].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\evan@go[9].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\evan@burstnet[3].txt
Spyware:Cookie/Target Not disinfected C:\WINDOWS\Cookies\evan@target[6].txt
Spyware:Cookie/Go Not disinfected C:\WINDOWS\Cookies\evan@go[13].txt
Spyware:Cookie/BurstNet Not disinfected C:\WINDOWS\Cookies\evan@burstnet[5].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\WINDOWS\Cookies\evan@www.burstbeacon[4].txt
===========================================================
Logfile of HijackThis v1.99.1
Scan saved at 4:47:02 PM, on 2/6/2007
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\R_SERVER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTSERVICE.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAM FILES\TIMERC\TIMERC3.EXE
C:\WINDOWS\START MENU\PROGRAMS\STARTUP\TITIME.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
E:\1VIRUS & SECURITY STUFF\HIJACKTHIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://us.f905.mail....e...&y5beta=yes
F1 - win.ini: run=hpfsched
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CompaqPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [r_server] C:\WINDOWS\SYSTEM\R_SERVER.EXE /service
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\RunServices: [GhostStartService] C:\PROGRAM FILES\SYMANTEC\NORTON GHOST 2003\GHOSTSTARTSERVICE.EXE
O4 - HKLM\..\RunServices: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakLogon
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - Startup: TimeRC 3.0.lnk = C:\Program Files\TimeRC\TimeRC3.exe
O4 - Startup: TiTime.exe
O8 - Extra context menu item: Atomica... - file:C:\PROGRA~1\ATOMICA\ATOMIC~1\Html\griemenu.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_10\BIN\SSV.DLL
O14 - IERESET.INF: START_PAGE_URL=http://www.e4me.com/start.html
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) -
http://download.toon...5.37/ttinst.cab
O16 - DPF: {C9E2242D-DC05-4C54-9483-A5C90653F7BC} (SFClientControl Object) -
https://skyfex.net/C...SFClientPro.cab
O16 - DPF: {7238A364-D686-4A88-B1AF-1223D6E9497A} (SFClientFree Object) -
https://skyfexfree.n.../ClientFree.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cab