[01/28/2006, 22:12:10] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\trint\Desktop\VirtumundoBeGone.exe" )
[01/28/2006, 22:12:22] - Detected System Information:
[01/28/2006, 22:12:22] - Windows Version: 5.1.2600, Service Pack 2
[01/28/2006, 22:12:22] - Current Username: trint (Admin)
[01/28/2006, 22:12:22] - Windows is in NORMAL mode.
[01/28/2006, 22:12:22] - Searching for Browser Helper Objects:
[01/28/2006, 22:12:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/28/2006, 22:12:22] - BHO 2: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/28/2006, 22:12:22] - BHO 3: {CE70731D-F28D-4D81-9D61-C8EE60378401} (MSEvents Object)
[01/28/2006, 22:12:22] - ALERT: Found MSEvents Object!
[01/28/2006, 22:12:22] - Finished Searching Browser Helper Objects
[01/28/2006, 22:12:22] - *** Detected MSEvents Object
[01/28/2006, 22:12:22] - Trying to remove MSEvents Object...
[01/28/2006, 22:12:23] - Terminating Process: IEXPLORE.EXE
[01/28/2006, 22:12:28] - Terminating Process: RUNDLL32.EXE
[01/28/2006, 22:12:29] - Disabling Automatic Shell Restart
[01/28/2006, 22:12:30] - Terminating Process: EXPLORER.EXE
[01/28/2006, 22:12:34] - Suspending the NT Session Manager System Service
[01/28/2006, 22:12:34] - Terminating Windows NT Logon/Logoff Manager
[01/28/2006, 22:12:35] - Re-enabling Automatic Shell Restart
[01/28/2006, 22:12:35] - File to disable: C:\WINDOWS\system32\ddcca.dll
[01/28/2006, 22:12:35] - Renaming C:\WINDOWS\system32\ddcca.dll -> C:\WINDOWS\system32\ddcca.dll.vir
[01/28/2006, 22:12:35] - ! File rename was unsucessful.
[01/28/2006, 22:12:35] - Attempting to Deny Access to C:\WINDOWS\system32\ddcca.dll
[01/28/2006, 22:12:39] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/28/2006, 22:12:39] - processed file: C:\WINDOWS\system32\ddcca.dll
[01/28/2006, 22:12:39] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/28/2006, 22:12:39] - Removing HKLM\...\Browser Helper Objects\{CE70731D-F28D-4D81-9D61-C8EE60378401}
[01/28/2006, 22:12:43] - Removing HKCR\CLSID\{CE70731D-F28D-4D81-9D61-C8EE60378401}
[01/28/2006, 22:12:44] - Adding Kill Bit for ActiveX for GUID: {CE70731D-F28D-4D81-9D61-C8EE60378401}
[01/28/2006, 22:12:44] - Deleting ATLEvents/MSEvents Registry entries
[01/28/2006, 22:12:44] - Removing HKLM\...\Winlogon\Notify\ddcca
[01/28/2006, 22:12:44] - Searching for Browser Helper Objects:
[01/28/2006, 22:12:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/28/2006, 22:12:44] - BHO 2: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/28/2006, 22:12:44] - BHO 3: {CE70731D-F28D-4D81-9D61-C8EE60378401} ()
[01/28/2006, 22:12:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/28/2006, 22:12:44] - No filename found. Continuing.
[01/28/2006, 22:12:46] - Finished Searching Browser Helper Objects
[01/28/2006, 22:12:46] - Finishing up...
[01/28/2006, 22:12:46] - A restart is needed.
[01/28/2006, 22:12:46] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[01/28/2006, 22:13:09] - Attempting to Restart via STOP error (Blue Screen!)
