Show Posts

1

Tech Clinic / help please

« on: May 20, 2006, 04:26:22 PM »

yes there is one other user on the computer with adminstrative priviledges

Ad-Aware SE Personal
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.5
Adobe Stock Photos 1.0
AOL Connectivity Services
AOL Instant Messenger
AOL Spyware Protection
AOL Uninstaller (Choose which Products to Remove)
Bonjour
CC_ccProxyExt
ccCommon
ccPxyCore
CleanUp!
Conexant AC-Link Audio
Digital Media Reader
ewido anti-malware
HijackThis 1.99.1
Intel® Extreme Graphics 2 Driver
iPod for Windows 2006-01-10
iTunes
J2SE Runtime Environment 5.0 Update 3
Learn2 Player (Uninstall Only)
LimeWire PRO 4.8.1
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
McAfee AntiSpyware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Money 2005
Microsoft Works
Mozilla Firefox (1.5)
MSRedist
MX240a
Nero BurnRights
Nero OEM
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton WMI Update
Norton WMI Update
Panda ActiveScan
Panda Antivirus Platinum
PowerDVD
QuickTime
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
SPBBC
Spybot - Search & Destroy 1.4
Symantec Script Blocking Installer
SymNet
Synaptics Pointing Device Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Viewpoint Media Player
Windows Backup Utility
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781

2

Tech Clinic / help please

« on: May 20, 2006, 11:07:19 AM »

I found the folder using Run, although there is nothing in the folder (not even hidden), and I can not delete it because I have nothing to move to the recycle bin.

I also can not get rid of the keylog because it is not in my programs list, and I can not find it.

3

Tech Clinic / help please

« on: May 16, 2006, 09:30:54 PM »

I got rid of all of them except C:\WINDOWS\IA\KE.vbs
It's here somewhere, but I can't find it no matter what I do. If I try to run it (I have scripts blocked...), it'll come up as script blocked rather than saying that the file is not on the computer. I also looked for it through the search (even to look for hidden files).. and that didn't come up either- and yes, how would I go about getting rid of the keylog?

4

Tech Clinic / help please

« on: May 16, 2006, 02:59:13 PM »

Logfile of HijackThis v1.99.1
Scan saved at 3:56:43 PM, on 5/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Michael\Desktop\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - AppInit_DLLs: sfklg.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on:         3:46:19 PM, 5/16/2006
+ Report-Checksum:      97A7ED34

+ Scan result:

   HKU\.DEFAULT\Software\DNS -> Adware.Shorty : Cleaned with backup
   HKU\S-1-5-21-3697448870-4166010026-348496076-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup
   HKU\S-1-5-21-3697448870-4166010026-348496076-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
   HKU\S-1-5-18\Software\DNS -> Adware.Shorty : Cleaned with backup
   [1016] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Cleaned with backup
   [1028] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [1196] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [1244] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [1288] C:\WINDOWS\System32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [1400] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [1436] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [1760] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [1864] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [1936] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [2036] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [264] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [1600] C:\WINDOWS\System32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [672] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [2080] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [2152] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [2200] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [2248] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [1692] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   [3448] C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Error during cleaning
   :mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
   :mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
   :mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
   :mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   :mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   :mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   :mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.122:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
   :mozilla.139:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
   :mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.150:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.247:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.248:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.252:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.260:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
   :mozilla.261:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
   :mozilla.279:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.280:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.281:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.282:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.303:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.304:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.305:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.306:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.307:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.308:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.309:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.311:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.312:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.325:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
   :mozilla.328:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.329:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.355:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
   :mozilla.364:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.365:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.366:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.367:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.368:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.374:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.375:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.382:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.383:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.415:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.416:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.417:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.435:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.436:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.437:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.442:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
   :mozilla.443:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
   :mozilla.444:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
   :mozilla.471:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
   C:\Program Files\Network\ipnetwork.exe -> Adware.Maxifiles : Cleaned with backup
   C:\Program Files\Windows NT\horego.dll -> Downloader.Small.ctb : Cleaned with backup
   C:\WINDOWS\keyboard15.exe -> Downloader.Adload.ay : Cleaned with backup
   C:\WINDOWS\lsalxqo.exe -> Hijacker.VB.ij : Cleaned with backup
   C:\WINDOWS\lsalxqoA.exe -> Hijacker.VB.ij : Cleaned with backup
   C:\WINDOWS\mousepad15.exe -> Hijacker.VB.mo : Cleaned with backup
   C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
   C:\WINDOWS\newname15.exe -> Downloader.Adload.ay : Cleaned with backup
   C:\WINDOWS\pss\rheqf.exeCommon Startup -> Downloader.Qoologic.bj : Cleaned with backup
   C:\WINDOWS\system32\ad.html -> Hijacker.Agent.e : Cleaned with backup
   C:\WINDOWS\system32\sfklg.dll -> Not-A-Virus.Monitor.Win32.Sfkeylogger.a : Cleaned with backup
   C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
   C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
   C:\WINDOWS\wallpap.exe -> Hijacker.Agent.gp : Cleaned with backup
   C:\WINDOWS\win32072026-140079.exe -> Adware.Enbrow : Cleaned with backup

