Hi didom--this is what I got from running ActiveScan: (wasn't sure where to post this...)
Incident Status Location
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c. daniels@zedo[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c. daniels@belnk[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c. daniels@overture[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c[3].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c. daniels@tribalfusion[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c. daniels@adrevolver[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c.
[email protected][2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c. daniels@realmedia[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c. daniels@questionmarket[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c. daniels@fastclick[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c. daniels@atdmt[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c. daniels@mediaplex[2].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c.
[email protected][1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c.
[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c. daniels@atwola[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c. daniels@advertising[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c.
[email protected][1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Local Settings\Temp\Cookies\tyrone c. daniels@2o7[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Desktop\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Cookies\tyrone c. daniels@atdmt[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Tyrone C. Daniels\Cookies\tyrone c. daniels@mediaplex[2].txt
HijackThis brought up this:
Logfile of HijackThis v1.99.1
Scan saved at 11:51:23 PM, on 2/21/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\ltmsg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Tyrone C. Daniels\Desktop\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless-B Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-B Notebook Adapter\WPC11Cfg.exe
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1171907598020O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://cdn2.zone.msn...ro.cab55579.cabO16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://zone.msn.com/...ploader_v10.cabO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINNT\system32\drivers\KodakCCS.exe (file missing)
Uninstall from HijackThis:
Adobe Download Manager 1.2 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0
AIM 6.0
ATI - Software Uninstall Utility
ATI Display Driver
AVG Anti-Spyware 7.5
Bejeweled 2 Deluxe
CCScore
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
essvatgt
essvcpt
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HLPPDOCK
Hotfix for MDAC 2.53 (KB927779)
Intel® PRO Ethernet Adapter and Software
kgcbase
Kodak EasyShare software
Lucent Win Modem
Macromedia Flash Player 8
Microsoft Data Access Components KB870669
Microsoft Office 2000 Premium
MSN Messenger 7.0
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
Netscape Browser (remove only)
Notifier
OfotoXMI
OTtBP
OTtBPSDK
Panda ActiveScan
Quicken 2001 Deluxe
Rhapsody Player Engine
Security Update for Windows 2000 (KB923689)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 7.1 (KB917734)
SFR
SHASTA
SKIN0001
SKINXSDK
Sony USB Driver
staticcr
Viewpoint Media Player
VPRINTOL
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB896424
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB904706
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB912919
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917422
Windows 2000 Hotfix - KB917736
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB920958
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923694
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924191
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB928090
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB929969
Windows 2000 Service Pack 4
Windows Installer 3.1 (KB893803)
Windows Media Player 7.1
Windows Media Player Hotfix [See Q828026 for more information]
WIRELESS
Wireless-B Notebook Adapter Configuration Utility
Yahoo! Messenger
One more question and I'll leave you alone (at least for a little while!). Step One of "You must read this before..." recommends two different spyware downloads; I didn't do this because I was under the impression more than one program can have the opposite effect...but then I saw "multi-prong approach". Should I install SUPERAntiSpyware?
As always, thanks for your help!
Liz