My computer is infected with a virus. Everytime I try to change pages on the Internet a pop-up comes up with a RedCircle with an X in it saying:
System Error!
Your computer was infected by unknown trojan.
It's dangerous for your system (critical files can be lost)!
Click OK to download the antispyware program to clean your system!(Recommended)
OK Cancel
I searched the forum and found that it looks like it is Trojan.Win32.Obfuscated.qx. I have done the steps recommended to remove it but it is still on my computer.
When a browser opens it goes to google and no matter what is searched the two things seen after the number one result are as follows:
Search Results for iPhone:
1.Apple - iPhoneiPhone is a revolutionary new mobile phone that allows you to make a call by simply pointing your finger at a name or number in your address book, ...
www.apple.com/iphone/ - 29k - Cached - Similar pages
2. Error!
Your browser was hijacked! Some results was changed by porn advertising! You need to clean your system immediately to prevent it. Download the newest antispyware software!
3. YouTube - Porn - Watch Now
Coed with nice big boobes loves riding teacher's [bleep] and suck it till she spent ...
http://youtube/watch?v=Hgdzq12aAZ
Following are the reports that I was able to gather by doing the steps required before posting here.
I appreciate any help I can get This trojan isn't NICE.
******************************
I ran the ATF Cleaner.
I did the System Restore.
*****************************
AVG Anti-Spyware
I ran the program in SafeMode but when finished there was no report in the Reports tab to save.
******************************
I ran the SUPERAntiSpyware and here are the results:
SUPERAntiSpyware Scan Log
Generated 03/24/2008 at 06:39 AM
Application Version : 3.6.1000
Core Rules Database Version : 3423
Trace Rules Database Version: 1415
Scan type : Complete Scan
Total Scan Time : 11:49:22
Memory items scanned : 454
Memory threats detected : 0
Registry items scanned : 6192
Registry threats detected : 124
File items scanned : 147103
File threats detected : 98
Adware.Tracking Cookie
C:\Documents and Settings\A Massage Pro\Cookies\a_massage_pro@doubleclick[1].txt
C:\Documents and Settings\A Massage Pro\Cookies\[email protected][2].txt
C:\Documents and Settings\A Massage Pro\Cookies\[email protected][1].txt
C:\Documents and Settings\A Massage Pro\Cookies\a_massage_pro@stopzilla[2].txt
C:\Documents and Settings\Bubbles\Cookies\[email protected][1].txt
C:\Documents and Settings\Bubbles\Cookies\bubbles@adlegend[1].txt
C:\Documents and Settings\Bubbles\Cookies\[email protected][2].txt
C:\Documents and Settings\Bubbles\Cookies\[email protected][1].txt
C:\Documents and Settings\Bubbles\Cookies\[email protected][2].txt
C:\Documents and Settings\Bubbles\Cookies\[email protected][2].txt
C:\Documents and Settings\Bubbles\Cookies\[email protected][1].txt
C:\Documents and Settings\Bubbles\Cookies\[email protected][1].txt
C:\Documents and Settings\Bubbles\Cookies\bubbles@azjmp[2].txt
C:\Documents and Settings\Bubbles\Cookies\[email protected][1].txt
C:\Documents and Settings\Bubbles\Cookies\bubbles@collective-media[1].txt
C:\Documents and Settings\Bubbles\Cookies\[email protected][2].txt
C:\Documents and Settings\Bubbles\Cookies\bubbles@imrworldwide[2].txt
C:\Documents and Settings\Bubbles\Cookies\[email protected][3].txt
C:\Documents and Settings\Bubbles\Cookies\[email protected][2].txt
C:\Documents and Settings\Bubbles\Cookies\bubbles@partner2profit[1].txt
C:\Documents and Settings\Bubbles\Cookies\bubbles@precisionclick[1].txt
C:\Documents and Settings\Bubbles\Cookies\[email protected][1].txt
C:\Documents and Settings\Bubbles\Cookies\bubbles@specificclick[2].txt
C:\Documents and Settings\Bubbles\Cookies\[email protected][1].txt
C:\Documents and Settings\Bubbles\Cookies\[email protected][1].txt
C:\Documents and Settings\Bubbles\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@adinterax[1].txt
C:\Documents and Settings\Guest\Cookies\guest@adlegend[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@apmebf[1].txt
C:\Documents and Settings\Guest\Cookies\guest@atwola[1].txt