********
2:29 AM: | Start of Session, Sunday, January 29, 2006 |
2:29 AM: Spy Sweeper started
2:29 AM: Sweep initiated using definitions version 606
2:29 AM: Starting Memory Sweep
2:31 AM: Memory Sweep Complete, Elapsed Time: 00:02:09
2:31 AM: Starting Registry Sweep
2:31 AM: Found Adware: clipgenie
2:31 AM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\clipgenie\ (2 subtraces) (ID = 105921)
2:31 AM: Found Adware: delfin
2:31 AM: HKLM\software\dsi\ (2 subtraces) (ID = 124852)
2:31 AM: Found Adware: networkessentials
2:31 AM: HKCR\mp.mediapops.1\ (3 subtraces) (ID = 136079)
2:31 AM: HKCR\mp.mediapops\ (5 subtraces) (ID = 136080)
2:31 AM: HKLM\software\classes\mp.mediapops\ (5 subtraces) (ID = 136152)
2:31 AM: Found Adware: relatedlinks bho
2:31 AM: HKLM\software\microsoft\windows\currentversion\uninstall\relatedlinks\ (2 subtraces) (ID = 139388)
2:31 AM: Found Adware: websearch toolbar
2:31 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qdow.dll\ (2 subtraces) (ID = 146481)
2:31 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\qdow.dll (ID = 146496)
2:31 AM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518)
2:31 AM: Found Adware: whistle
2:31 AM: HKLM\software\whistlesoftware\ (6 subtraces) (ID = 146655)
2:31 AM: Found Adware: virtumonde
2:31 AM: HKCR\msevents.msevents\ (5 subtraces) (ID = 749130)
2:31 AM: HKCR\msevents.msevents.1\ (3 subtraces) (ID = 749136)
2:31 AM: HKLM\software\classes\msevents.msevents\ (5 subtraces) (ID = 749153)
2:31 AM: HKLM\software\classes\msevents.msevents.1\ (3 subtraces) (ID = 749157)
2:31 AM: HKCR\typelib\{b8848f69-e8e2-4952-90f2-bc4ef0c22243}\ (9 subtraces) (ID = 776209)
2:31 AM: HKLM\software\classes\typelib\{b8848f69-e8e2-4952-90f2-bc4ef0c22243}\ (9 subtraces) (ID = 776237)
2:31 AM: Found Adware: ezsearchbar
2:31 AM: HKU\S-1-5-21-3891085595-2648234354-1742216858-1007\software\ezsearchbar2\ (12 subtraces) (ID = 126017)
2:31 AM: HKU\S-1-5-21-3891085595-2648234354-1742216858-1007\software\support software\ (11 subtraces) (ID = 136177)
2:31 AM: Registry Sweep Complete, Elapsed Time:00:00:13
2:31 AM: Starting Cookie Sweep
2:31 AM: Found Spy Cookie: 247realmedia cookie
2:31 AM: trint@247realmedia[2].txt (ID = 1953)
2:31 AM: Found Spy Cookie: 2o7.net cookie
2:31 AM: trint@2o7[2].txt (ID = 1957)
2:31 AM: Found Spy Cookie: websponsors cookie
2:31 AM:
trint@a.websponsors[1].txt (ID = 3665)
2:31 AM: Found Spy Cookie: go.com cookie
2:31 AM:
trint@abc.go[2].txt (ID = 2729)
2:31 AM:
trint@abclocal.go[1].txt (ID = 2729)
2:31 AM: Found Spy Cookie: about cookie
2:31 AM: trint@about[1].txt (ID = 2037)
2:31 AM: Found Spy Cookie: yieldmanager cookie
2:31 AM:
trint@ad.yieldmanager[1].txt (ID = 3751)
2:31 AM: Found Spy Cookie: adknowledge cookie
2:31 AM: trint@adknowledge[2].txt (ID = 2072)
2:31 AM: Found Spy Cookie: adlegend cookie
2:31 AM: trint@adlegend[2].txt (ID = 2074)
2:31 AM: Found Spy Cookie: specificclick.com cookie
2:31 AM:
trint@adopt.specificclick[2].txt (ID = 3400)
2:31 AM: Found Spy Cookie: adrevolver cookie
2:31 AM: trint@adrevolver[1].txt (ID = 2088)
2:31 AM: trint@adrevolver[2].txt (ID = 2088)
2:31 AM: Found Spy Cookie: addynamix cookie
2:31 AM:
