I performed all of the necessary preliminary steps before posting the hijack log below. I would really appreciate it if someone could help me stop all of these annoying popups. Thank you in advance.
Hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:32 PM, on 2/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\PROGRA~1\COMMON~1\AOL\116429~1\EE\AOLHOS~1.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\COMMON~1\AOL\116429~1\EE\AOLServiceHost.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TB&M=MX6957
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TB&M=MX6957
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.c...h...TB&M=MX6957
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1164294044\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [My Web Search Community Tools] "C:\Program Files\MyWebSearch\bar\1.bin\m3IMPipe.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Ealb] "C:\DOCUME~1\OWNER~1.ARI\APPLIC~1\CROSOF~1\wucrtupd.exe" -vt ndrv
O4 - HKCU\..\Run: [Oepomizz] C:\WINDOWS\a?sembly\m?iexec.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: &Search - http://edits.mywebse...html?p=ZNfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://support.gate...//PCPitStop.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s2.work4sur...ge/w4sgeen9.exe
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://passage.cna....llerControl.cab
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://passage.cna....,2007,1001,2139
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://passage.cna....,2007,1001,2143
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Movie Maker\profsycyrty.html
--
End of file - 10483 bytes
Here is the AVG report:
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 3:29:11 PM 2/6/2008
+ Scan result:
C:\Documents and Settings\Owner.Ariel\Desktop\installer-65398-19-LimeWire-English.exe -> Backdoor.Agent.duj : Cleaned.
C:\Documents and Settings\Owner.Ariel\Application Data\Міcrosoft\wucrtupd.exe -> Downloader.PurityScan.fj : Cleaned.
C:\Program Files\Movie Maker\profsycyrty.html -> Hijacker.IFrame.dn : Cleaned.
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe -> Not-A-Virus.Adware.PurityScan : Cleaned.
C:\Program Files\Outerinfo\FF\components\FF.dll -> Not-A-Virus.Adware.ZenoSearch : Cleaned.
C:\Documents and Settings\Owner.Ariel\Desktop\_bWU5bnR0aGVfbWE5X21iMQ_aW50bA_a2V5aW4_.exe -> Not-A-Virus.Hoax.Win32.Renos.vm : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.630:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.631:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.632:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.633:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.634:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.635:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.636:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][1].txt -> TrackingCookie.Adtrak : Cleaned.
:mozilla.225:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.171:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.172:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.173:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner.Ariel\Cookies\owner@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.182:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.183:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.292:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.294:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.354:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.7:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.8:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.501:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned.
:mozilla.372:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.511:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned.
:mozilla.90:C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe -> Trojan.Scapur.k : Cleaned.
::Report end
Here is the SuperAntiSyware report:
SUPERAntiSpyware Scan Log
Generated 02/06/2008 at 08:08 PM
Application Version : 3.6.1000
Core Rules Database Version : 3396
Trace Rules Database Version: 1388
