I Am Not A Geek Forums where the men are men? and the sheep are scared

Fighting Malware - help is at hand!

~BD~ — Tue, 15 May 2012 17:52:36 GMT

Some great information in the 'Answer' - here:

http://answers.microsoft.com/en-us/w...e-2a3ade37091c

--
Dave - Not really a Microsoft Fan-boi! ;-)

SpywareBlaster

Buffalo — Fri, 11 May 2012 14:55:42 GMT

"Beauregard T. Shagnasty" wrote in
news:jojbr3$s9h$1@dont-email.me:

> Buffalo wrote:
>
>> I post a 'new' reply yesterday about a new definition update, but it
>> went into my old post. I didn't realize that if the new post had the
>> same subject as an older one, it would automatically go into the old
>> post.
>
> That only happens if you use a newsreader that threads by Subject
> instead of the proper way by Reference line.
>
> Some readers have options so you can choose.
>

Hola!

I haven't used Pan in ages... Does it still have the old school look and
feel?

--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

SpywareBlaster Def Update

Buffalo — Fri, 11 May 2012 01:59:57 GMT

~BD~ wrote:
> Autumn wrote:
>> On Fri, 11 May 2012 18:54:08 -0600, "Buffalo"
>> wrote:
>>
>>>
>>>
>>> Autumn wrote:
>>>> Thanks much.
>>>
>>> You're welcome.
>>> Any idea what happened to Silj ?
>>>
>>> Thanks,
>>> Buffalo
>>>
>>
>> No clue. I believe he lives in Canada.
>
>
> This is him! http://goo.gl/XD1V5 (Linkedin.com)
>
> Click on 'Blog' for confirmation!
>
> HTH

You probably need to be logged in to Linkedin.com to see that
information. Here's a screenshot: http://i47.tinypic.com/xbk41i.jpg

Siljaline's Blog may be seen here:
http://msmvps.com/blogs/siljaline/default.aspx

--
Dave

Cybercriminals offer bogus fraud insurance services

~BD~ — Thu, 10 May 2012 19:46:09 GMT

Security researchers from Trusteer have spotted a clever new technique
used by cybercriminals interested in optimizing their malicious
campaigns in an attempt to earn more revenue.

Here�s how it works:

The recent attack we discovered uses the Tatanga malware platform. In
the configuration file we captured, Tatanga notifies the online banking
victim via a web browser injection that their bank is offering free
insurance protection against online fraud.The victim is then presented
with a fake insurance account that claims to cover the total amount of
funds in their bank account. This fake insurance account is actually a
real bank account that belongs to a money mule.

The victim is told that they will be protected against any losses from
online fraud by this insurance coverage. In the final step, the victim
is prompted to authorize a transaction that they believe is to activate
the insurance coverage. In all likelihood, the victim does not expect
any funds will be transferred out of their account.To approve the
transaction the victim enters a one-time SMS password that is sent to
their mobile device. Unfortunately, the victim is actually approving a
transfer of funds from their account to the fraudster�s money mule account.

Despite the technological implementation behind the success of the
campaign relies on the Tatanga malware platform, a central role for the
success of the concept is played by money mules.

http://www.zdnet.com/blog/security/c...23?tag=nl.e036
--
Dave

Important Apple security updates for Snow Leopard and Lion - get'em today!

~BD~ — Thu, 10 May 2012 13:06:03 GMT

~BD~ <~BD~@nomail.afraid.org> wrote in
news:qOSdnaG65v2hIDbSnZ2dnUVZ7o2dnZ2d@bt.com:

> Hot on the heels of the iOS 5.1.1 release, Apple has pumped out a
> raft of security updates for Snow Leopard (OS X 10.6) and Lion (OS X
> 10.7) users.
>
> Helpful article, here:-
>
> http://nakedsecurity.sophos.com/2012...le-updates-for
> -snow-leopard-and-lion-get-em-today/?utm_source=Naked+Security+-+Sopho
> s+List&utm_medium=email&utm_campaign=0be0dc8239-naked%252Bsecurity
>

Seems apple can't brag about being safer than a PC anymore.. [g]

--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Re: Yahoo and online contacts spam??