trint@ads.addynamix[2].txt (ID = 2062)
2:31 AM: Found Spy Cookie: pointroll cookie
2:31 AM:
trint@ads.pointroll[1].txt (ID = 3148)
2:31 AM: Found Spy Cookie: ads.stileproject cookie
2:31 AM:
trint@ads.stileproject[2].txt (ID = 2127)
2:31 AM: Found Spy Cookie: pollstar cookie
2:31 AM:
trint@adserver.pollstar[1].txt (ID = 3152)
2:31 AM: Found Spy Cookie: adtech cookie
2:31 AM: trint@adtech[2].txt (ID = 2155)
2:31 AM: Found Spy Cookie: adultfriendfinder cookie
2:31 AM: trint@adultfriendfinder[2].txt (ID = 2165)
2:31 AM: Found Spy Cookie: apmebf cookie
2:31 AM: trint@apmebf[2].txt (ID = 2229)
2:31 AM: Found Spy Cookie: atwola cookie
2:31 AM:
trint@ar.atwola[2].txt (ID = 2256)
2:31 AM: Found Spy Cookie: falkag cookie
2:31 AM:
trint@as-eu.falkag[2].txt (ID = 2650)
2:31 AM:
trint@as-us.falkag[2].txt (ID = 2650)
2:31 AM:
trint@as1.falkag[1].txt (ID = 2650)
2:31 AM: Found Spy Cookie: ask cookie
2:31 AM: trint@ask[1].txt (ID = 2245)
2:31 AM: Found Spy Cookie: belnk cookie
2:31 AM:
trint@ath.belnk[1].txt (ID = 2293)
2:31 AM: trint@atwola[1].txt (ID = 2255)
2:31 AM: Found Spy Cookie: banner cookie
2:31 AM: trint@banner[2].txt (ID = 2276)
2:31 AM: trint@belnk[1].txt (ID = 2292)
2:31 AM: Found Spy Cookie: bluestreak cookie
2:31 AM: trint@bluestreak[2].txt (ID = 2314)
2:31 AM: Found Spy Cookie: bravenet cookie
2:31 AM: trint@bravenet[2].txt (ID = 2322)
2:31 AM: Found Spy Cookie: bs.serving-sys cookie
2:31 AM:
trint@bs.serving-sys[1].txt (ID = 2330)
2:31 AM: Found Spy Cookie: burstnet cookie
2:31 AM: trint@burstnet[1].txt (ID = 2336)
2:31 AM: Found Spy Cookie: barelylegal cookie
2:31 AM:
trint@c.fsx[1].txt (ID = 2286)
2:31 AM: Found Spy Cookie: zedo cookie
2:31 AM:
trint@c1.zedo[2].txt (ID = 3763)
2:31 AM: Found Spy Cookie: cardomain cookie
2:31 AM: trint@cardomain[2].txt (ID = 2350)
2:31 AM: Found Spy Cookie: casalemedia cookie
2:31 AM: trint@casalemedia[1].txt (ID = 2354)
2:31 AM: Found Spy Cookie: centrport net cookie
2:31 AM: trint@centrport[1].txt (ID = 2374)
2:31 AM: Found Spy Cookie: classmates cookie
2:31 AM: trint@classmates[2].txt (ID = 2384)
2:31 AM: trint@cnn.122.2o7[1].txt (ID = 1958)
2:31 AM: Found Spy Cookie: columbiahouse cookie
2:31 AM: trint@columbiahouse[1].txt (ID = 2443)
2:31 AM: trint@coxhsi.112.2o7[2].txt (ID = 1958)
2:31 AM: Found Spy Cookie: clickzs cookie
2:31 AM:
trint@cz3.clickzs[2].txt (ID = 2413)
2:31 AM:
trint@cz7.clickzs[2].txt (ID = 2413)
2:31 AM:
trint@cz8.clickzs[2].txt (ID = 2413)
2:31 AM: Found Spy Cookie: overture cookie
2:31 AM:
trint@data1.perf.overture[1].txt (ID = 3106)
2:31 AM: Found Spy Cookie: dealtime cookie
2:31 AM: trint@dealtime[2].txt (ID = 2505)
2:31 AM:
trint@dist.belnk[2].txt (ID = 2293)
2:31 AM: Found Spy Cookie: dl cookie
2:31 AM: trint@dl[1].txt (ID = 2529)
2:31 AM: Found Spy Cookie: ru4 cookie
2:31 AM:
trint@edge.ru4[1].txt (ID = 3269)
2:31 AM: trint@entrepreneur.122.2o7[1].txt (ID = 1958)
2:31 AM:
trint@espn.go[1].txt (ID = 2729)
2:31 AM: Found Spy Cookie: fastclick cookie
2:31 AM: trint@fastclick[1].txt (ID = 2651)
2:31 AM:
trint@football.about[1].txt (ID = 2038)
2:31 AM: trint@go[1].txt (ID = 2728)
2:31 AM: Found Spy Cookie: humanclick cookie
2:31 AM:
trint@hc2.humanclick[1].txt (ID = 2810)
2:31 AM: Found Spy Cookie: clickandtrack cookie
2:31 AM:
trint@hits.clickandtrack[1].txt (ID = 2397)
2:31 AM: Found Spy Cookie: maxserving cookie
2:31 AM: trint@maxserving[1].txt (ID = 2966)
2:31 AM: trint@metacafe.122.2o7[1].txt (ID = 1958)
2:31 AM: Found Spy Cookie: metareward.com cookie
2:31 AM: trint@metareward[1].txt (ID = 2990)
2:31 AM: trint@microsofteup.112.2o7[1].txt (ID = 1958)
2:31 AM:
trint@movies.go[1].txt (ID = 2729)
2:31 AM: Found Spy Cookie: nextag cookie
2:31 AM: trint@nextag[2].txt (ID = 5014)
2:31 AM: trint@overture[2].txt (ID = 3105)
2:31 AM: trint@partygaming.122.2o7[1].txt (ID = 1958)
2:31 AM: Found Spy Cookie: partypoker cookie
2:31 AM: trint@partypoker[2].txt (ID = 3111)
2:31 AM:
trint@perf.overture[1].txt (ID = 3106)
2:31 AM: Found Spy Cookie: pricegrabber cookie
2:31 AM: trint@pricegrabber[2].txt (ID = 3185)
2:31 AM: Found Spy Cookie: pub cookie
2:31 AM: trint@pub[1].txt (ID = 3205)
2:31 AM: Found Spy Cookie: qksrv cookie
2:31 AM: trint@qksrv[2].txt (ID = 3213)
2:31 AM: Found Spy Cookie: questionmarket cookie
2:31 AM: trint@questionmarket[1].txt (ID = 3217)
2:31 AM: Found Spy Cookie: realmedia cookie
2:31 AM: trint@realmedia[1].txt (ID = 3235)
2:31 AM: Found Spy Cookie: valuead cookie
2:31 AM:
trint@reduxads.valuead[1].txt (ID = 3627)
2:31 AM: trint@riptownmedia.122.2o7[1].txt (ID = 1958)
2:31 AM: Found Spy Cookie: rn11 cookie
2:31 AM: trint@rn11[2].txt (ID = 3261)
2:31 AM: Found Spy Cookie: adjuggler cookie
2:31 AM:
trint@rotator.adjuggler[1].txt (ID = 2071)
2:31 AM:
trint@rsi.abc.go[1].txt (ID = 2729)
2:31 AM:
trint@rsi.espn.go[1].txt (ID = 2729)
2:31 AM:
trint@sel.as-us.falkag[2].txt (ID = 2650)
2:31 AM: Found Spy Cookie: server.iad.liveperson cookie
2:31 AM:
trint@server.iad.liveperson[1].txt (ID = 3341)
2:31 AM: Found Spy Cookie: serving-sys cookie
2:31 AM: trint@serving-sys[1].txt (ID = 3343)
2:31 AM:
trint@sports.espn.go[2].txt (ID = 2729)
2:31 AM:
trint@stat.dealtime[2].txt (ID = 2506)
2:31 AM: Found Spy Cookie: statcounter cookie
2:31 AM: trint@statcounter[2].txt (ID = 3447)
2:31 AM: Found Spy Cookie: reliablestats cookie
2:31 AM:
trint@stats1.reliablestats[2].txt (ID = 3254)
2:31 AM: Found Spy Cookie: tacoda cookie
2:31 AM: trint@tacoda[2].txt (ID = 6444)
2:31 AM: Found Spy Cookie: tradedoubler cookie
2:31 AM: trint@tradedoubler[2].txt (ID = 3575)
2:31 AM: Found Spy Cookie: trafficmp cookie
2:31 AM: trint@trafficmp[2].txt (ID = 3581)
2:31 AM: Found Spy Cookie: tribalfusion cookie
2:31 AM: trint@tribalfusion[2].txt (ID = 3589)
2:31 AM: Found Spy Cookie: tripod cookie
2:31 AM: trint@tripod[1].txt (ID = 3591)
2:31 AM: Found Spy Cookie: ugo cookie
2:31 AM: trint@ugo[1].txt (ID = 3608)
2:31 AM: Found Spy Cookie: realtracker cookie
2:31 AM:
trint@web4.realtracker[2].txt (ID = 3242)
2:31 AM: Found Spy Cookie: burstbeacon cookie
2:31 AM:
trint@www.burstbeacon[1].txt (ID = 2335)
2:31 AM:
trint@www.cardomain[2].txt (ID = 2351)
2:31 AM:
trint@www.pollstar[2].txt (ID = 3152)
2:31 AM: Found Spy Cookie: claxonmedia cookie
2:31 AM:
trint@www1.claxonmedia[2].txt (ID = 2388)
2:31 AM:
trint@www3.claxonmedia[2].txt (ID = 2387)