Scan type : Complete Scan
Total Scan Time : 03:43:05
Memory items scanned : 512
Memory threats detected : 6
Registry items scanned : 5920
Registry threats detected : 54
File items scanned : 79875
File threats detected : 76
Unclassified.Unknown Origin/System
C:\WINDOWS\SYSTEM32\MLJGE.DLL
C:\WINDOWS\SYSTEM32\MLJGE.DLL
Adware.WebBuying Assistant-Installer
C:\PROGRAM FILES\WEB BUYING\V1.8.8\WEBBUYING.EXE
C:\PROGRAM FILES\WEB BUYING\V1.8.8\WEBBUYING.EXE
[WebBuying] C:\PROGRAM FILES\WEB BUYING\V1.8.8\WEBBUYING.EXE
C:\WINDOWS\Prefetch\WEBBUYING.EXE-18F13C4F.pf
Adware.ClickSpring/Resident
C:\WINDOWS\ASEMBL~1\MIEXEC~1.EXE
C:\WINDOWS\ASEMBL~1\MIEXEC~1.EXE
Adware.StarsDoor
C:\PROGRAM FILES\DRMUPGDS\DRMUPGDS.EXE
C:\PROGRAM FILES\DRMUPGDS\DRMUPGDS.EXE
[Drmupgds] C:\PROGRAM FILES\DRMUPGDS\DRMUPGDS.EXE
C:\WINDOWS\Prefetch\DRMUPGDS.EXE-04F55F5B.pf
Adware.Vundo Variant
C:\WINDOWS\SYSTEM32\FTLGVUAL.DLL
C:\WINDOWS\SYSTEM32\FTLGVUAL.DLL
HKLM\Software\Classes\CLSID\{3D4592CC-0724-0CDB-0461-5A00B7BB81BD}
HKCR\CLSID\{3D4592CC-0724-0CDB-0461-5A00B7BB81BD}
HKCR\CLSID\{3D4592CC-0724-0CDB-0461-5A00B7BB81BD}\InprocServer32
HKCR\CLSID\{3D4592CC-0724-0CDB-0461-5A00B7BB81BD}\InprocServer32#ThreadingModel
HKCR\CLSID\{3D4592CC-0724-0CDB-0461-5A00B7BB81BD}\Programmable
HKCR\CLSID\{3D4592CC-0724-0CDB-0461-5A00B7BB81BD}\TypeLib
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3D4592CC-0724-0CDB-0461-5A00B7BB81BD}
Adware.WebBuying Assistant
C:\WINDOWS\SYSTEM32\ATWQHIA.DLL
C:\WINDOWS\SYSTEM32\ATWQHIA.DLL
HKLM\Software\Classes\CLSID\{256ccc3c-559a-4ef9-a663-6dc5556b7692}
HKCR\CLSID\{256CCC3C-559A-4EF9-A663-6DC5556B7692}
HKCR\CLSID\{256CCC3C-559A-4EF9-A663-6DC5556B7692}\InprocServer32
HKCR\CLSID\{256CCC3C-559A-4EF9-A663-6DC5556B7692}\InprocServer32#ThreadingModel
HKLM\Software\Classes\CLSID\{6e30e8f2-920c-4765-9204-62aa31042dfe}
HKCR\CLSID\{6E30E8F2-920C-4765-9204-62AA31042DFE}
HKCR\CLSID\{6E30E8F2-920C-4765-9204-62AA31042DFE}\InprocServer32
HKCR\CLSID\{6E30E8F2-920C-4765-9204-62AA31042DFE}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{256ccc3c-559a-4ef9-a663-6dc5556b7692}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6e30e8f2-920c-4765-9204-62aa31042dfe}
Adware.MyWebSearch
HKLM\Software\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF1-072E-44CF-8957-5838F569A31D}\Programmable
C:\PROGRAM FILES\MYWEBSEARCH\SRCHASTT\1.BIN\MWSSRCAS.DLL
HKLM\Software\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\InprocServer32#ThreadingModel
HKCR\CLSID\{00A6FAF6-072E-44CF-8957-5838F569A31D}\Programmable
HKLM\Software\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSBAR.DLL
HKLM\Software\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32
HKCR\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
HKU\S-1-5-21-706670013-1408919803-415327136-1006\Software\Microsoft\Internet Explorer\URLSearchHooks#{00A6FAF6-072E-44cf-8957-5838F569A31D}
C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN\MWSOEMON.EXE
Trojan.WinFixer
HKLM\Software\Classes\CLSID\{934DD3D4-F5BF-4FCA-BF2B-C3B8CE9E9C82}
HKCR\CLSID\{934DD3D4-F5BF-4FCA-BF2B-C3B8CE9E9C82}
HKCR\CLSID\{934DD3D4-F5BF-4FCA-BF2B-C3B8CE9E9C82}\InprocServer32
HKCR\CLSID\{934DD3D4-F5BF-4FCA-BF2B-C3B8CE9E9C82}\InprocServer32#ThreadingModel
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{934DD3D4-F5BF-4FCA-BF2B-C3B8CE9E9C82}
Adware.Tracking Cookie
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@hornymatches[2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@mywebsearch[1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@advertising[1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@azjmp[2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@239548[2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@questionmarket[2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@tacoda[2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@adserver[1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@tribalfusion[2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@bluestreak[1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@clickbank[1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@2o7[1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@zedo[2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@apmebf[2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@fastclick[1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@interclick[2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@revsci[1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@adbrite[2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@trafficmp[1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@atwola[2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@doubleclick[1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@hornymatches[1].txt
