Multiple warning windows supposedly from Windows XP also popped up telling us we had various spyware and trojans infecting our computer and when clicked also sent us to the same product site.
The background said that Windows had detected a virus or spyware and to click on the warning. It also took you to the site.
I have followed and run all of the steps as outlined in the "You must read this first before posting a HJT log" and the problem seems to be gone but I cannot be sure.
My computer has Trend Micro Anti-virus and Anti-spyware loaded and running on it since I purchased the computer. It has been catching and eliminating spyware all along. A Microsoft Service Pack update was automatically loaded on March 13. My computer has been on the automatic Windows update setting since purchased and is up to date as far as I can tell.
Every time I have run one of the scanning programs during this sequence as outlined by you folks, I come up with more spyware.
I am posting all of the reports and logs as instructed and I am hoping that someone can tell me if there is anything still wrong or lurking on my computer that I need to fix.
HJT Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:04:50 PM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\VoiceCenter\AndreaVC.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\DOCUME~1\CYNTHI~1\LOCALS~1\Temp\clclean.0001
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe
C:\Program Files\Common Files\AOL\1158525920\ee\AOLSoftware.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Bat\X_Bat.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\dlbxcoms.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SE...S01?FORM=TOOLBR
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dlbxmon.exe] "C:\Program Files\Dell Photo AIO Printer 962\dlbxmon.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1158525920\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [Uaol] "C:\PROGRA~1\COMMON~1\FNTS~1\msdtc.exe" -vt yazb
O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"
O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} - http://pricechopper....oad/cscmv5X.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.maricopa....in/mgaxctrl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: dlbx_device - Dell - C:\WINDOWS\system32\dlbxcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 13359 bytes
AVG AntiSpyware Report:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:54:13 PM 3/15/2008
+ Scan result:
C:\Program Files\180search assistant -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180search assistant\180sa.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180search assistant\sau.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant\saap.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\Program Files\180searchassistant\sac.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1427331888-1966646059-465362175-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Fοnts\msdtc.exe -> Downloader.PurityScan.fn : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe -> Not-A-Virus.Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup (quarantined).
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\cynthia@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Cynthia Friedman\Cookies\[email protected][1].txt -> TrackingCookie.Netflame : Cleaned.
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@res99[1].txt -> TrackingCookie.Res99 : Cleaned.
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@revsci[2].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\cynthia@revsci[1].txt -> TrackingCookie.Revsci : Cleaned.
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\cynthia@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
::Report end
Super AntiSpyware Log:
SUPERAntiSpyware Scan Log
Generated 03/16/2008 at 00:57 AM
Application Version : 3.6.1000
Core Rules Database Version : 3420
Trace Rules Database Version: 1412
Scan type : Complete Scan
Total Scan Time : 01:55:37
Memory items scanned : 605
Memory threats detected : 1
Registry items scanned : 7814
Registry threats detected : 8
File items scanned : 108526
File threats detected : 92
Rogue.Unclassified/Loader
C:\WINDOWS\SYSTEM32\MGMRWMRV.EXE
C:\WINDOWS\SYSTEM32\MGMRWMRV.EXE
Transponder Variant BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352}
Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15651c7c-e812-44a2-a9ac-b467a2233e7d}
Adware.2020Search
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d}
Adware.180solutions/SurfAssistant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b}
Adware.Second Thought
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1}
C:\WINDOWS\BOKJA.EXE
C:\WINDOWS\STCLOADER.EXE
Adware.180solutions/ZangoSearch
C:\Program Files\Zango\zango.exe
C:\Program Files\Zango
Adware.180solutions/Seekmo
C:\Program Files\Seekmo\seekmohook.dll
C:\Program Files\Seekmo
Adware.ClickSpring/Outer Info Network
C:\Program Files\Outerinfo\FF\chrome.manifest
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\Outerinfo\FF\components
C:\Program Files\Outerinfo\FF\install.rdf