C:\Documents and Settings\Guest\Cookies\guest@azjmp[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@clicktorrent[1].txt
C:\Documents and Settings\Guest\Cookies\guest@collective-media[2].txt
C:\Documents and Settings\Guest\Cookies\guest@directtrack[1].txt
C:\Documents and Settings\Guest\Cookies\guest@eyewonder[1].txt
C:\Documents and Settings\Guest\Cookies\guest@imrworldwide[2].txt
C:\Documents and Settings\Guest\Cookies\guest@interclick[2].txt
C:\Documents and Settings\Guest\Cookies\guest@keywordmax[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][3].txt
C:\Documents and Settings\Guest\Cookies\guest@media6degrees[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\guest@optimost[1].txt
C:\Documents and Settings\Guest\Cookies\guest@partner2profit[1].txt
C:\Documents and Settings\Guest\Cookies\guest@precisionclick[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][3].txt
C:\Documents and Settings\Guest\Cookies\guest@specificclick[2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@windowsmedia[1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][2].txt
C:\Documents and Settings\Guest\Cookies\[email protected][3].txt
C:\Documents and Settings\Guest\Cookies\[email protected][4].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\[email protected][1].txt
C:\Documents and Settings\Guest\Cookies\guest@xiti[1].txt
C:\Documents and Settings\LMP\Cookies\lmp@adlegend[2].txt
C:\Documents and Settings\LMP\Cookies\[email protected][2].txt
C:\Documents and Settings\LMP\Cookies\[email protected][1].txt
C:\Documents and Settings\LMP\Cookies\[email protected][2].txt
C:\Documents and Settings\LMP\Cookies\[email protected][2].txt
C:\Documents and Settings\LMP\Cookies\lmp@imrworldwide[2].txt
C:\Documents and Settings\LMP\Cookies\lmp@keywordmax[1].txt
C:\Documents and Settings\LMP\Cookies\[email protected][3].txt
C:\Documents and Settings\LMP\Cookies\lmp@media6degrees[2].txt
C:\Documents and Settings\LMP\Cookies\lmp@partner2profit[1].txt
C:\Documents and Settings\LMP\Cookies\lmp@precisionclick[1].txt
C:\Documents and Settings\LMP\Cookies\[email protected][2].txt
C:\Documents and Settings\LMP\Cookies\lmp@specificclick[1].txt
C:\Documents and Settings\LMP\Cookies\[email protected][2].txt
C:\Documents and Settings\LMP\Cookies\[email protected][2].txt
C:\Documents and Settings\LMP\Cookies\lmp@xiti[1].txt
C:\WINDOWS\Temp\Cookies\[email protected][1].txt
C:\WINDOWS\Temp\Cookies\a_massage_pro@indextools[2].txt
C:\WINDOWS\Temp\Cookies\[email protected][3].txt
C:\WINDOWS\Temp\Cookies\[email protected][3].txt
Adware.180solutions/Search Assistant
HKCR\LMgr180.WMDRMAx
HKCR\LMgr180.WMDRMAx\CLSID
HKCR\LMgr180.WMDRMAx\CurVer
HKCR\LMgr180.WMDRMAx.1
HKCR\LMgr180.WMDRMAx.1\CLSID
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib#Version
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib#Version
Adware.180solutions/ZangoSearch
HKCR\ClientAX.ZangoClientAX
HKCR\ClientAX.ZangoClientAX\CLSID
HKCR\ClientAX.ZangoClientAX\CurVer
HKCR\ClientAX.ZangoClientAX.1
HKCR\ClientAX.ZangoClientAX.1\CLSID
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Control
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\InprocServer32#ThreadingModel
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\MiscStatus\1
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ProgID
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Programmable
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\ToolboxBitmap32
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\TypeLib
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\Version
HKCR\CLSID\{51CF80DC-A309-4735-BB11-EF18BF4E3AD9}\VersionIndependentProgID
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\InprocServer32#ThreadingModel
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\ProgID
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\Programmable
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\TypeLib
HKCR\CLSID\{F31A5D11-BF0B-4A4E-90AF-274F2090AAA6}\VersionIndependentProgID
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Control
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32#ThreadingModel
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Programmable