C:\Documents and Settings\Owner.Ariel\Cookies\owner@tacoda[1].txt
Adware.ClickSpring/Outer Info Network
C:\Program Files\Outerinfo\FF\chrome.manifest
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\Outerinfo\FF\components
C:\Program Files\Outerinfo\FF\install.rdf
C:\Program Files\Outerinfo\FF
C:\Program Files\Outerinfo\Terms.rtf
C:\Program Files\Outerinfo
C:\Documents and Settings\Owner.Ariel\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Owner.Ariel\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Owner.Ariel\Start Menu\Programs\Outerinfo
Adware.Web Buying
C:\Program Files\Web Buying\v1.8.8\wbuninst.exe
C:\Program Files\Web Buying\v1.8.8
C:\Program Files\Web Buying
HKU\S-1-5-21-706670013-1408919803-415327136-1006\Software\WebBuying
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebBuying
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebBuying#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebBuying#UninstallString
RootKit.TnCore/Trace
C:\WINDOWS\system32\drivers\core.cache.dsk
Adware.VXGame-Trace
HKU\S-1-5-21-706670013-1408919803-415327136-1006\Software\kernelexe
Trojan.Downloader-Gen/SnapSNet
C:\DOCUMENTS AND SETTINGS\OWNER.ARIEL\LOCAL SETTINGS\TEMP\SNAPSNET.EXE
Adware.ClickSpring
C:\DOCUMENTS AND SETTINGS\OWNER.ARIEL\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\GZRY564E\!UPDATE-4495[1].0000
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP287\A0262954.EXE
Trojan.Unclassified/KernInst
C:\PROGRAM FILES\TEMPORARY\KERNINST.EXE
Rogue.MalwareAlarm-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4E015214-6BB0-4181-B365-456CF1DEC069}\RP287\A0262957.EXE
Trojan.Downloader-Gen/Bundle Installer
C:\WINDOWS\B122.EXE
Trojan.Downloader-Gen/MROFIN
C:\WINDOWS\MROFINU1000106.EXE
C:\WINDOWS\MROFINU572.EXE
Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\EGJLM.INI
Trojan.REGSCAN
C:\WINDOWS\SYSTEM32\REGSCAN.EXE
and here is the Panda Scan:
Incident Status Location
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt[.did-it.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner.Ariel\Application Data\Mozilla\Firefox\Profiles\h52qvpgv.default\cookies.txt[.terra.com.br/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][1].txt
Spyware:Cookie/AdvancedCleaner Not disinfected C:\Documents and Settings\Owner.Ariel\Cookies\owner@advancedcleaner[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner.Ariel\Cookies\owner@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner.Ariel\Cookies\owner@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner.Ariel\Cookies\owner@azjmp[2].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner.Ariel\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner.Ariel\Cookies\owner@mediaplex[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner.Ariel\Cookies\owner@realmedia[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Owner.Ariel\Cookies\owner@statcounter[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Owner.Ariel\Cookies\owner@tickle[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner.Ariel\Cookies\owner@trafficmp[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Owner.Ariel\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner.Ariel\Cookies\owner@zedo[1].txt
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Owner.Ariel\Local Settings\Temp\yazzsnet.exe
Virus:Trj/Downloader.PLF Disinfected C:\WINDOWS\system32\nGpxx01\nGpxx011065.exe
As I am trying to copy and paste this info, 6 popups happened simultaneously. This is absolutely crazy!! I look forward to hearing from you.
Jenny