C:\Program Files\Outerinfo\FF
C:\Program Files\Outerinfo\Terms.rtf
C:\Program Files\Outerinfo
C:\Documents and Settings\Cynthia Friedman\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Cynthia Friedman\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Cynthia Friedman\Start Menu\Programs\Outerinfo
Adware.AdSponsor/ISM
HKU\S-1-5-21-1427331888-1966646059-465362175-1006\Software\QdrModule
HKU\S-1-5-21-1427331888-1966646059-465362175-1006\Software\QdrPack
C:\Documents and Settings\Cynthia Friedman\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Cynthia Friedman\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Documents and Settings\Cynthia Friedman\Start Menu\Programs\Internet Speed Monitor
Adware.webHancer
C:\DOCUMENTS AND SETTINGS\CYNTHIA FRIEDMAN\LOCAL SETTINGS\TEMP\SYSWCC32.EXE
Adware.Tracking Cookie
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@2o7[2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@adknowledge[2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@atwola[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@bluestreak[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@burstnet[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@casalemedia[2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@emarketmakers[2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@nextag[2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@oddcast[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@overture[2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@partner2profit[2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@pathfinder[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@qnsr[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@questionmarket[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@serving-sys[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@statcounter[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@teenpeople[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@trafficmp[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@tribalfusion[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@zedo[2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\cynthia@2o7[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\cynthia@apmebf[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\cynthia@atwola[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\cynthia@bluestreak[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\cynthia@casalemedia[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\cynthia@nextag[2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\cynthia@partner2profit[2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\cynthia@questionmarket[2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\cynthia@roiservice[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\[email protected][2].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\cynthia@teenpeople[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\cynthia@tribalfusion[1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Local Settings\Temp\Cookies\cynthia@zedo[2].txt
C:\Documents and Settings\Documents and Settings\LocalService\Cookies\[email protected][1].txt
Adware.ClickSpring/Yazzle
C:\PROGRAM FILES\COMMON FILES\YAZZLE1552OINADMIN.EXE
Torjan.SecondThoughtInstaller
C:\WINDOWS\INSTALLER\ID53.EXE
PANDA Active Scan Report:
Incident Status Location
Adware:adware/startpage.aco Not disinfected c:\windows\system32\ntnut32.exe
Spyware:spyware/fastsearchweb Not disinfected c:\windows\system32\shdocpe.dll
Adware:adware/123mania Not disinfected c:\windows\system32\SIPSPI32.dll
Adware:adware/tubby Not disinfected c:\windows\system32\WER8274.DLL
Adware:adware/popmonster Not disinfected C:\Documents and Settings\Cynthia Friedman\Favorites\shopping\Best Buy.url
Adware:adware/coolsavings Not disinfected c:\windows\downloaded program files\CpnMgr.dll
Adware:adware/ncase Not disinfected c:\windows\180ax.exe
Adware:adware/topconvert Not disinfected c:\windows\updatetc.exe
Adware:adware/portalscan Not disinfected c:\program files\stc
Adware:adware/surfassistant Not disinfected Windows Registry
Adware:adware/powerstrip Not disinfected Windows Registry
Adware:adware/adlogix Not disinfected Windows Registry
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@cgi-bin[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@com[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@did-it[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@go[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Documents and Settings\Cynthia.DD6NNW61\Cookies\cynthia@target[2].txt
Possible Virus. Not disinfected C:\Program Files\Dell Photo AIO Printer 962\Dell Printer Fax Tools\Install\Setup.exe
Possible Virus. Not disinfected C:\Program Files\InstallShield Installation Information\{5BF2B19D-9C79-492A-8969-F059F06A627F}\Setup.exe
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\system32\000070.exe[¦ó1\Yazzle1552OinAdmin.exe]
Thank you for your assistance, I hope I have eliminated this pain in the butt stuff. I have been working on this for nearly a day now.