::Report End

I believe I am using all of Panda, and internet security from McAfee

5

Tech Clinic / help please

« on: May 15, 2006, 07:14:09 PM »

Logfile of HijackThis v1.99.1
Scan saved at 8:12:33 PM, on 5/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\lsalxqoA.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
C:\Documents and Settings\Michael\Desktop\hijackthis\HijackThis.exe
c:\program files\mcafee.com\shared\mcinfo.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EBAEEFD6-942A-418F-A6FC-E373A98041D8} - C:\Program Files\Windows NT\horego.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [yqwhyi] C:\WINDOWS\system32\ayrpyk.exe reg_run
O4 - HKLM\..\Run: [lsalxqoA] C:\WINDOWS\lsalxqoA.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [vndia] C:\WINDOWS\system32\ayrpyk.exe reg_run
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - AppInit_DLLs: sfklg.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

6

Tech Clinic / help please

« on: May 14, 2006, 06:30:36 PM »

My computer won't start up into safe mode. I tap F8 when required, but it won't go to that part- it'll skip where it's at and go right up to where windows starts up.

7

Tech Clinic / help please

« on: May 03, 2006, 07:41:49 PM »

Yes, I do have a keylogger that was put on my computer by my parents to make sure I don't do anything bad with my laptop.. but I can not get rid of it... here are the results of the scan:

Wed 05/03/2006
Running from: C:\FindQool
PLEASE NOTE: LEGIT FILES MIGHT BE LISTED. IF YOU ARE UNSURE OF WHAT IS LISTED LEAVE THEM ALONE.

Known file names

MD5 Check....

Files found with locate com.
Re-check using dir /a:-d
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
...

...
Runs, Listed here as a Doublecheck for the locate com results
HKLM
"yqwhyi"="C:\\WINDOWS\\system32\\ayrpyk.exe reg_run"
HKCU
"vndia"="C:\\WINDOWS\\system32\\ayrpyk.exe reg_run"
...

Files In Winlogon shell and userinit
Listed here as a Doublecheck for the locate com results
shell REG_SZ Explorer.exe
userinit REG_SZ C:\WINDOWS\system32\Userinit.exe,
...
SWReg utility
Written by Bobbi Flekman © 2005
Findqool edited 4/05/2006

8

Tech Clinic / help please

« on: May 03, 2006, 06:01:35 PM »

Did all of that.. here's the logfile.

Logfile of HijackThis v1.99.1
Scan saved at 7:00:26 PM, on 5/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\lsalxqoA.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Upgrader.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Michael\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EBAEEFD6-942A-418F-A6FC-E373A98041D8} - C:\Program Files\Windows NT\horego.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [yqwhyi] C:\WINDOWS\system32\ayrpyk.exe reg_run
O4 - HKLM\..\Run: [lsalxqoA] C:\WINDOWS\lsalxqoA.exe
O4 - HKCU\..\Run: [vndia] C:\WINDOWS\system32\ayrpyk.exe reg_run
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - AppInit_DLLs: sfklg.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

9

Tech Clinic / help please

« on: May 02, 2006, 06:26:30 PM »

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 5/2/2006 7:14:03 PM

Infected! C:\WINDOWS\system32\iaeshare.dll
Infected! C:\WINDOWS\system32\WTDRMdev.dll

Attempting to delete infected files...

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Control Panel
Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3FFA4212-DCB7-4852-95F9-564C7986B07B}"
HKCR\Clsid\{3FFA4212-DCB7-4852-95F9-564C7986B07B}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F77F5D7D-6188-48B3-84E7-977236DE8347}"
HKCR\Clsid\{F77F5D7D-6188-48B3-84E7-977236DE8347}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file

Restoring SeDebugPrivilege for Administrators - Succeeded

Logfile of HijackThis v1.99.1
Scan saved at 7:22:41 PM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\lsalxqoA.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\apvxdwin.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Michael\Desktop\hijackthis\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\qjjty.exe
F2 - REG:system.ini: UserInit=userinit.exe,bepxjpv.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EBAEEFD6-942A-418F-A6FC-E373A98041D8} - C:\Program Files\Windows NT\horego.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [lsalxqoA] C:\WINDOWS\lsalxqoA.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - AppInit_DLLs: sfklg.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

10

Tech Clinic / help please

« on: May 01, 2006, 08:32:45 PM »

Logfile of HijackThis v1.99.1
Scan saved at 2:18:19 PM, on 4/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1134603453\ee\AOLSoftware.exe
C:\Program Files\Network\ipnetwork.exe
C:\windows\mousepad15.exe
C:\WINDOWS\win32072026-140079.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\lsalxqoA.exe
C:\WINDOWS\system32\TASKMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Michael\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\qjjty.exe
F2 - REG:system.ini: UserInit=userinit.exe,bepxjpv.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EBAEEFD6-942A-418F-A6FC-E373A98041D8} - C:\Program Files\Windows NT\horego.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134603453\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard15.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad15.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname15.exe
O4 - HKLM\..\Run: [win32072026-140079] C:\WINDOWS\win32072026-140079.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [lsalxqoA] C:\WINDOWS\lsalxqoA.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O20 - AppInit_DLLs: sfklg.dll
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\iaeshare.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\WTDRMdev.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Flash (Macromedia) - Unknown owner - C:\WINDOWS\flash8player.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe

11

Tech Clinic / "Your computer is infected!"