2:31 AM: trint@yieldmanager[2].txt (ID = 3749)
2:31 AM: Found Spy Cookie: adserver cookie
2:31 AM:
trint@z1.adserver[1].txt (ID = 2142)
2:31 AM: trint@zedo[2].txt (ID = 3762)
2:31 AM: Cookie Sweep Complete, Elapsed Time: 00:00:05
2:31 AM: Starting File Sweep
2:32 AM: Found Adware: addestroyer
2:32 AM: inneradinstall.log (ID = 49035)
2:33 AM: Found Adware: virtualbouncer
2:33 AM: innervbinstall.log (ID = 82805)
2:41 AM: Found Adware: ie driver
2:41 AM: setup233.exe (ID = 82096)
3:08 AM: File Sweep Complete, Elapsed Time: 00:36:22
3:08 AM: Full Sweep has completed. Elapsed time 00:38:55
3:08 AM: Traces Found: 212
3:11 AM: Removal process initiated
3:11 AM: Quarantining All Traces: ie driver
3:11 AM: Quarantining All Traces: virtumonde
3:11 AM: Quarantining All Traces: websearch toolbar
3:11 AM: Quarantining All Traces: delfin
3:11 AM: Quarantining All Traces: addestroyer
3:11 AM: Quarantining All Traces: clipgenie
3:11 AM: Quarantining All Traces: ezsearchbar
3:11 AM: Quarantining All Traces: networkessentials
3:11 AM: Quarantining All Traces: relatedlinks bho
3:12 AM: Quarantining All Traces: virtualbouncer
3:12 AM: Quarantining All Traces: whistle
3:12 AM: Quarantining All Traces: 247realmedia cookie
3:12 AM: Quarantining All Traces: 2o7.net cookie
3:12 AM: Quarantining All Traces: about cookie
3:12 AM: Quarantining All Traces: addynamix cookie
3:12 AM: Quarantining All Traces: adjuggler cookie
3:12 AM: Quarantining All Traces: adknowledge cookie
3:12 AM: Quarantining All Traces: adlegend cookie
3:12 AM: Quarantining All Traces: adrevolver cookie
3:12 AM: Quarantining All Traces: ads.stileproject cookie
3:12 AM: Quarantining All Traces: adserver cookie
3:12 AM: Quarantining All Traces: adtech cookie
3:12 AM: Quarantining All Traces: adultfriendfinder cookie
3:12 AM: Quarantining All Traces: apmebf cookie
3:12 AM: Quarantining All Traces: ask cookie
3:12 AM: Quarantining All Traces: atwola cookie
3:12 AM: Quarantining All Traces: banner cookie
3:12 AM: Quarantining All Traces: barelylegal cookie
3:12 AM: Quarantining All Traces: belnk cookie
3:12 AM: Quarantining All Traces: bluestreak cookie
3:12 AM: Quarantining All Traces: bravenet cookie
3:12 AM: Quarantining All Traces: bs.serving-sys cookie
3:12 AM: Quarantining All Traces: burstbeacon cookie
3:12 AM: Quarantining All Traces: burstnet cookie
3:12 AM: Quarantining All Traces: cardomain cookie
3:12 AM: Quarantining All Traces: casalemedia cookie
3:12 AM: Quarantining All Traces: centrport net cookie
3:12 AM: Quarantining All Traces: classmates cookie
3:12 AM: Quarantining All Traces: claxonmedia cookie
3:12 AM: Quarantining All Traces: clickandtrack cookie
3:12 AM: Quarantining All Traces: clickzs cookie
3:12 AM: Quarantining All Traces: columbiahouse cookie
3:12 AM: Quarantining All Traces: dealtime cookie
3:12 AM: Quarantining All Traces: dl cookie
3:12 AM: Quarantining All Traces: falkag cookie
3:12 AM: Quarantining All Traces: fastclick cookie
3:12 AM: Quarantining All Traces: go.com cookie
3:12 AM: Quarantining All Traces: humanclick cookie
3:12 AM: Quarantining All Traces: maxserving cookie
3:12 AM: Quarantining All Traces: metareward.com cookie