Stephen Wolstenholme — Mon, 07 May 2012 16:34:32 GMT

On Mon, 07 May 2012 09:02:00 -0500, hank23@invalidated.org wrote:

>I keep getting request pop up in my Yahoo email account requesting
>that certain individuals be allowed to be added to my list of "online
>contacts".
>
>I realize this is from spammers - or malware spreaders, but can anyone
>be more specific as to what in the heck this nonsense is? Is there
>any way to totally block this crap from appearing?

I get a few every day. Agent's junk detection catches all of them. The
same applies to all my email accounts, no spam or malware gets
through.

Steve

--
Neural Network Software. http://www.npsl1.com
EasyNN-plus. Neural Networks plus. http://www.easynn.com
SwingNN. Forecast with Neural Networks. http://www.swingnn.com
JustNN. Just Neural Networks. http://www.justnn.com

Re: Yahoo and online contacts spam??

David H. Lipman — Mon, 07 May 2012 15:21:47 GMT

From: "Virus Guy"

> "David H. Lipman" wrote:
>
>>>> I gave you a response on 5/3 within 10 minutes of your post.
>
>>> 5/3 - May 3'rd? Or March 5?
>>
>> May 3rd.
>
> I'm not seeing any post by "hank23" on May 3 in this newsgroup, nor your
> reply to him on that date. This server (AIOE) is not showing any post
> from you on May 3.
>
> I don't see any other post by hank23 other than the single post he made
> on Monday that started this thread.

I didn't indicate it was in this group.

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Google used malicious code to track Safari browser users againsttheir wishes.

Naum Zahran — Sun, 06 May 2012 04:07:00 GMT

Naum Zahran wrote in news:79c784c7-8f5d-4e45-8c74-
1cfd99f06904@a5g2000vbn.googlegroups.com:

> Same old ****.

So quit using Safari.
Just curious, how do you prounce "Naum Zahran"?
How the hell did you ever get a name like that?

--
�I don't have a solution but I admire the problem.

FBI wants surveillance backdoors in Gmail, Facebook, more

Virus Guy — Sat, 05 May 2012 13:23:40 GMT

FBI wants surveillance backdoors in Gmail, Facebook, more

http://news.cnet.com/8301-1009_3-574...web-sites-now/

------------
See also:

Going Dark: Lawful Electronic Surveillance in the Face of New
Technologies
http://www.fbi.gov/news/testimony/go...w-technologies
------------

4th May 2012 21:25 UTC

CNET learns the FBI is quietly pushing its plan to force surveillance
backdoors on social networks, VoIP, and Web e-mail providers, and that
the bureau is asking Internet companies not to oppose a law making those
backdoors mandatory.

The FBI is asking Internet companies not to oppose a controversial
proposal that would require firms, including Microsoft, Facebook, Yahoo,
and Google, to build in backdoors for government surveillance.

In meetings with industry representatives, the White House, and U.S.
senators, senior FBI officials argue the dramatic shift in communication
from the telephone system to the Internet has made it far more difficult
for agents to wiretap Americans suspected of illegal activities, CNET
has learned.

The FBI general counsel's office has drafted a proposed law that the
bureau claims is the best solution: requiring that social-networking Web
sites and providers of VoIP, instant messaging, and Web e-mail alter
their code to ensure their products are wiretap-friendly.

"If you create a service, product, or app that allows a user to
communicate, you get the privilege of adding that extra coding," an
industry representative who has reviewed the FBI's draft legislation
told CNET. The requirements apply only if a threshold of a certain
number of users is exceeded, according to a second industry
representative briefed on it.

The FBI's proposal would amend a 1994 law, called the Communications
Assistance for Law Enforcement Act, or CALEA, that currently applies
only to telecommunications providers, not Web companies. The Federal
Communications Commission extended CALEA in 2004 to apply to broadband
networks.

"Going Dark" timeline

June 2008: FBI Director Robert Mueller and his aides brief Sens. Barbara
Mikulski, Richard Shelby, and Ted Stevens on "Going Dark."

June 2008: FBI Assistant Director Kerry Haynes holds "Going Dark"
briefing for Senate appropriations subcommittee and offers a "classified
version of this briefing" at Quantico.

August 2008: Mueller briefed on Going Dark at strategy meeting.

September 2008: FBI completes a "high-level explanation" of CALEA
amendment package.

May 2009: FBI Assistant Director Rich Haley briefs Senate Intelligence
committee and Mikulsi staffers on how bureau is "dealing with the 'Going
Dark' issue.'" Mikulski plans to bring up "Going Dark" at a closed-door
hearing the following week.

May 2009: Haley briefs Rep. Dutch Ruppersberger, currently the top
Democrat on House Intelligence, who would later co-author CISPA.

September 2008: FBI staff briefed by RAND, which was commissioned to
"look at" Going Dark.

November 2008: FBI Assistant Director Marcus Thomas, who oversees the
Quantico-based Operational Technology Division, prepares briefing for
President-Elect Obama's transition team.

December 2008: FBI intelligence analyst in Communications Analysis Unit
begins analysis of VoIP surveillance.

February 2009: FBI memo to all field offices asks for anecdotal
information about cases where "investigations have been negatively
impacted" by lack of data retention or Internet interception.

March 2009: Mueller's advisory board meets for a full-day briefing on
Going Dark.

April 2009: FBI distributes presentation for White House meeting on
Going Dark.

April 2009: FBI warns that the Going Dark project is "yellow," meaning
limited progress, because of "new administration personnel not being in
place for briefings."

April 2009: FBI general counsel's office reports that the bureau's Data
Interception Technology Unit has "compiled a list of FISA dockets...
that the FBI has been unable to fully implement." That's a reference to
telecom companies that are already covered by the FCC's expansion of
CALEA.

May 2009: FBI's internal Wikipedia-knockoff Bureaupedia entry for
"National Lawful Intercept Strategy" includes section on "modernize
lawful intercept laws."

May 2009: FBI e-mail boasts that the bureau's plan has "gotten
attention" from industry, but "we need to strengthen the business case
on this."

June 2009: FBI's Office of Congressional Affairs prepares Going Dark
briefing for closed-door session of Senate Appropriations subcommittee.

July 2010: FBI e-mail says the "Going Dark Working Group (GDWG)
continues to ask for examples from Cvber investigations where
investigators have had problems" because of new technologies.

September 2010: FBI staff operations specialist in its Counterterrorism
Division sends e-mail on difficulties in "obtaining information from
Internet Service Providers and social-networking sites."

FBI Director Robert Mueller is not asking companies to support the
bureau's CALEA expansion, but instead is "asking what can go in it to
minimize impacts," one participant in the discussions says. That
included a scheduled trip this month to the West Coast -- which was
subsequently postponed -- to meet with Internet companies' CEOs and top
lawyers.

A further expansion of CALEA is unlikely to be applauded by tech
companies, their customers, or privacy groups. Apple (which distributes
iChat and FaceTime) is currently lobbying on the topic, according to
disclosure documents filed with Congress two weeks ago. Microsoft (which
owns Skype and Hotmail) says its lobbyists are following the topic
because it's "an area of ongoing interest to us." Google, Yahoo, and
Facebook declined to comment.

In February 2011, CNET was the first to report that then-FBI general
counsel Valerie Caproni was planning to warn Congress of what the bureau
calls its "Going Dark" problem, meaning that its surveillance
capabilities may diminish as technology advances. Caproni singled out
"Web-based e-mail, social-networking sites, and peer-to-peer
communications" as problems that have left the FBI "increasingly unable"
to conduct the same kind of wiretapping it could in the past.

In addition to the FBI's legislative proposal, there are indications
that the Federal Communications Commission is considering reinterpreting
CALEA to demand that products that allow video or voice chat over the
Internet -- from Skype to Google Hangouts to Xbox Live -- include
surveillance backdoors to help the FBI with its "Going Dark" program.
CALEA applies to technologies that are a "substantial replacement" for
the telephone system.

"We have noticed a massive uptick in the amount of FCC CALEA inquiries
and enforcement proceedings within the last year, most of which are
intended to address 'Going Dark' issues," says Christopher Canter, lead
compliance counsel at the Marashlian and Donahue law firm, which
specializes in CALEA. "This generally means that the FCC is laying the
groundwork for regulatory action."

Subsentio, a Colorado-based company that sells CALEA compliance products
and worked with the Justice Department when it asked the FCC to extend
CALEA seven years ago, says the FBI's draft legislation was prepared
with the compliance costs of Internet companies in mind.

In a statement to CNET, Subsentio President Steve Bock said that the
measure provides a "safe harbor" for Internet companies as long as the
interception techniques are "'good enough' solutions approved by the
attorney general."

Another option that would be permitted, Bock said, is if companies
"supply the government with proprietary information to decode
information" obtained through a wiretap or other type of lawful
interception, rather than "provide a complex system for converting the
information into an industry standard format."

A representative for the FBI told CNET today that: "(There are)
significant challenges posed to the FBI in the accomplishment of our
diverse mission. These include those that result from the advent of
rapidly changing technology. A growing gap exists between the statutory
authority of law enforcement to intercept electronic communications
pursuant to court order and our practical ability to intercept those
communications. The FBI believes that if this gap continues to grow,
there is a very real risk of the government 'going dark,' resulting in
an increased risk to national security and public safety."

Next steps

The FBI's legislation, which has been approved by the Department of
Justice, is one component of what the bureau has internally called the
"National Electronic Surveillance Strategy." Documents obtained by the
Electronic Frontier Foundation show that since 2006, Going Dark has been
a worry inside the bureau, which employed 107 full-time equivalent
people on the project as of 2009, commissioned a RAND study, and sought
extensive technical input from the bureau's secretive Operational
Technology Division in Quantico, Va. The division boasts of developing
the "latest and greatest investigative technologies to catch terrorists
and criminals."

But the White House, perhaps less inclined than the bureau to initiate
what would likely be a bruising privacy battle, has not sent the FBI's
CALEA amendments to Capitol Hill, even though they were expected last
year. (A representative for Sen. Patrick Leahy, head of the Judiciary
committee and original author of CALEA, said today that "we have not
seen any proposals from the administration.")

Mueller said in December that the CALEA amendments will be "coordinated
through the interagency process," meaning they would need to receive
administration-wide approval.

Stewart Baker, a partner at Steptoe and Johnson who is the former
assistant secretary for policy at Homeland Security, said the FBI has
"faced difficulty getting its legislative proposals through an
administration staffed in large part by people who lived through the
CALEA and crypto fights of the Clinton administration, and who are
jaundiced about law enforcement regulation of technology -- overly
jaundiced, in my view."

On the other hand, as a senator in the 1990s, Vice President Joe Biden
introduced a bill at the FBI's behest that echoes the bureau's proposal
today. Biden's bill said companies should "ensure that communications
systems permit the government to obtain the plain text contents of
voice, data, and other communications when appropriately authorized by
law." (Biden's legislation spurred the public release of PGP, one of the
first easy-to-use encryption utilities.)

The Justice Department did not respond to a request for comment. An FCC
representative referred questions to the Public Safety and Homeland
Security Bureau, which declined to comment.

From the FBI's perspective, expanding CALEA to cover VoIP, Web e-mail,
and social networks isn't expanding wiretapping law: If a court order is
required today, one will be required tomorrow as well. Rather, it's
making sure that a wiretap is guaranteed to produce results.

But that nuanced argument could prove radioactive among an Internet
community already skeptical of government efforts in the wake of
protests over the Stop Online Piracy Act, or SOPA, in January, and the
CISPA data-sharing bill last month. And even if startups or hobbyist
projects are exempted if they stay below the user threshold, it's hardly
clear how open-source or free software projects such as Linphone,
KPhone, and Zfone -- or Nicholas Merrill's proposal for a
privacy-protective Internet provider -- will comply.

The FBI's CALEA amendments could be particularly troublesome for Zfone.
Phil Zimmermann, the creator of PGP who became a privacy icon two
decades ago after being threatened with criminal prosecution, announced
Zfone in 2005 as a way to protect the privacy of VoIP users. Zfone
scrambles the entire conversation from end to end.

"I worry about the government mandating backdoors into these kinds of
communications," says Jennifer Lynch, an attorney at the San
Francisco-based Electronic Frontier Foundation, which has obtained
documents from the FBI relating to its proposed expansion of CALEA.

As CNET was the first to report in 2003, representatives of the FBI's
Electronic Surveillance Technology Section in Chantilly, Va., began
quietly lobbying the FCC to force broadband providers to provide
more-efficient, standardized surveillance facilities. The FCC approved
that requirement a year later, sweeping in Internet phone companies that
tie into the existing telecommunications system. It was upheld in 2006
by a federal appeals court.

But the FCC never granted the FBI's request to rewrite CALEA to cover
instant messaging and VoIP programs that are not "managed"--meaning
peer-to-peer programs like Apple's Facetime, iChat/AIM, Gmail's video
chat, and Xbox Live's in-game chat that do not use the public telephone
network.