« on: April 30, 2006, 01:32:04 PM »

I am having this same problem.. I will send all of the logs and maybe you can help me... Pandas:

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.ehg-ads.hitbox.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.centrport.net/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.com.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Microsofte Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[hc2.humanclick.com/hc/74330191]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\6jnjxuk0.default\cookies.txt[server.iad.liveperson.net/hc/79072604]
Spyware:Cookie/Allthatsearch Not disinfected C:\Documents and Settings\Michael\Cookies\michael@10102[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Michael\Cookies\michael@888[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/SearchingBooth Not disinfected C:\Documents and Settings\Michael\Cookies\michael@adamg[2].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Michael\Cookies\michael@adrevolver[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Michael\Cookies\michael@adrevolver[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Michael\Cookies\michael@atwola[1].txt
Spyware:Cookie/SearchingBooth Not disinfected C:\Documents and Settings\Michael\Cookies\michael@aycm5[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michael\Cookies\michael@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Michael\Cookies\michael@burstnet[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Michael\Cookies\michael@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Michael\Cookies\michael@cassava[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Michael\Cookies\michael@com[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Michael\Cookies\michael@findwhat[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Michael\Cookies\michael@fortunecity[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Michael\Cookies\michael@Kiddo[1].txt
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Michael\Cookies\michael@kmpads[2].txt
Spyware:Cookie/LetitFind Not disinfected C:\Documents and Settings\Michael\Cookies\michael@LetitFind[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Michael\Cookies\michael@maxserving[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Michael\Cookies\michael@offeroptimizer[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michael\Cookies\michael@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Michael\Cookies\michael@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Michael\Cookies\michael@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Michael\Cookies\michael@revenue[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Michael\Cookies\michael@rn11[2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Michael\Cookies\[email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Michael\Cookies\michael@statcounter[1].txt
Spyware:Cookie/TargetSaver Not disinfected C:\Documents and Settings\Michael\Cookies\michael@targetsaver[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Michael\Cookies\michael@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Michael\Cookies\michael@tribalfusion[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Michael\Cookies\michael@wizzle[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Michael\Cookies\michael@zedo[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Michael\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Michael\Desktop\smitRem.exe[smitRem/Process.exe]
Adware:Adware/Deskwizz Not disinfected C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\5N9JHMVL\wallpap[1].exe
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Ssk.log
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.belnk.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.target.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[server.iad.liveperson.net/hc/22374775]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\24pu0u1k.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Adware:Adware/CommAd Not disinfected C:\WINDOWS\IA\KE.vbs
Adware:Adware/2Z0o Not disinfected C:\WINDOWS\lsalxqo.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_22.exe
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\newname.dat
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\WINDOWS\pf78.exe[SYSC00.exe]
Adware:Adware/Qoologic Not disinfected C:\WINDOWS\pss\rheqf.exeCommon Startup
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\ad.html
Adware:Adware/QoolAid Not disinfected C:\WINDOWS\system32\dmonwv.dll
Adware:Adware/Qoologic Not disinfected C:\WINDOWS\system32\fwhsk.dat
Adware:Adware/SearchAid Not disinfected C:\WINDOWS\uninstall_nmon.vbs
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\wallpap.exe

Logfile of HijackThis v1.99.1
Scan saved at 2:17:38 PM, on 4/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\AOL\1134603453\ee\AOLSoftware.exe
C:\Program Files\Network\ipnetwork.exe
C:\windows\mousepad15.exe
C:\WINDOWS\win32072026-140079.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\WINDOWS\lsalxqoA.exe
C:\WINDOWS\system32\TASKMAN.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Michael\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\qjjty.exe
F2 - REG:system.ini: UserInit=userinit.exe,bepxjpv.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EBAEEFD6-942A-418F-A6FC-E373A98041D8} - C:\Program Files\Windows NT\horego.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1134603453\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard15.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad15.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname15.exe
O4 - HKLM\

TheTechGuide Forum

News:

Messages - GunzOfSteel 921

Tech Clinic / help please

Tech Clinic / help please

Tech Clinic / help please

Tech Clinic / help please

Tech Clinic / help please

Tech Clinic / help please

Tech Clinic / help please

Tech Clinic / help please

Tech Clinic / help please

Tech Clinic / help please

Tech Clinic / "Your computer is infected!"