Click on link and end up elsewhere..........

[mjstef]

I can do a Yahoo search, Click on a link in the search but end up on a totally different page usually trying to sell me something. I run Spybot and Spyware blaster and niether are coming up with any issues. What is going on?? I am also having connection problems. I have talked to my ISP and they say its upline from them and they cannot do anything about it. Here is the e-mail i sent them:

I have been having problems all weekend. I talked to Tech support 2X and got no answers either time. Then last night and this morning everything was working fine. Now its 11 am and problems again!!! I can get to the newspaper; http://www.helenair.com/ Then when i go to the classifieds; http://www.helenair.com/classifieds/ or news; http://www.helenair.com/news/ Ect. the page takes about 5 minutes to load if it loads at all!!!!!! It does the same thing on my laptop as it does on my desktop!!!! I took my laptop to Starbucks and the page loads fine there so i am totally lost!!!!! This happens with many other pages too!! You can get to the homepage but going anywhere else is near impossible!!!

When i do a trace route it times out at hop 14 no matter where i am going.but slows down way before that. The timeout is always IP 69.22.128.2(some other#'s but my CMD screen will not let me see them)

[JeanInMontana]

Hi there mjstef, and welcome to Malwarebytes.

If you haven't already, please get these programs, update and run a complete scan removing all items found.

Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this.

AVG AntiSpyware Be sure to "take action"

Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.

Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This!

You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.

I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

[mjstef]

Hi there mjstef, and welcome to Malwarebytes.

If you haven't already, please get these programs, update and run a complete scan removing all items found.

Spybot Search & Destroy Be sure to use the immunize feature. But do not enable TeaTimer at this time. Use the tutorial feature in the help tab to see how to go about this.

AVG AntiSpyware Be sure to "take action"

Then go here and run a scan PandaActive Scan There is a full tutorial on how to to this at the top of this forum.

Post the logs from the Panda and AVG scans please, along with a log from this program HiJack This!

You will post three logs. 1. AVG scan. 2. Panda Active Scan. 3. HiJack This scan. You will finish the AVG first so go ahead and post that log, then move on to Panda and so forth.

I will analyze the logs and give you further instructions. Be patient and persistent. These things can take time and many procedures.

Will do!!! Funny someone from Montana replying to my post. You say south Central, Bozeman???? I am in Helena..............

[mjstef]

Here is the AVG logs......

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

+ Created at: 11:34:08 AM 12/4/2007

+ Scan result:

C:\Program Files\FireTune\FireTune.exe -> Backdoor.DSNX.05.a : Cleaned.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1067\A0171035.exe -> Downloader.Donn.af : Cleaned.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1009\A0132611.exe -> Downloader.Zlob.aum : Cleaned.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1009\A0132608.exe -> Downloader.Zlob.auq : Cleaned.

:mozilla.130:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.170:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.172:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.299:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.300:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.301:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.302:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.303:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.431:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.479:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.61:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.62:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.63:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.64:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.65:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.66:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@realnetworks.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@scrippshgtv.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.76:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.77:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.78:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.

:mozilla.99:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.294:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.295:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.296:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.297:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.298:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.50:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.98:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.329:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.

:mozilla.101:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.473:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.341:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.342:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.343:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.344:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.345:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.346:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.347:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.349:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.

:mozilla.17:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.282:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.92:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Enhance : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.

:mozilla.437:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.

:mozilla.438:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.272:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.273:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.274:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.275:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.19:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.20:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.21:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.34:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.37:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.38:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.39:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.405:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.406:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.409:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.40:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.410:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.419:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.420:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.43:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.45:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.46:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.487:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.498:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.499:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@ehg-foxsports.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Ronda\Cookies\ronda@ehg-nestleusainc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Ronda\Cookies\ronda@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.156:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.157:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.

:mozilla.533:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Info : Cleaned.

:mozilla.534:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Info : Cleaned.

:mozilla.532:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.

:mozilla.336:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.337:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.228:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned.

:mozilla.541:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

:mozilla.542:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.

:mozilla.313:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Msn : Cleaned.

:mozilla.314:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Msn : Cleaned.