If there is going to be a CALEA rewrite, "industry would like to see any
new legislation include some protections against disclosure of any trade
secrets or other confidential information that might be shared with law
enforcement, so that they are not released, for example, during open
court proceedings," says Roszel Thomsen, a partner at Thomsen and Burke
who represents technology companies and is a member of an FBI study
group. He suggests that such language would make it "somewhat easier"
for both industry and the police to respond to new technologies.

But industry groups aren't necessarily going to roll over without a
fight. TechAmerica, a trade association that includes representatives of
HP, eBay, IBM, Qualcomm, and other tech companies on its board of
directors, has been lobbying against a CALEA expansion. Such a law would
"represent a sea change in government surveillance law, imposing
significant compliance costs on both traditional (think local exchange
carriers) and nontraditional (think social media) communications
companies," TechAmerica said in e-mail today.

Ross Schulman, public policy and regulatory counsel at the Computer and
Communications Industry Association, adds: "New methods of communication
should not be subject to a government green light before they can be
used."

Canadian Security Intelligence Virus Removal

David S> — Fri, 04 May 2012 20:35:26 GMT

From: "David S>"

>
> Hi Folks,
>
> Friend has it on computer
>
> http://www.deletevirus.net/canadian-...ove-csis-scam/
>
> Tried the removal above but it did not work. Any suggestions?
>
> He has AVG and Malwarebytes free on hi computer
>
> Thanks for your help,
>

It is not a virus, it is a ransom trojan not unlike the following...
http://multi-av.thespykiller.co.uk/other/Image1.jpg

I'll give you the same advice I gave you on May 2cnd and that you should
forward the advice to your friend.

I suggest creating an account and posting at Malwarebytes
http://forums.malwarebytes.org/index.php?showforum=7

or at the TheSpyKiller Forums
http://thespykiller.co.uk/index.php?board=3.0

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

oh god....

SOCOM — Fri, 04 May 2012 00:35:58 GMT

HALLO

Online Privacy Tips

AJRS — Thu, 03 May 2012 14:01:10 GMT

~BD~ <~BD~@nomail.afraid.org> wrote in news:PoidnZ6Ph--
qbzbSnZ2dnUVZ8tydnZ2d@bt.com:

> G. Morgan wrote:
>> ~BD~ wrote:
>>
>>> See for yourself!
>>>
>>> http://i48.tinypic.com/blxqo.jpg
>>
>>
>>
>> And just what is this? Are you a ha>
>>
>> http://i47.tinypic.com/b6699u.jpg
>
>
> Good catch! :-)
>
> I try to take an active interest in computing matters!

Don't forget you like to take an active interest in lying on people. As
well as making false accusations and bogus reports to various branches of
governments.

--
Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by, and
the only thing that's wrong is to get caught. - J.C. Watts

Multiple IE Instances

David S> — Wed, 02 May 2012 18:19:17 GMT

From: "David S>"

> Hi,
>
> http://news.yahoo.com/video/pittsbur...-29102062.html
>
> When I go to this Yahoo news item, wait for the video to start, then X out
> of IE (version
> 8 up to date) 20 or so instances of IE pop up.
>
> Did a scan with Spybot, Avira and Malwarebytes
>
> Avira quarantined EXP/10-840.aw.2 in a jar temp file. Spybot deleted some
> cookie trackers.
> But still happens???
>
> What is going on?
>
> Thanks for any help,
>

EXP/10-840.aw.2 ?
That doesn't sound right.

I think you are trying to express... Exploit:Java/CVE-2010-0840 which
would be more in line of an Avira declaration.

I suggest creating an account and posting at Malwarebytes
http://forums.malwarebytes.org/index.php?showforum=7

or at the TheSpyKiller Forums
http://thespykiller.co.uk/index.php?board=3.0

--
Dave
Multi-AV Scanning Tool - http://multi-av.thespykiller.co.uk
http://www.pctipp.ch/downloads/dl/35905.asp

Question about hacking web-mail (hotmail) accounts

Virus Guy — Tue, 01 May 2012 23:44:32 GMT

Li'l Abner wrote:
> Aardvark wrote in news:jnseal$ckb$1@dont-
> email.me:
>
>> On Wed, 02 May 2012 14:35:47 -0500, Li'l Abner wrote:
>>
>>> "Ant" wrote in
>>> news:2JadnWezCv8m_DzSnZ2dnUVZ8iKdnZ2d@brightview.c o.uk:
>>>
>>>> "Virus Guy" wrote:
>>>>
>>>>> If you try this first, I think you'll find it will work without
> having
>>>>> the actual alpha-numeric code:
>>>>>
>>>>> hxxp://12345678.cw9.me/dd_****@off.com/12345678_ViewMsg
>>>>
>>>> Yes, that worked. I used example.com and got:
>>>>
>>>> src="http://j.maxmind.com/app/geoip.js"
>>>> top.location.href = '/redir_main.php?to=some@example.com&cty=' +
>>>> geoip_country_name();
>>>>
>>>> Redirected to:
>>>>
>>>> ww15.buwna.com/video_c29tZUBleGFtcGxlLmNvbQ==
>>>>
>>>> The string c29tZUBleGFtcGxlLmNvbQ== is some@example.com base64
> encoded.
>>>> Like you, I got a fake Login Live page. Although in English,
>>>> some of the internal html text was Portugese or Spanish (I can't tell
>>>> the difference), e.g:
>>>>
>>>> meta content="El nuevo Hotmail ya está aqu�*. Es un sistema...
>>>>
>>>>> By social engineering - you mean my friend might have encountered a
>>>>> fake hotmail login screen at some point in the past?
>>>>
>>>> Exactly; just like the page we're seeing here! Pretty much all the
>>>> content is from live.com but when you press "sign in" the thief gets
>>>> your account details. It's also tied to your email address by the b64
>>>> encoded string.
>>>
>>> I bit on something like that a couple of days ago, but it had
> something
>>> to do with a facebook page. Then a Facebook login page popped up and
>>> Firefox automatically filled in my login credentials. I clicked
> "Login"
>>> and the screen went away. But FaceBook never showed up.
>>> The more I thought about it, the fishier it looked.
>>> So I immediately logged into Facebook and changed my password.
>>> As much as I preach to my customers about being careful what you click
>>> on,
>>> I couldn't believe that I did it myself!
>>
>>
>>
>> What's Facebook?
>>
>> LOL.
>
> Yeah, I know. I spend very little time on it. I only have 3 friends.
> On FaceBook, that is... :-)
>
That's pitiful - or so I've heard.

Before I deactivated my Facebook account I logged on one day to find two
pages of Korean girls wanting to be my friend. I'm a friendly guy, but
not *that* friendly.

Task Manager Closes instantly after Opening it

gyvs — Sun, 29 Apr 2012 05:24:01 GMT

I'm having a problem with my computer right now. every time I try to open windows task manager or regedit, it closes immediately. my computer also seemed to have slowed down a bit. Any help would be appreciated.

Here is the log of Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:10 PM, on 4/28/2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\USB 2.0 PC CAMERA\Camera Snap.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\user\My Documents\sir files2\Antivirus stuff\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Microsoft Helper - {C9C42510-9B41-42c1-9DCD-7282A2D07C65} - C:\Documents and Settings\user\Application Data\Microsoft\BHO32-WGSTI.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Microsoft Firewall 2.9] C:\DOCUME~1\user\LOCALS~1\Temp\MSFW.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Snap] C:\Program Files\USB 2.0 PC CAMERA\Camera Snap.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Microsoft Firewall 2.9] C:\DOCUME~1\user\LOCALS~1\Temp\MSFW.exe
O4 - HKCU\..\Run: [Fmjqjv] C:\Documents and Settings\user\Application Data\Fmjqjv.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [{00831268-F9C4-4268-6859-0DE0A84C49DD}] "C:\Documents and Settings\user\Application Data\Ewcia\paqu.exe"
O4 - HKCU\..\Run: [Microsoft Security Essentials] C:\Documents and Settings\user\Application Data\explorateur\explorateur.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: BCL easyPDF SDK Loader (ai7m5fmis4mqn) - Unknown owner - C:\WINDOWS\system32\louhyt.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: BeTwin Terminal Services (aoypd6oayuyu) - Unknown owner - C:\Documents and Settings\LocalService\Application Data\Microsoft\duridou.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Network Connectivity Service (lo6moirc7diuot) - Unknown owner - C:\WINDOWS\system32\nafuwoul.exe (file missing)
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: ASF Agent (yj5y8iul9f) - Unknown owner - C:\Documents and Settings\LocalService\Application Data\Microsoft\vipymmiroo.exe (file missing)

--
End of file - 6135 bytes