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Control
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\InprocServer32#ThreadingModel
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\MiscStatus\1
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ProgID
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Programmable
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\ToolboxBitmap32
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\Version
HKCR\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\VersionIndependentProgID
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\ProxyStubClsid32
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib
HKCR\Interface\{6C092742-10FE-4DB2-988D-FC71948DE70C}\TypeLib#Version
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\ProxyStubClsid32
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib
HKCR\Interface\{7FA8976F-D00C-4E98-8729-A66569233FB5}\TypeLib#Version
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\ProxyStubClsid32
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib
HKCR\Interface\{BDDDF1A5-51A9-4F51-B38D-4CD0AD831B31}\TypeLib#Version
Adware.Zango Toolbar/Hb
HKCR\ZbSrv.ZbCoreServices
HKCR\ZbSrv.ZbCoreServices\CurVer
HKCR\ZbSrv.ZbCoreServices.1
HKU\S-1-5-21-1790567701-1223545542-1271373593-1007\Software\ZangoToolbar
HKLM\Software\ZangoToolbar
HKLM\Software\ZangoToolbar\Install
HKLM\Software\ZangoToolbar\Install#IE
HKLM\Software\ZangoToolbar\Install#OL
HKLM\Software\ZangoToolbar\Install#WT
HKLM\Software\ZangoToolbar\Install#WP
HKLM\Software\ZangoToolbar\Install#Install_Dir
HKLM\Software\ZangoToolbar\Install\CmpMap
HKLM\Software\ZangoToolbar\Install\CmpMap#IE
HKLM\Software\ZangoToolbar\Install\CmpMap#OL
HKLM\Software\ZangoToolbar\Install\CmpMap#WT
HKLM\Software\ZangoToolbar\Install\CmpMap#WP
HKLM\Software\ZangoToolbar\ZangoToolbar
HKLM\Software\ZangoToolbar\ZangoToolbar\Install
HKLM\Software\ZangoToolbar\ZangoToolbar\Install#PrevVer
HKLM\Software\ZangoToolbar\ZangoToolbar\Install#CurrentVer
HKLM\Software\ZangoToolbar\ZangoToolbar\PI
HKLM\Software\ZangoToolbar\ZangoToolbar\PI\3.2
HKLM\Software\ZangoToolbar\ZangoToolbar\PI\3.2#PID00
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoToolbarWebTools
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoToolbarWebTools#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoToolbarWebTools#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoToolbarWebTools#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoToolbarWebTools#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoToolbarWebTools#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoToolbarWebTools#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoToolbarWebTools#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoToolbarWebTools#URLUpdateInfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoToolbarWebTools#NoModify
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoToolbarWebTools#NoRepair
HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}
HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\ProxyStubClsid
HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\ProxyStubClsid32
HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\TypeLib
HKCR\Interface\{031CBF6A-C70E-4177-A0D4-C5268EE311FB}\TypeLib#Version
HKU\S-1-5-21-1790567701-1223545542-1271373593-1007\Software\Microsoft\Internet Explorer\Explorer Bars\{0EBACAF2-E0F9-47A9-98CF-0ECCE30B654C}
C:\Program Files\ZangoToolbar\Bin\4.8.3.0\dBenderC.dll
C:\Program Files\ZangoToolbar\Bin\4.8.3.0
C:\Program Files\ZangoToolbar\Bin\ZbUninst.exe
C:\Program Files\ZangoToolbar\Bin
C:\Program Files\ZangoToolbar
Adware.InstantBuzz
C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP180\A0073890.DLL
******************************
Panda Active Scan wouldn't scan got this message:
An error has occurredIt has not been possible to start the scan system Try again
******************************
tried to install sp1a and it came back with a pop-up saying:
Service Pack 1 Setup Error
Setup has detected that the Service Pack version of the system installed is newer than the update you are applying to it.
You can only install this update on Service Pack 1.
OK
****************************
I rebooted to test my computer
and the trojan is still there
So I downloaded Hijackthis and here is the log report from it:
Logfile of Trend Micro
HijackThis v2.0.2
Scan saved at 8:01:54 AM, on
3/24/2008
Platform: Windows XP SP2
(WinNT 5.01.2600)
MSIE: Internet Explorer v7.00
(7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.e
xe
C:\WINDOWS\system32\services.e
xe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.ex
e
C:\WINDOWS\System32\svchost.ex
e
C:\WINDOWS\System32\WLTRYSVC.E
XE
C:\WINDOWS\System32\bcmwltry.e
xe
C:\WINDOWS\system32\spoolsv.ex
e
C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\guard.exe
C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.e
xe
c:\program
files\mcafee.com\agent\mcdetec
t.exe
c:\PROGRA~1\mcafee.com\vso\mcs
hield.exe
c:\PROGRA~1\mcafee.com\agent\m
ctskshd.exe
C:\Program Files\Common
Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~
1\MpfService.exe
C:\Program Files\Microsoft SQL
Server\MSSQL$MICROSOFTSMLBIZ\B
inn\sqlservr.exe
C:\Program
Files\Dell\QuickSet\NICCONFIGS
VC.exe
C:\Program
Files\Comcast\Desktop
Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.ex
e
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.ex
e
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.e
xe
C:\Program
Files\Synaptics\SynTP\SynTPEnh
.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.e
xe
C:\WINDOWS\system32\dla\tfswct
rl.exe
C:\WINDOWS\system32\spool\driv
ers\w32x86\3\hpztsb09.exe
C:\PROGRA~1\mcafee.com\agent\M
cAgent.exe
C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet
Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common
Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe
C:\Program
Files\SUPERAntiSpyware\SUPERAn
tiSpyware.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ym
sgr_tray.exe
C:\Program Files\Digital Line
Detect\DLG.exe
C:\Program Files\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.
exe
C:\WINDOWS\system32\NOTEPAD.EX
E
C:\Program Files\Trend
Micro\HijackThis\HijackThis.ex
e
R1 -
HKLM\Software\Microsoft\Intern
et
Explorer\Search,Default_Page_U
RL =
www.google.com/ig/dell?hl=en&c
lient=dell-usuk&channel=us&ibd
=4061016
R1 -
HKCU\Software\Microsoft\Intern
et Explorer\Main,Window Title
= Windows Internet Explorer
provided by Comcast
O2 - BHO: Adobe PDF Reader
Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7
D6BE0B3} - C:\Program
Files\Adobe\Acrobat
7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess -
{5CA3D70E-1895-11CF-8E15-00123
4567890} -
C:\WINDOWS\system32\dla\tfswsh
x.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF
1D92D43} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv
.dll
O2 - BHO: (no name) -
{7E853D72-626A-48EC-A868-BA8D5
E23E045} - (no file)
O2 - BHO: Windows Live Sign-in
Helper -
{9030D464-4C02-4ABF-8ECC-51647
60863C6} - C:\Program
Files\Common Files\Microsoft
Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar
Helper -
{AA58ED58-01DD-4d91-8333-CF105
77473F7} - c:\program
files\google\googletoolbar2.dl
l
O2 - BHO: Google Toolbar
Notifier BHO -
{AF69DE43-7D58-4638-B6FA-CE66B
5AD205D} - C:\Program
Files\Google\GoogleToolbarNoti
fier\2.1.1119.1736\swg.dll
O2 - BHO: Browser Address
Error Redirector -
{CA6319C0-31B7-401E-A518-A07C3
DB8F777} - C:\Program
Files\BAE\BAE.dll
O2 - BHO: Media Player Classic
-
{D2A8552D-4340-413E-B94E-24582
7FBC269} -
C:\WINDOWS\ausctv32a.dll
O3 - Toolbar: McAfee VirusScan
-
{BA52B914-B692-46c4-B683-90523
6F6F655} -
c:\progra~1\mcafee.com\vso\mcv
sshl.dll
O3 - Toolbar: (no name) -
{5CBE2611-C31B-401F-89BC-4CBB2
5E853D7} - (no file)
O3 - Toolbar: &Google -
{2318C2B1-4965-11d4-9B18-00902
7A5CD4F} - c:\program
files\google\googletoolbar2.dl
l
O4 - HKLM\..\Run: [igfxtray]
C:\WINDOWS\system32\igfxtray.e
xe
O4 - HKLM\..\Run: [igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers]
C:\WINDOWS\system32\igfxpers.e
xe
O4 - HKLM\..\Run: [SynTPEnh]
C:\Program
Files\Synaptics\SynTP\SynTPEnh
.exe
O4 - HKLM\..\Run: [Broadcom
Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run:
[SigmatelSysTrayApp]
stsystra.exe
O4 - HKLM\..\Run: [dla]
C:\WINDOWS\system32\dla\tfswct
rl.exe
O4 - HKLM\..\Run: [DLCCCATS]
rundll32
C:\WINDOWS\System32\spool\DRIV
ERS\W32X86\3\DLCCtime.dll,_Run
DLLEntry@16
O4 - HKLM\..\Run: [HPDJ
Taskbar Utility]
C:\WINDOWS\system32\spool\driv
ers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run:
[MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\M
cUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\M
cAgent.exe
O4 - HKLM\..\Run: [QuickTime
Task] "C:\Program
Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [!AVG
Anti-Spyware] "C:\Program
Files\Grisoft\AVG Anti-Spyware
7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo!
Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\Y
AHOOM~1.EXE" -quiet
O4 - HKCU\..\Run:
[SUPERAntiSpyware] C:\Program
Files\SUPERAntiSpyware\SUPERAn
tiSpyware.exe
O4 - Startup: Bux.to
Autoclicker.lnk = ?
O4 - Global Startup: Adobe
Reader Speed Launch.lnk =
C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital
Line Detect.lnk = ?
O4 - Global Startup: Service
Manager.lnk = C:\Program
Files\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.
exe
O8 - Extra context menu item:
E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFF
ICE11\EXCEL.EXE/3000
O9 - Extra button: Instant
Buzz -
{066040F0-5018-4E15-8AA0-81D36
136D989} -
C:\WINDOWS\system32\shdocvw.dl
l
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401
C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv
.dll
O9 - Extra 'Tools' menuitem:
Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401
C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv
.dll
O9 - Extra button: Webpage
Capture -
{1F958B09-6612-7a0e-9223-4C732
4C57B23} - C:\Program
Files\Webpage Capture\Webpage
Capture.exe
O9 - Extra button: Run
WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36
D6C7040} - C:\Program
Files\WinHTTrack\WinHTTrackIEB
ar.dll
O9 - Extra 'Tools' menuitem:
Launch WinHTTrack -
{36ECAF82-3300-8F84-092E-AFF36
D6C7040} - C:\Program
Files\WinHTTrack\WinHTTrackIEB
ar.dll
O9 - Extra button: Research -
{92780B25-18CC-41C8-B9BE-3C9C5
71A8263} -
C:\PROGRA~1\MI1933~1\OFFICE11\
REFIEBAR.DLL
O9 - Extra button: Real.com -
{CD67F990-D8E9-11d2-98FE-00C0F
0318AFE} -
C:\WINDOWS\system32\Shdocvw.dl
l
O9 - Extra button: Run IMVU -
{d9288080-1baa-4bc4-9cf8-a92d7
43db949} - C:\Documents and
Settings\A Massage Pro\Start
Menu\Programs\IMVU\Run
IMVU.lnk (file missing)
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba3
8496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem:
@xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba3
8496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo!
Messenger -
{E5D12C4E-7B4F-11D3-B5C9-00500
45C3C96} - C:\Program
Files\Yahoo!\Messenger\YahooMe
ssenger.exe
O9 - Extra 'Tools' menuitem:
Yahoo! Messenger -
{E5D12C4E-7B4F-11D3-B5C9-00500
45C3C96} - C:\Program
Files\Yahoo!\Messenger\YahooMe
ssenger.exe
O9 - Extra button:
PokerStars.net -
{FA9B9510-9FCB-4ca0-818C-5D098
7B47C4D} - C:\Program
Files\PokerStars.NET\PokerStar
sUpdate.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04
F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem:
Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04
F795683} - C:\Program
Files\Messenger\msmsgs.exe
O16 - DPF: Photobucket
Publisher -
http://pic.photobucket.com/plu
gins/csve/photobucket_publishe
r.CAB
O16 - DPF:
{02A2D714-433E-46E4-B217-7C3B3
FAF8EAE} (ScrabbleCubes
Control) -
http://www.worldwinner.com/gam
es/v46/scrabblecubes/scrabblec
ubes.cab
O16 - DPF:
{193C772A-87BE-4B19-A7BB-445B2
26FE9A1} (ewidoOnlineScan
Control) -
http://downloads.ewido.net/ewi
doOnlineScan.cab
O16 - DPF:
{1D4DB7D2-6EC9-47A3-BD87-1E416
84E07BB} -
http://ak.exe.imgfarm.com/imag
es/nocache/funwebproducts/ei/S
mileyCentralFWBInitialSetup1.0
.0.15-3.cab
O16 - DPF:
{30528230-99f7-4bb4-88d8-fa1d4
f56a2ab} (YInstStarter Class)
- C:\Program
Files\Yahoo!\Common\yinsthelpe
r.dll
O16 - DPF:
{42D06124-98A2-47EC-8098-3778B
58CE7D5} (SupportSoft External
Control) -
http://connect.comcast.com/dl/
Comcast%20Activation%20Control
s.cab
O16 - DPF:
{48DD0448-9209-4F81-9F6D-D8356
2940134} (MySpace Uploader
Control) -
http://lads.myspace.com/upload
/MySpaceUploader1006.cab
O16 - DPF:
{6CE31B8D-8340-4DBD-B78E-BF596
20924DC} (Quest3DCtlr2 Class)
-
http://www.quest3d.com/webplug
in/download/quest3dactivex2.ca
b
O16 - DPF:
{8A94C905-FF9D-43B6-8708-F0F22
D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/gam
es/shared/wwlaunch.cab
O16 - DPF:
{9A9307A0-7DA4-4DAF-B042-5009F
29E09E1} (ActiveScan Installer
Class) -
http://acs.pandasoftware.com/a
ctivescan/as5free/asinst.cab
O16 - DPF:
{AB86CE53-AC9F-449F-9399-D8ABC
A09EC09} (Get_ActiveX Control)
-
https://h17000.www1.hp.com/ewf
rf-JAVA/Secure/HPGetDownloadMa
nager.ocx
O16 - DPF:
{CF40ACC5-E1BB-4AFF-AC72-04C2F
616BCA7} (get_atlcom Class) -
http://www.adobe.com/products/
acrobat/nos/gp.cab
O20 - Winlogon Notify:
!SASWinLogon - C:\Program
Files\SUPERAntiSpyware\SASWINL
O.dll
O23 - Service: AVG
Anti-Spyware Guard - GRISOFT
s.r.o. - C:\Program
Files\Grisoft\AVG Anti-Spyware
7.5\guard.exe
O23 - Service: dlcc_device -
-
C:\WINDOWS\system32\dlcccoms.e
xe
O23 - Service: Google Updater
Service (gusvc) - Google -
C:\Program
Files\Google\Common\Google
Updater\GoogleUpdaterService.e
xe
O23 - Service: McAfee WSC
Integration (McDetect.exe) -
McAfee, Inc - c:\program
files\mcafee.com\agent\mcdetec
t.exe
O23 - Service: McAfee.com
McShield (McShield) - McAfee
Inc. -
c:\PROGRA~1\mcafee.com\vso\mcs
hield.exe
O23 - Service: McAfee Task
Scheduler (McTskshd.exe) -
McAfee, Inc -
c:\PROGRA~1\mcafee.com\agent\m
ctskshd.exe
O23 - Service: McAfee
SecurityCenter Update Manager
(mcupdmgr.exe) - McAfee, Inc -
C:\PROGRA~1\McAfee.com\Agent\m
cupdmgr.exe
O23 - Service: McAfee Personal
Firewall Service (MpfService)
- McAfee Corporation -
C:\PROGRA~1\McAfee.com\PERSON~
1\MpfService.exe
O23 - Service: NICCONFIGSVC -
Dell Inc. - C:\Program
Files\Dell\QuickSet\NICCONFIGS
VC.exe
O23 - Service: SupportSoft
Sprocket Service (ddoctorv2)
(sprtsvc_ddoctorv2) -
SupportSoft, Inc. - C:\Program
Files\Comcast\Desktop
Doctor\bin\sprtsvc.exe
O23 - Service: Dell Wireless
WLAN Tray Service (wltrysvc) -
Unknown owner -
C:\WINDOWS\System32\WLTRYSVC.E
XE
--
End of file - 10363 bytes
*****************************
Here is my Uninstall save list:
ABBYY FineReader 6.0 Sprint
Adobe Flash Player ActiveX
Adobe Reader 7.0.9
Adobe® Photoshop® Album Starter Edition 3.2
AOLIcon
ArcSoft VideoImpression 2
Art Explosion Publisher Pro
AVG Anti-Spyware 7.5
Broadcom Management Programs
Conexant HDA D110 MDC V.92 Modem
Core FTP LE 2.1
Corel Photo Album 6
CuteFTP 8 Home
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Laser MFP 1815 Software Uninstall
Dell Photo AIO Printer 924
Dell Support 3.2
Dell Wireless WLAN Card
Desktop Doctor
DeskTopAuthor Evaluation
Digital Content Portal
Digital Line Detect
EducateU
EZClaim Advanced
FaceOnBody
getPlus®_ocx
Glary Utilities 2.4
Good Keywords v2.01.100107
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
hp deskjet 3600
HP Photosmart Essential 2.0
HP Webcam
HP Webcam User’s Guide
Instant Buzz (remove only)
Intel® Graphics Media Accelerator Driver for Mobile
IsaPort
J2SE Runtime Environment 5.0 Update 6
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio, Dell Editon
McAfee Uninstaller
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Small Business Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Modem Helper
Mozilla Firefox (2.0.0.9)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch® Jukebox
NCH Toolbox Uninstall
NetWaiting
NetZeroInstallers
Panda ActiveScan
PokerStars.net
PowerDVD 5.5
QuickSet
QuickTime
RealPlayer
ScanSoft PaperPort 10
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
URL Assistant
V3785 Digital Camera Driver
Webpage Capture
Windows Driver Package - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.07)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
WinHTTrack Website Copier 3.42
WordPipe Evaluation 5.5
Yahoo! Install Manager
Yahoo! Messenger
***********************
Thank you, I really appreciate any help I can get to get rid of this thing