:mozilla.315:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\Ronda\Cookies\ronda@search.msn[1].txt -> TrackingCookie.Msn : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.

:mozilla.199:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.200:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.485:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.486:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.412:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.413:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.414:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.415:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.416:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.417:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.418:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.53:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.54:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.55:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.56:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.57:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.58:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.59:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.212:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.213:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.277:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.278:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.279:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.217:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.218:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.219:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.323:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.324:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.325:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.326:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.327:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.133:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.256:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned.

:mozilla.257:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.

:mozilla.260:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.

:mozilla.229:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.230:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.231:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.48:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.50:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.51:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.52:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.53:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.54:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.57:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.240:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.280:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.85:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.86:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.88:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

C:\Documents and Settings\Ronda\Cookies\ronda@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.

:mozilla.335:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.

:mozilla.6:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.

:mozilla.269:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.270:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.271:C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.289:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.290:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.291:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.292:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.293:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.383:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.384:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.391:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.392:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.399:C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

C:\Documents and Settings\Matt\Cookies\matt@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1067\A0171033.exe -> Trojan.DNSChanger.hk : Cleaned.

C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1067\A0171034.exe -> Trojan.DNSChanger.hk : Cleaned.

::Report end

[mjstef]

I found that my new wireless router was not locked down and it looks like others have been on my network. It's locked up now so there is no access.........................

[JeanInMontana]

Wow, this is amazing. I have had two people from Montana join my website this past week. I can count the people from here I know on the WWW on my fingers. I'm in Livingston. Good you have your router password protected I hope? Thief is the nicest word for those that steal bandwidth.

Now AVG removed 6 trojans, that is good (that they are gone). Let's see what Panda finds and a HJT log also.

[mjstef]

No luck with the Panda. I didn't have Internet Exploder on my pc and have tried to load IE it a dozen times but it keeps telling me after it installs i need to re-boot and after re-boot i cannot find it!!! I tried loading another version of IE and it said there was already one version installed that needed a re-boot to install!!!! I have no idea what the heck is going on but this crap is one of the many reasons i quit using Exploder 4 years ago!!!! Don't know where to go from here!!!

The typical page that loads (the wrong page) says www.primaryfinder.com in the lower left of the screen when i click links. When i click back and then click the link again it goes to the page i really want.

[JeanInMontana]

So how do you do Windows Updates? You have to have IE for that. Are you going to say you haven't done an update for 4 years? I need to see all the logs you can post or we can't do much. HiJack This Log. You were/are infected. AVG got some but I would bet there is more.

[mjstef]

So how do you do Windows Updates? You have to have IE for that. Are you going to say you haven't done an update for 4 years? I need to see all the logs you can post or we can't do much. HiJack This Log. You were/are infected. AVG got some but I would bet there is more.

Here is the Hijack This log file............

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:11:54 PM, on 12/7/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv42.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\AWS\WeatherBug\Weather.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ms101.mysearch.com/sa/srchlft.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ms101.mysearch.com/sa/srchlft.html

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www.bilgerat.com:83

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll (file missing)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - (no file)

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll (file missing)

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - Global Startup: Logitech SetPoint.lnk = ?

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)

O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab

O16 - DPF: {16A7470E-229C-45F9-AE05-A87034FD14CF} - http://17.sharedsource.org/html/UDConn_5.2.1.3.cab?

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} - http://flipview.com/fvlite22/fvlite.cab

O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://floridakeysmedia.tv/axiscam/Codebas...sCamControl.ocx

O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai.net/7/19/7125/1452/ftp...02/cpbrkpie.cab

O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_a...asyInstallX.CAB

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{25BF67CF-11BA-448C-B98E-B62BD9381B68}: NameServer = 85.255.113.146,85.255.112.66

O17 - HKLM\System\CCS\Services\Tcpip\..\{366729B8-A8D3-4527-A697-49603371DCD0}: NameServer = 85.255.113.146,85.255.112.66

O17 - HKLM\System\CCS\Services\Tcpip\..\{84ABBBFB-DAC6-45FD-9BF9-4DF3D7F49F9B}: NameServer = 85.255.113.146,85.255.112.66

O17 - HKLM\System\CCS\Services\Tcpip\..\{96248422-6118-4900-AEE0-42396A7519EE}: NameServer = 85.255.113.146,85.255.112.66

O17 - HKLM\System\CCS\Services\Tcpip\..\{96F84264-8E72-4150-9DEF-362932A70252}: Domain = direcway.com

O17 - HKLM\System\CCS\Services\Tcpip\..\{96F84264-8E72-4150-9DEF-362932A70252}: NameServer = 85.255.113.146,85.255.112.66

O17 - HKLM\System\CCS\Services\Tcpip\..\{AA4955B1-EAF9-4040-8FD9-F757D9A85123}: NameServer = 85.255.113.146,85.255.112.66

O17 - HKLM\System\CCS\Services\Tcpip\..\{D06FC138-3D21-4A17-964D-73B2D2FD70D1}: NameServer = 85.255.113.146,85.255.112.66

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66

O17 - HKLM\System\CS1\Services\Tcpip\..\{25BF67CF-11BA-448C-B98E-B62BD9381B68}: NameServer = 85.255.113.146,85.255.112.66

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66

O17 - HKLM\System\CS2\Services\Tcpip\..\{25BF67CF-11BA-448C-B98E-B62BD9381B68}: NameServer = 85.255.113.146,85.255.112.66

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.146 85.255.112.66

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\Plugin Manager\Skype4COM.dll

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

O23 - Service: WUSB54Gv42SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

O24 - Desktop Component 0: (no name) - http://www.fordcummins.com/downonhome.jpg

--

End of file - 11736 bytes

[JeanInMontana]

OK your log shows clearly that you do have IE and the most current version. Now please go through the tutorial on how to run a Panda scan and post that log.

[mjstef]

OK your log shows clearly that you do have IE and the most current version. Now please go through the tutorial on how to run a Panda scan and post that log.

I cannot find IE to open it. I tried in Firefox but it says i need IE. Not in my program list or my desktop anywhere. Where is it if i have it????

[JeanInMontana]

Look in Add/Remove programs Windows Components. Or the Windows folder on your HD, mine is also listed in the Start menu. Do a reinstall of it and make sure you add a desktop icon if that's what it takes to find it.

I am laying low with a bug so, sorry for the late response. Feel like crap.

[mjstef]

OK, I found IE in add and remove components but it only gives me the option to remove. Should i remove all the IE stuff there and just try to re-load it???

[mjstef]

Never mind, Got it in a round about way. Doing the panda scan now.............

[mjstef]

Here is the logs............

Incident Status Location

Dialer:dialer.bny Not disinfected c:\windows\pcconfig.dat

Adware:adware/cws Not disinfected C:\Documents and Settings\Matt\Favorites\Health

Dialer:dialer.dip Not disinfected HKEY_CLASSES_ROOT\TypeLib\{DC3185AE-864F-4E62-9321-0E9FA1CBE6A4}

Potentially unwanted tool:application/iwon Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA0B9B71-C2AF-11D3-B376-0800460222F0}

Spyware:spyware/bundleware Not disinfected Windows Registry

Adware:adware/navhelper Not disinfected Windows Registry

Adware:adware/wintools Not disinfected Windows Registry

Potentially unwanted tool:application/myway Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}

Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[ad.yieldmanager.com/]

Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.www.myaffiliateprogram.com/]

Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.adrevolver.com/]

Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.adultfriendfinder.com/]

Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.zedo.com/]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[server.iad.liveperson.net/]

Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[server.iad.liveperson.net/hc/13135887]

Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.com.com/]

Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.apmebf.com/]

Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.casalemedia.com/]

Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[www.burstbeacon.com/]

Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.yadro.ru/]

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.go.com/]

Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.enhance.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.sexlist.com/]

Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.fastclick.net/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.tribalfusion.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.advertising.com/]

Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[statse.webtrendslive.com/]

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\myle96hz.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt[.go.com/]

Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt[.questionmarket.com/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt[.ehg-dig.hitbox.com/]

Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt[.ehg-dig.hitbox.com/]

Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt[.ads.pointroll.com/]

Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt[.bravenet.com/]

Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt[.ct.360i.com/]

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Ronda\Application Data\Mozilla\Firefox\Profiles\m6rc3ck6.default\cookies.txt[.target.com/]

Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Ronda\Cookies\ronda@atwola[1].txt

Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Ronda\Cookies\ronda@go[2].txt

Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Ronda\Cookies\ronda@hc2.humanclick[2].txt

Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Ronda\Cookies\ronda@maxserving[1].txt

Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Ronda\Cookies\ronda@mysearch[1].txt

Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Ronda\Cookies\ronda@target[1].txt

Potentially unwanted tool:Application/Leaktest.A Not disinfected C:\Program Files\leaktest.exe

[JeanInMontana]

Please download this file: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow">

SDFix.exe

* Open the extracted SDFix folder and double click RunThis.bat to start the script.

* Type Y to begin the cleanup process.

* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

* Press any Key and it will restart the PC.

* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

(Report.txt will also be copied to Clipboard ready for posting back on the forum).

* Finally paste the contents of the Report.txt back on the forum.

Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please.

[mjstef]

Please download this file:

SDFix.exe

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow">

* Open the extracted SDFix folder and double click RunThis.bat to start the script.

* Type Y to begin the cleanup process.

* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

* Press any Key and it will restart the PC.

* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

(Report.txt will also be copied to Clipboard ready for posting back on the forum).

* Finally paste the contents of the Report.txt back on the forum.

Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please.

OK, I read your instruction over and over and over. It looks like from the file i downloaded i need to start the pc in safe mode. How do you do that???

[JeanInMontana]

Just follow the directions. Double click the file, it will extract itself by default to C:\ click install. Go to your C drive and open the folder SDFix and double click on the file RunThis. All you need to do is follow the prompts and post the logs.

To answer your question, To boot to safe mode you reboot the PC and begin tapping the F8 key as soon as you here the beep or as soon as you reboot. You don't need to do that.

[mjstef]

Just follow the directions. Double click the file, it will extract itself by default to C:\ click install. Go to your C drive and open the folder SDFix and double click on the file RunThis. All you need to do is follow the prompts and post the logs.

To answer your question, To boot to safe mode you reboot the PC and begin tapping the F8 key as soon as you here the beep or as soon as you reboot. You don't need to do that.

OK i ran it but the box dissapeared while i was in the Garage. I found a quarintine file in C drive. Is this what you are looking for??? I have tried to copy and paste here but it won't let me.........

[JeanInMontana]

I don't know what the quarantine would be, it should have a folder name. I need this

* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt and a new HJT

[mjstef]

I don't know what the quarantine would be, it should have a folder name. I need this

* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt and a new HJT

This is all i can find. I even re-loaded the deal and watched it but as soon as it was done, POOF!!!! It was gone!!!

Norman Malware Cleaner

Copyright

[mjstef]

Here is a screen shot. Is what you need in there???

On Edit: This site wouldn't let me upload a JPEG file so i dumped it on my Photobucket account..........

[JeanInMontana]

This is all i can find. I even re-loaded the deal and watched it but as soon as it was done, POOF!!!! It was gone!!!

Norman Malware Cleaner

Copyright

[JeanInMontana]

I don't understand why you will not scan with the program I have requested. I deleted a scan from A Squared in your latest post. It does show Weather Bug installed. I would remove it if it were me. I would also scan with this program below and post the log as requested and a new HJT log.

Please download this file: http://downloads.andymanchesta.com/RemovalTools/SDFix.exe' rel="external nofollow">

SDFix.exe

* Open the extracted SDFix folder and double click RunThis.bat to start the script.

* Type Y to begin the cleanup process.

* It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.

* Press any Key and it will restart the PC.

* When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.

* Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

(Report.txt will also be copied to Clipboard ready for posting back on the forum).

* Finally paste the contents of the Report.txt back on the forum.

Reboot your system in Normal Mode. Then post the SDFix log and a new HJT log please.

[mjstef]

Jean i DID all of that and i still do not have the file you want! Look at the screen shot above in my Photobucket account. THAT IS ALL I HAVE!!!!!!!!! I have no idea what the hell else to do besides F-Disc the hard drive and start over.