3:12 AM: Quarantining All Traces: nextag cookie
3:12 AM: Quarantining All Traces: overture cookie
3:12 AM: Quarantining All Traces: partypoker cookie
3:12 AM: Quarantining All Traces: pointroll cookie
3:12 AM: Quarantining All Traces: pollstar cookie
3:12 AM: Quarantining All Traces: pricegrabber cookie
3:12 AM: Quarantining All Traces: pub cookie
3:12 AM: Quarantining All Traces: qksrv cookie
3:12 AM: Quarantining All Traces: questionmarket cookie
3:12 AM: Quarantining All Traces: realmedia cookie
3:12 AM: Quarantining All Traces: realtracker cookie
3:12 AM: Quarantining All Traces: reliablestats cookie
3:12 AM: Quarantining All Traces: rn11 cookie
3:12 AM: Quarantining All Traces: ru4 cookie
3:12 AM: Quarantining All Traces: server.iad.liveperson cookie
3:12 AM: Quarantining All Traces: serving-sys cookie
3:12 AM: Quarantining All Traces: specificclick.com cookie
3:12 AM: Quarantining All Traces: statcounter cookie
3:12 AM: Quarantining All Traces: tacoda cookie
3:12 AM: Quarantining All Traces: tradedoubler cookie
3:12 AM: Quarantining All Traces: trafficmp cookie
3:12 AM: Quarantining All Traces: tribalfusion cookie
3:12 AM: Quarantining All Traces: tripod cookie
3:12 AM: Quarantining All Traces: ugo cookie
3:12 AM: Quarantining All Traces: valuead cookie
3:12 AM: Quarantining All Traces: websponsors cookie
3:12 AM: Quarantining All Traces: yieldmanager cookie
3:12 AM: Quarantining All Traces: zedo cookie
3:12 AM: Removal process completed. Elapsed time 00:00:29
********
2:24 AM: | Start of Session, Sunday, January 29, 2006 |
2:24 AM: Spy Sweeper started
2:29 AM: Your spyware definitions have been updated.
2:29 AM: | End of Session, Sunday, January 29, 2006 |
Logfile of HijackThis v1.99.1
Scan saved at 3:19:23 AM, on 1/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\1097724317\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1097724317\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\trint\My Documents\HijackThis.exe
c:\program files\common files\aol\1097724317\ee\aolssc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.oklahomapoker.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1097724317\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1097724317\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AOL Toolbar search -
res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search -
res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word -
res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links -
res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages -
res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://usercenter.cox.net/rsuite/sdccom ... gctlcm.jsp
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} -
http://pictures05.aim.com/ygp/aol/plugi ... .5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://aolweb03.pogo.com/game/deluxe/in ... der_v6.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
http://tools.ebayimg.com/eps/activex/EP ... -0-3-0.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddcca - C:\WINDOWS\system32\ddcca.dll
O20 - Winlogon Notify: jkhfg - jkhfg.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe