Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

POPS UP EVERYWHERE=JT LOG POSTED. PLEASE HELP!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

POPS UP EVERYWHERE=JT LOG POSTED. PLEASE HELP!

Unread postby trint » January 22nd, 2006, 4:24 pm

I'm receiving a variety of popups that are driving me nuts! Popups include: Winfixer, Party Poker, etc. Any help would be GREATLY appreciated!

Logfile of HijackThis v1.99.1
Scan saved at 2:23:55 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1097724317\ee\aolsoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\aol\1097724317\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\aol\1097724317\ee\aolssc.exe
C:\Program Files\America Online 9.0d\waol.exe
C:\Program Files\America Online 9.0d\shellmon.exe
C:\Program Files\PartyPoker\PartyPoker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\trint\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oklahomapoker.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\ddcca.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1097724317\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1097724317\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccom ... gctlcm.jsp
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugi ... .5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb03.pogo.com/game/deluxe/in ... der_v6.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EP ... -0-3-0.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddcca - C:\WINDOWS\system32\ddcca.dll
O20 - Winlogon Notify: jkhfg - jkhfg.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
trint
Regular Member
 
Posts: 16
Joined: January 22nd, 2006, 4:15 pm
Advertisement
Register to Remove

Unread postby D_Trojanator » January 22nd, 2006, 5:10 pm

Hi There!

I am currently working on your log and am checking it with a teacher.

I will get back to you as soon as possible.

David
User avatar
D_Trojanator
Regular Member
 
Posts: 253
Joined: July 22nd, 2005, 6:17 am
Location: Croydon, London, UK

Unread postby trint » January 22nd, 2006, 5:47 pm

Thanks David! Its greatly appreciated!
trint
Regular Member
 
Posts: 16
Joined: January 22nd, 2006, 4:15 pm

Unread postby D_Trojanator » January 22nd, 2006, 6:30 pm

Hi Trint

Welcome to MalwareRemoval; my name is David and i will be helping you today. I see you have a fairly common Vundo infection. I see a few other entries in your HijackThis log that will need attention when we have gotten rid of your Vundo infection :)

Please complete the following to hopefully remove Vundo.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

David
User avatar
D_Trojanator
Regular Member
 
Posts: 253
Joined: July 22nd, 2005, 6:17 am
Location: Croydon, London, UK

Unread postby trint » January 22nd, 2006, 10:10 pm

VundoFix V4.0

Listing files found while scanning....

C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\accdd.bak1
C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.ini2

C:\WINDOWS\SYSTEM32\accdd.bak1
C:\WINDOWS\SYSTEM32\accdd.bak2
C:\WINDOWS\SYSTEM32\accdd.ini
C:\WINDOWS\SYSTEM32\accdd.ini2
C:\WINDOWS\SYSTEM32\ddcca.dll
Attempting to delete C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\ddcca.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\accdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\accdd.bak1
C:\WINDOWS\system32\accdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\accdd.ini2
C:\WINDOWS\system32\accdd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ddcca.dll
C:\WINDOWS\SYSTEM32\ddcca.dll Could not be deleted.

Performing Repairs to the registry.
Done!





Logfile of HijackThis v1.99.1
Scan saved at 8:09:18 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1097724317\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1097724317\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\America Online 9.0d\waol.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\America Online 9.0d\shellmon.exe
C:\Documents and Settings\trint\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oklahomapoker.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\ddcca.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1097724317\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1097724317\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [McRegWiz] c:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccom ... gctlcm.jsp
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugi ... .5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb03.pogo.com/game/deluxe/in ... der_v6.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EP ... -0-3-0.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddcca - C:\WINDOWS\system32\ddcca.dll
O20 - Winlogon Notify: jkhfg - jkhfg.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
trint
Regular Member
 
Posts: 16
Joined: January 22nd, 2006, 4:15 pm

Unread postby trint » January 22nd, 2006, 10:11 pm

results posted above
trint
Regular Member
 
Posts: 16
Joined: January 22nd, 2006, 4:15 pm

Unread postby D_Trojanator » January 23rd, 2006, 10:49 am

Hi Trint

Please print out this instructions as you should have all open windows and programs closed when running the scan.

Step 1.
==========

- Please download F-Secure's trial Blacklight from here
- Print out the help page for guidance. It will be found here
- Click the "I Accept" button at the the license agreement
- Click the "Download" button to start the download
- Save it to your Desktop

Step 2.
==========

- Double-click the blbeta.exe file on your Desktop
- Select the "I Accept the agreement" at the license agreement, then click "Next"
- Make sure "Scan through Windows Explorer (Recommended)" is selected\checked
- Make sure all open programs and windows are closed (including this IE window) before clicking the "Scan" button
- Click "Scan
- When the animated graphics, in the bottom right-hand corner, disappears, click "Next"
- A text log file will appear on your Desktop when the scan is complete. It will start with fsbl-xxxxxx.txt (ie: fsbl-20051017165931.log)
- Paste the contents of that log back here.
______________

Also, How to get a Startup List log using HJT
  1. Open HijackThis
  2. Click on Config
  3. Click on Misc tools
  4. Click on Generate start up log
  5. Click the Yes button A NotePad window will appear with a log.
  6. Close HijackThis.
  7. Copy and paste the contents of NotePad here in your reply.


Please post back with both the logs,
Thanks
David
User avatar
D_Trojanator
Regular Member
 
Posts: 253
Joined: July 22nd, 2005, 6:17 am
Location: Croydon, London, UK

Unread postby trint » January 23rd, 2006, 1:16 pm

01/23/06 11:08:06 [Info]: BlackLight Engine 1.0.30 initialized
01/23/06 11:08:06 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/23/06 11:08:10 [Note]: 7019 4
01/23/06 11:08:10 [Note]: 7005 0
01/23/06 11:08:27 [Note]: 7006 0
01/23/06 11:08:27 [Note]: 7011 1912
01/23/06 11:08:28 [Note]: FSRAW library version 1.7.1014
01/23/06 11:13:16 [Note]: 7007 0




StartupList report, 1/23/2006, 11:15:51 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\trint\My Documents\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\1097724317\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1097724317\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\common files\aol\1097724317\ee\aexplore.exe
C:\Program Files\America Online 9.0d\waol.exe
C:\Program Files\America Online 9.0d\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\aol\1097724317\ee\aolssc.exe
C:\Documents and Settings\trint\My Documents\HijackThis.exe
C:\WINDOWS\SYSTEM32\notepad.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
AOL Fast Start = "C:\Program Files\America Online 9.0d\AOL.EXE" -b

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=wbsys.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\system32\ELECTR~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - C:\WINDOWS\system32\ddcca.dll - {CE70731D-F28D-4D81-9D61-C8EE60378401}

--------------------------------------------------

Enumerating Task Scheduler jobs:

HP DArC Task #Hewlett-Packard#hp psc 1300 series#1078884210.job

--------------------------------------------------

Enumerating Download Program Files:

[Support.com Configuration Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlcm.dll
CODEBASE = http://usercenter.cox.net/rsuite/sdccom ... gctlcm.jsp

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/ ... mv9VCM.CAB

[QDiagAOLCCUpdateObj Class]
InProcServer32 = C:\WINDOWS\System32\qdiagcc.ocx
CODEBASE = http://aolcc.aol.com/computercheckup/qdiagcc.cab

[EPUImageControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPUWALcontrol.dll
CODEBASE = http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab

[{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}]
CODEBASE = http://download.av.aol.com/molbin/share ... insctl.cab

[{9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8}]
CODEBASE = http://pictures05.aim.com/ygp/aol/plugi ... .5.1.8.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/C ... 7053472222

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMe ... loader.cab

[{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}]
CODEBASE = http://download.av.aol.com/molbin/share ... cgdmgr.cab

[AOL Flash Object]
InProcServer32 = C:\Program Files\Common Files\AOL\Flasha.ocx
CODEBASE = http://download.macromedia.com/pub/shoc ... wflash.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shoc ... wflash.cab

[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE = http://aolweb03.pogo.com/game/deluxe/in ... der_v6.cab

[EPSImageControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\EPScontrol.dll
CODEBASE = http://tools.ebayimg.com/eps/activex/EP ... -0-3-0.cab

[IWinAmpActiveX Class]
InProcServer32 = C:\PROGRA~1\COMMON~1\Nullsoft\ActiveX\2.4\AmpX.dll
CODEBASE = http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\trint\LOCALS~1\Temp\2006122201836_mcappins.exe||C:\DOCUME~1\trint\LOCALS~1\Temp\2006122201836_mcinfo.exe


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 8,205 bytes
Report generated in 0.047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
trint
Regular Member
 
Posts: 16
Joined: January 22nd, 2006, 4:15 pm

Unread postby D_Trojanator » January 25th, 2006, 1:32 pm

Hello there,

*It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
It is important that you complete the following instructions in the correct order, and also that you don't miss anything out! :)

Reboot into SAFE MODE
By pressing the F8 key right when Windows starts, usually right after you hear your computer
beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
you will be brought to a menu where you can choose to boot into safe mode.

If it does not work on the first try, reboot and try again, as you have to be quick when you press it.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

David
User avatar
D_Trojanator
Regular Member
 
Posts: 253
Joined: July 22nd, 2005, 6:17 am
Location: Croydon, London, UK

Unread postby trint » January 25th, 2006, 2:46 pm

VundoFix V4.0

Listing files found while scanning....

C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\accdd.bak1
C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.ini2

C:\WINDOWS\SYSTEM32\accdd.bak1
C:\WINDOWS\SYSTEM32\accdd.bak2
C:\WINDOWS\SYSTEM32\accdd.ini
C:\WINDOWS\SYSTEM32\accdd.ini2
C:\WINDOWS\SYSTEM32\ddcca.dll
Attempting to delete C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\ddcca.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\accdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\accdd.bak1
C:\WINDOWS\system32\accdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\accdd.ini2
C:\WINDOWS\system32\accdd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ddcca.dll
C:\WINDOWS\SYSTEM32\ddcca.dll Could not be deleted.

Performing Repairs to the registry.
Done!
VundoFix V4.0

Listing files found while scanning....

C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\accdd.bak1
C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.ini2
C:\WINDOWS\system32\accdd.tmp

C:\WINDOWS\SYSTEM32\accdd.bak1
C:\WINDOWS\SYSTEM32\accdd.bak2
C:\WINDOWS\SYSTEM32\accdd.tmp
C:\WINDOWS\SYSTEM32\accdd.ini
C:\WINDOWS\SYSTEM32\accdd.ini2
C:\WINDOWS\SYSTEM32\ddcca.dll
Attempting to delete C:\WINDOWS\system32\ddcca.dll
C:\WINDOWS\system32\ddcca.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\accdd.ini
C:\WINDOWS\system32\accdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\accdd.bak1
C:\WINDOWS\system32\accdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\accdd.bak2
C:\WINDOWS\system32\accdd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\accdd.ini2
C:\WINDOWS\system32\accdd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\accdd.tmp
C:\WINDOWS\system32\accdd.tmp Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ddcca.dll
C:\WINDOWS\SYSTEM32\ddcca.dll Could not be deleted.

Performing Repairs to the registry.
Done!




Logfile of HijackThis v1.99.1
Scan saved at 12:46:05 PM, on 1/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\1097724317\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1097724317\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\Program Files\America Online 9.0d\waol.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\program files\common files\aol\1097724317\ee\aolssc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\America Online 9.0d\shellmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\trint\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oklahomapoker.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\ddcca.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1097724317\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1097724317\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0d\AOL.EXE" -b
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccom ... gctlcm.jsp
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugi ... .5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb03.pogo.com/game/deluxe/in ... der_v6.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EP ... -0-3-0.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddcca - C:\WINDOWS\system32\ddcca.dll
O20 - Winlogon Notify: jkhfg - jkhfg.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
trint
Regular Member
 
Posts: 16
Joined: January 22nd, 2006, 4:15 pm

Unread postby D_Trojanator » January 28th, 2006, 3:26 pm

Hello there,

*It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
It is important that you complete the following instructions in the correct order, and also that you don't miss anything out! :)

* download VirtumundoBeGone from:

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

* Save it to your Desktop

* reboot your system
* Close all running programs (including your Internet Browser)
* Double-click VirtumundoBeGone.exe on the desktop
* Follow the directions as indicated

please be advised that this program will generate a "BLUE SCREEN OF DEATH"... this is an expected/necessary part of the process, so don't be surprised when it happens.

VirtumundoBeGone generates a "log" file of its own, which it should have placed on your Desktop. I'll ask for that log later.
_________________

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

  • Click the Free Trial link for "SpySweeper" to download the program. NOTE: DO NOT click the Free Spyware Scan link.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

Then reboot your computer - IMPORTANT
Then post a new HJT log, with the spysweeper log and the virtumondebegone log :)

David
User avatar
D_Trojanator
Regular Member
 
Posts: 253
Joined: July 22nd, 2005, 6:17 am
Location: Croydon, London, UK

Unread postby trint » January 29th, 2006, 5:19 am

[01/28/2006, 22:12:10] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\trint\Desktop\VirtumundoBeGone.exe" )
[01/28/2006, 22:12:22] - Detected System Information:
[01/28/2006, 22:12:22] - Windows Version: 5.1.2600, Service Pack 2
[01/28/2006, 22:12:22] - Current Username: trint (Admin)
[01/28/2006, 22:12:22] - Windows is in NORMAL mode.
[01/28/2006, 22:12:22] - Searching for Browser Helper Objects:
[01/28/2006, 22:12:22] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/28/2006, 22:12:22] - BHO 2: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/28/2006, 22:12:22] - BHO 3: {CE70731D-F28D-4D81-9D61-C8EE60378401} (MSEvents Object)
[01/28/2006, 22:12:22] - ALERT: Found MSEvents Object!
[01/28/2006, 22:12:22] - Finished Searching Browser Helper Objects
[01/28/2006, 22:12:22] - *** Detected MSEvents Object
[01/28/2006, 22:12:22] - Trying to remove MSEvents Object...
[01/28/2006, 22:12:23] - Terminating Process: IEXPLORE.EXE
[01/28/2006, 22:12:28] - Terminating Process: RUNDLL32.EXE
[01/28/2006, 22:12:29] - Disabling Automatic Shell Restart
[01/28/2006, 22:12:30] - Terminating Process: EXPLORER.EXE
[01/28/2006, 22:12:34] - Suspending the NT Session Manager System Service
[01/28/2006, 22:12:34] - Terminating Windows NT Logon/Logoff Manager
[01/28/2006, 22:12:35] - Re-enabling Automatic Shell Restart
[01/28/2006, 22:12:35] - File to disable: C:\WINDOWS\system32\ddcca.dll
[01/28/2006, 22:12:35] - Renaming C:\WINDOWS\system32\ddcca.dll -> C:\WINDOWS\system32\ddcca.dll.vir
[01/28/2006, 22:12:35] - ! File rename was unsucessful.
[01/28/2006, 22:12:35] - Attempting to Deny Access to C:\WINDOWS\system32\ddcca.dll
[01/28/2006, 22:12:39] - *** IMPORTANT: Delete/Rename/Move on reboot (like Killbox) MAY NOT work.
[01/28/2006, 22:12:39] - processed file: C:\WINDOWS\system32\ddcca.dll

[01/28/2006, 22:12:39] - *** IMPORTANT: The file is disabled and will need to be deleted by the user.
[01/28/2006, 22:12:39] - Removing HKLM\...\Browser Helper Objects\{CE70731D-F28D-4D81-9D61-C8EE60378401}
[01/28/2006, 22:12:43] - Removing HKCR\CLSID\{CE70731D-F28D-4D81-9D61-C8EE60378401}
[01/28/2006, 22:12:44] - Adding Kill Bit for ActiveX for GUID: {CE70731D-F28D-4D81-9D61-C8EE60378401}
[01/28/2006, 22:12:44] - Deleting ATLEvents/MSEvents Registry entries
[01/28/2006, 22:12:44] - Removing HKLM\...\Winlogon\Notify\ddcca
[01/28/2006, 22:12:44] - Searching for Browser Helper Objects:
[01/28/2006, 22:12:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[01/28/2006, 22:12:44] - BHO 2: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[01/28/2006, 22:12:44] - BHO 3: {CE70731D-F28D-4D81-9D61-C8EE60378401} ()
[01/28/2006, 22:12:44] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/28/2006, 22:12:44] - No filename found. Continuing.
[01/28/2006, 22:12:46] - Finished Searching Browser Helper Objects
[01/28/2006, 22:12:46] - Finishing up...
[01/28/2006, 22:12:46] - A restart is needed.
[01/28/2006, 22:12:46] - Automatic Reboot on STOP Error is not set. User will have to manually restart.
[01/28/2006, 22:13:09] - Attempting to Restart via STOP error (Blue Screen!)





********
2:29 AM: | Start of Session, Sunday, January 29, 2006 |
2:29 AM: Spy Sweeper started
2:29 AM: Sweep initiated using definitions version 606
2:29 AM: Starting Memory Sweep
2:31 AM: Memory Sweep Complete, Elapsed Time: 00:02:09
2:31 AM: Starting Registry Sweep
2:31 AM: Found Adware: clipgenie
2:31 AM: HKLM\software\microsoft\windows\currentversion\app management\arpcache\clipgenie\ (2 subtraces) (ID = 105921)
2:31 AM: Found Adware: delfin
2:31 AM: HKLM\software\dsi\ (2 subtraces) (ID = 124852)
2:31 AM: Found Adware: networkessentials
2:31 AM: HKCR\mp.mediapops.1\ (3 subtraces) (ID = 136079)
2:31 AM: HKCR\mp.mediapops\ (5 subtraces) (ID = 136080)
2:31 AM: HKLM\software\classes\mp.mediapops\ (5 subtraces) (ID = 136152)
2:31 AM: Found Adware: relatedlinks bho
2:31 AM: HKLM\software\microsoft\windows\currentversion\uninstall\relatedlinks\ (2 subtraces) (ID = 139388)
2:31 AM: Found Adware: websearch toolbar
2:31 AM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/qdow.dll\ (2 subtraces) (ID = 146481)
2:31 AM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\qdow.dll (ID = 146496)
2:31 AM: HKLM\system\currentcontrolset\enum\root\legacy_wintoolssvc\ (8 subtraces) (ID = 146518)
2:31 AM: Found Adware: whistle
2:31 AM: HKLM\software\whistlesoftware\ (6 subtraces) (ID = 146655)
2:31 AM: Found Adware: virtumonde
2:31 AM: HKCR\msevents.msevents\ (5 subtraces) (ID = 749130)
2:31 AM: HKCR\msevents.msevents.1\ (3 subtraces) (ID = 749136)
2:31 AM: HKLM\software\classes\msevents.msevents\ (5 subtraces) (ID = 749153)
2:31 AM: HKLM\software\classes\msevents.msevents.1\ (3 subtraces) (ID = 749157)
2:31 AM: HKCR\typelib\{b8848f69-e8e2-4952-90f2-bc4ef0c22243}\ (9 subtraces) (ID = 776209)
2:31 AM: HKLM\software\classes\typelib\{b8848f69-e8e2-4952-90f2-bc4ef0c22243}\ (9 subtraces) (ID = 776237)
2:31 AM: Found Adware: ezsearchbar
2:31 AM: HKU\S-1-5-21-3891085595-2648234354-1742216858-1007\software\ezsearchbar2\ (12 subtraces) (ID = 126017)
2:31 AM: HKU\S-1-5-21-3891085595-2648234354-1742216858-1007\software\support software\ (11 subtraces) (ID = 136177)
2:31 AM: Registry Sweep Complete, Elapsed Time:00:00:13
2:31 AM: Starting Cookie Sweep
2:31 AM: Found Spy Cookie: 247realmedia cookie
2:31 AM: trint@247realmedia[2].txt (ID = 1953)
2:31 AM: Found Spy Cookie: 2o7.net cookie
2:31 AM: trint@2o7[2].txt (ID = 1957)
2:31 AM: Found Spy Cookie: websponsors cookie
2:31 AM: trint@a.websponsors[1].txt (ID = 3665)
2:31 AM: Found Spy Cookie: go.com cookie
2:31 AM: trint@abc.go[2].txt (ID = 2729)
2:31 AM: trint@abclocal.go[1].txt (ID = 2729)
2:31 AM: Found Spy Cookie: about cookie
2:31 AM: trint@about[1].txt (ID = 2037)
2:31 AM: Found Spy Cookie: yieldmanager cookie
2:31 AM: trint@ad.yieldmanager[1].txt (ID = 3751)
2:31 AM: Found Spy Cookie: adknowledge cookie
2:31 AM: trint@adknowledge[2].txt (ID = 2072)
2:31 AM: Found Spy Cookie: adlegend cookie
2:31 AM: trint@adlegend[2].txt (ID = 2074)
2:31 AM: Found Spy Cookie: specificclick.com cookie
2:31 AM: trint@adopt.specificclick[2].txt (ID = 3400)
2:31 AM: Found Spy Cookie: adrevolver cookie
2:31 AM: trint@adrevolver[1].txt (ID = 2088)
2:31 AM: trint@adrevolver[2].txt (ID = 2088)
2:31 AM: Found Spy Cookie: addynamix cookie
2:31 AM: trint@ads.addynamix[2].txt (ID = 2062)
2:31 AM: Found Spy Cookie: pointroll cookie
2:31 AM: trint@ads.pointroll[1].txt (ID = 3148)
2:31 AM: Found Spy Cookie: ads.stileproject cookie
2:31 AM: trint@ads.stileproject[2].txt (ID = 2127)
2:31 AM: Found Spy Cookie: pollstar cookie
2:31 AM: trint@adserver.pollstar[1].txt (ID = 3152)
2:31 AM: Found Spy Cookie: adtech cookie
2:31 AM: trint@adtech[2].txt (ID = 2155)
2:31 AM: Found Spy Cookie: adultfriendfinder cookie
2:31 AM: trint@adultfriendfinder[2].txt (ID = 2165)
2:31 AM: Found Spy Cookie: apmebf cookie
2:31 AM: trint@apmebf[2].txt (ID = 2229)
2:31 AM: Found Spy Cookie: atwola cookie
2:31 AM: trint@ar.atwola[2].txt (ID = 2256)
2:31 AM: Found Spy Cookie: falkag cookie
2:31 AM: trint@as-eu.falkag[2].txt (ID = 2650)
2:31 AM: trint@as-us.falkag[2].txt (ID = 2650)
2:31 AM: trint@as1.falkag[1].txt (ID = 2650)
2:31 AM: Found Spy Cookie: ask cookie
2:31 AM: trint@ask[1].txt (ID = 2245)
2:31 AM: Found Spy Cookie: belnk cookie
2:31 AM: trint@ath.belnk[1].txt (ID = 2293)
2:31 AM: trint@atwola[1].txt (ID = 2255)
2:31 AM: Found Spy Cookie: banner cookie
2:31 AM: trint@banner[2].txt (ID = 2276)
2:31 AM: trint@belnk[1].txt (ID = 2292)
2:31 AM: Found Spy Cookie: bluestreak cookie
2:31 AM: trint@bluestreak[2].txt (ID = 2314)
2:31 AM: Found Spy Cookie: bravenet cookie
2:31 AM: trint@bravenet[2].txt (ID = 2322)
2:31 AM: Found Spy Cookie: bs.serving-sys cookie
2:31 AM: trint@bs.serving-sys[1].txt (ID = 2330)
2:31 AM: Found Spy Cookie: burstnet cookie
2:31 AM: trint@burstnet[1].txt (ID = 2336)
2:31 AM: Found Spy Cookie: barelylegal cookie
2:31 AM: trint@c.fsx[1].txt (ID = 2286)
2:31 AM: Found Spy Cookie: zedo cookie
2:31 AM: trint@c1.zedo[2].txt (ID = 3763)
2:31 AM: Found Spy Cookie: cardomain cookie
2:31 AM: trint@cardomain[2].txt (ID = 2350)
2:31 AM: Found Spy Cookie: casalemedia cookie
2:31 AM: trint@casalemedia[1].txt (ID = 2354)
2:31 AM: Found Spy Cookie: centrport net cookie
2:31 AM: trint@centrport[1].txt (ID = 2374)
2:31 AM: Found Spy Cookie: classmates cookie
2:31 AM: trint@classmates[2].txt (ID = 2384)
2:31 AM: trint@cnn.122.2o7[1].txt (ID = 1958)
2:31 AM: Found Spy Cookie: columbiahouse cookie
2:31 AM: trint@columbiahouse[1].txt (ID = 2443)
2:31 AM: trint@coxhsi.112.2o7[2].txt (ID = 1958)
2:31 AM: Found Spy Cookie: clickzs cookie
2:31 AM: trint@cz3.clickzs[2].txt (ID = 2413)
2:31 AM: trint@cz7.clickzs[2].txt (ID = 2413)
2:31 AM: trint@cz8.clickzs[2].txt (ID = 2413)
2:31 AM: Found Spy Cookie: overture cookie
2:31 AM: trint@data1.perf.overture[1].txt (ID = 3106)
2:31 AM: Found Spy Cookie: dealtime cookie
2:31 AM: trint@dealtime[2].txt (ID = 2505)
2:31 AM: trint@dist.belnk[2].txt (ID = 2293)
2:31 AM: Found Spy Cookie: dl cookie
2:31 AM: trint@dl[1].txt (ID = 2529)
2:31 AM: Found Spy Cookie: ru4 cookie
2:31 AM: trint@edge.ru4[1].txt (ID = 3269)
2:31 AM: trint@entrepreneur.122.2o7[1].txt (ID = 1958)
2:31 AM: trint@espn.go[1].txt (ID = 2729)
2:31 AM: Found Spy Cookie: fastclick cookie
2:31 AM: trint@fastclick[1].txt (ID = 2651)
2:31 AM: trint@football.about[1].txt (ID = 2038)
2:31 AM: trint@go[1].txt (ID = 2728)
2:31 AM: Found Spy Cookie: humanclick cookie
2:31 AM: trint@hc2.humanclick[1].txt (ID = 2810)
2:31 AM: Found Spy Cookie: clickandtrack cookie
2:31 AM: trint@hits.clickandtrack[1].txt (ID = 2397)
2:31 AM: Found Spy Cookie: maxserving cookie
2:31 AM: trint@maxserving[1].txt (ID = 2966)
2:31 AM: trint@metacafe.122.2o7[1].txt (ID = 1958)
2:31 AM: Found Spy Cookie: metareward.com cookie
2:31 AM: trint@metareward[1].txt (ID = 2990)
2:31 AM: trint@microsofteup.112.2o7[1].txt (ID = 1958)
2:31 AM: trint@movies.go[1].txt (ID = 2729)
2:31 AM: Found Spy Cookie: nextag cookie
2:31 AM: trint@nextag[2].txt (ID = 5014)
2:31 AM: trint@overture[2].txt (ID = 3105)
2:31 AM: trint@partygaming.122.2o7[1].txt (ID = 1958)
2:31 AM: Found Spy Cookie: partypoker cookie
2:31 AM: trint@partypoker[2].txt (ID = 3111)
2:31 AM: trint@perf.overture[1].txt (ID = 3106)
2:31 AM: Found Spy Cookie: pricegrabber cookie
2:31 AM: trint@pricegrabber[2].txt (ID = 3185)
2:31 AM: Found Spy Cookie: pub cookie
2:31 AM: trint@pub[1].txt (ID = 3205)
2:31 AM: Found Spy Cookie: qksrv cookie
2:31 AM: trint@qksrv[2].txt (ID = 3213)
2:31 AM: Found Spy Cookie: questionmarket cookie
2:31 AM: trint@questionmarket[1].txt (ID = 3217)
2:31 AM: Found Spy Cookie: realmedia cookie
2:31 AM: trint@realmedia[1].txt (ID = 3235)
2:31 AM: Found Spy Cookie: valuead cookie
2:31 AM: trint@reduxads.valuead[1].txt (ID = 3627)
2:31 AM: trint@riptownmedia.122.2o7[1].txt (ID = 1958)
2:31 AM: Found Spy Cookie: rn11 cookie
2:31 AM: trint@rn11[2].txt (ID = 3261)
2:31 AM: Found Spy Cookie: adjuggler cookie
2:31 AM: trint@rotator.adjuggler[1].txt (ID = 2071)
2:31 AM: trint@rsi.abc.go[1].txt (ID = 2729)
2:31 AM: trint@rsi.espn.go[1].txt (ID = 2729)
2:31 AM: trint@sel.as-us.falkag[2].txt (ID = 2650)
2:31 AM: Found Spy Cookie: server.iad.liveperson cookie
2:31 AM: trint@server.iad.liveperson[1].txt (ID = 3341)
2:31 AM: Found Spy Cookie: serving-sys cookie
2:31 AM: trint@serving-sys[1].txt (ID = 3343)
2:31 AM: trint@sports.espn.go[2].txt (ID = 2729)
2:31 AM: trint@stat.dealtime[2].txt (ID = 2506)
2:31 AM: Found Spy Cookie: statcounter cookie
2:31 AM: trint@statcounter[2].txt (ID = 3447)
2:31 AM: Found Spy Cookie: reliablestats cookie
2:31 AM: trint@stats1.reliablestats[2].txt (ID = 3254)
2:31 AM: Found Spy Cookie: tacoda cookie
2:31 AM: trint@tacoda[2].txt (ID = 6444)
2:31 AM: Found Spy Cookie: tradedoubler cookie
2:31 AM: trint@tradedoubler[2].txt (ID = 3575)
2:31 AM: Found Spy Cookie: trafficmp cookie
2:31 AM: trint@trafficmp[2].txt (ID = 3581)
2:31 AM: Found Spy Cookie: tribalfusion cookie
2:31 AM: trint@tribalfusion[2].txt (ID = 3589)
2:31 AM: Found Spy Cookie: tripod cookie
2:31 AM: trint@tripod[1].txt (ID = 3591)
2:31 AM: Found Spy Cookie: ugo cookie
2:31 AM: trint@ugo[1].txt (ID = 3608)
2:31 AM: Found Spy Cookie: realtracker cookie
2:31 AM: trint@web4.realtracker[2].txt (ID = 3242)
2:31 AM: Found Spy Cookie: burstbeacon cookie
2:31 AM: trint@www.burstbeacon[1].txt (ID = 2335)
2:31 AM: trint@www.cardomain[2].txt (ID = 2351)
2:31 AM: trint@www.pollstar[2].txt (ID = 3152)
2:31 AM: Found Spy Cookie: claxonmedia cookie
2:31 AM: trint@www1.claxonmedia[2].txt (ID = 2388)
2:31 AM: trint@www3.claxonmedia[2].txt (ID = 2387)
2:31 AM: trint@yieldmanager[2].txt (ID = 3749)
2:31 AM: Found Spy Cookie: adserver cookie
2:31 AM: trint@z1.adserver[1].txt (ID = 2142)
2:31 AM: trint@zedo[2].txt (ID = 3762)
2:31 AM: Cookie Sweep Complete, Elapsed Time: 00:00:05
2:31 AM: Starting File Sweep
2:32 AM: Found Adware: addestroyer
2:32 AM: inneradinstall.log (ID = 49035)
2:33 AM: Found Adware: virtualbouncer
2:33 AM: innervbinstall.log (ID = 82805)
2:41 AM: Found Adware: ie driver
2:41 AM: setup233.exe (ID = 82096)
3:08 AM: File Sweep Complete, Elapsed Time: 00:36:22
3:08 AM: Full Sweep has completed. Elapsed time 00:38:55
3:08 AM: Traces Found: 212
3:11 AM: Removal process initiated
3:11 AM: Quarantining All Traces: ie driver
3:11 AM: Quarantining All Traces: virtumonde
3:11 AM: Quarantining All Traces: websearch toolbar
3:11 AM: Quarantining All Traces: delfin
3:11 AM: Quarantining All Traces: addestroyer
3:11 AM: Quarantining All Traces: clipgenie
3:11 AM: Quarantining All Traces: ezsearchbar
3:11 AM: Quarantining All Traces: networkessentials
3:11 AM: Quarantining All Traces: relatedlinks bho
3:12 AM: Quarantining All Traces: virtualbouncer
3:12 AM: Quarantining All Traces: whistle
3:12 AM: Quarantining All Traces: 247realmedia cookie
3:12 AM: Quarantining All Traces: 2o7.net cookie
3:12 AM: Quarantining All Traces: about cookie
3:12 AM: Quarantining All Traces: addynamix cookie
3:12 AM: Quarantining All Traces: adjuggler cookie
3:12 AM: Quarantining All Traces: adknowledge cookie
3:12 AM: Quarantining All Traces: adlegend cookie
3:12 AM: Quarantining All Traces: adrevolver cookie
3:12 AM: Quarantining All Traces: ads.stileproject cookie
3:12 AM: Quarantining All Traces: adserver cookie
3:12 AM: Quarantining All Traces: adtech cookie
3:12 AM: Quarantining All Traces: adultfriendfinder cookie
3:12 AM: Quarantining All Traces: apmebf cookie
3:12 AM: Quarantining All Traces: ask cookie
3:12 AM: Quarantining All Traces: atwola cookie
3:12 AM: Quarantining All Traces: banner cookie
3:12 AM: Quarantining All Traces: barelylegal cookie
3:12 AM: Quarantining All Traces: belnk cookie
3:12 AM: Quarantining All Traces: bluestreak cookie
3:12 AM: Quarantining All Traces: bravenet cookie
3:12 AM: Quarantining All Traces: bs.serving-sys cookie
3:12 AM: Quarantining All Traces: burstbeacon cookie
3:12 AM: Quarantining All Traces: burstnet cookie
3:12 AM: Quarantining All Traces: cardomain cookie
3:12 AM: Quarantining All Traces: casalemedia cookie
3:12 AM: Quarantining All Traces: centrport net cookie
3:12 AM: Quarantining All Traces: classmates cookie
3:12 AM: Quarantining All Traces: claxonmedia cookie
3:12 AM: Quarantining All Traces: clickandtrack cookie
3:12 AM: Quarantining All Traces: clickzs cookie
3:12 AM: Quarantining All Traces: columbiahouse cookie
3:12 AM: Quarantining All Traces: dealtime cookie
3:12 AM: Quarantining All Traces: dl cookie
3:12 AM: Quarantining All Traces: falkag cookie
3:12 AM: Quarantining All Traces: fastclick cookie
3:12 AM: Quarantining All Traces: go.com cookie
3:12 AM: Quarantining All Traces: humanclick cookie
3:12 AM: Quarantining All Traces: maxserving cookie
3:12 AM: Quarantining All Traces: metareward.com cookie
3:12 AM: Quarantining All Traces: nextag cookie
3:12 AM: Quarantining All Traces: overture cookie
3:12 AM: Quarantining All Traces: partypoker cookie
3:12 AM: Quarantining All Traces: pointroll cookie
3:12 AM: Quarantining All Traces: pollstar cookie
3:12 AM: Quarantining All Traces: pricegrabber cookie
3:12 AM: Quarantining All Traces: pub cookie
3:12 AM: Quarantining All Traces: qksrv cookie
3:12 AM: Quarantining All Traces: questionmarket cookie
3:12 AM: Quarantining All Traces: realmedia cookie
3:12 AM: Quarantining All Traces: realtracker cookie
3:12 AM: Quarantining All Traces: reliablestats cookie
3:12 AM: Quarantining All Traces: rn11 cookie
3:12 AM: Quarantining All Traces: ru4 cookie
3:12 AM: Quarantining All Traces: server.iad.liveperson cookie
3:12 AM: Quarantining All Traces: serving-sys cookie
3:12 AM: Quarantining All Traces: specificclick.com cookie
3:12 AM: Quarantining All Traces: statcounter cookie
3:12 AM: Quarantining All Traces: tacoda cookie
3:12 AM: Quarantining All Traces: tradedoubler cookie
3:12 AM: Quarantining All Traces: trafficmp cookie
3:12 AM: Quarantining All Traces: tribalfusion cookie
3:12 AM: Quarantining All Traces: tripod cookie
3:12 AM: Quarantining All Traces: ugo cookie
3:12 AM: Quarantining All Traces: valuead cookie
3:12 AM: Quarantining All Traces: websponsors cookie
3:12 AM: Quarantining All Traces: yieldmanager cookie
3:12 AM: Quarantining All Traces: zedo cookie
3:12 AM: Removal process completed. Elapsed time 00:00:29
********
2:24 AM: | Start of Session, Sunday, January 29, 2006 |
2:24 AM: Spy Sweeper started
2:29 AM: Your spyware definitions have been updated.
2:29 AM: | End of Session, Sunday, January 29, 2006 |





Logfile of HijackThis v1.99.1
Scan saved at 3:19:23 AM, on 1/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\1097724317\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1097724317\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\trint\My Documents\HijackThis.exe
c:\program files\common files\aol\1097724317\ee\aolssc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oklahomapoker.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1097724317\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1097724317\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccom ... gctlcm.jsp
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugi ... .5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb03.pogo.com/game/deluxe/in ... der_v6.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EP ... -0-3-0.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddcca - C:\WINDOWS\system32\ddcca.dll
O20 - Winlogon Notify: jkhfg - jkhfg.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
trint
Regular Member
 
Posts: 16
Joined: January 22nd, 2006, 4:15 pm

Unread postby D_Trojanator » January 29th, 2006, 11:55 am

Hi again Trint! :)

You have SpySweeper installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix. Image

SpySweeper
  1. Open SpySweeper
  2. Click Options
  3. Click Program Options
  4. Uncheck Load at windows startup.
  5. Click Shields
  6. Uncheck everything.
  7. Uncheck Home Page Shield.
  8. Uncheck Automatically restore default without notification.

Don't forget to re-instate Spysweeper when your machine is clean by re-checking everything you unchecked above.

The Vundofix that you have used before has been updated. You need to delete the previous version if you still have it and download the newer version:

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

David :)
User avatar
D_Trojanator
Regular Member
 
Posts: 253
Joined: July 22nd, 2005, 6:17 am
Location: Croydon, London, UK

Unread postby D_Trojanator » January 29th, 2006, 12:03 pm

Edit - wrong post.
David
User avatar
D_Trojanator
Regular Member
 
Posts: 253
Joined: July 22nd, 2005, 6:17 am
Location: Croydon, London, UK

Unread postby trint » January 29th, 2006, 2:03 pm

Logfile of HijackThis v1.99.1
Scan saved at 12:00:43 PM, on 1/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\1097724317\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\1097724317\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
C:\Program Files\mcafee.com\antivirus\oasclnt.exe
C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
C:\Program Files\Messenger\msmsgs.exe
c:\program files\common files\aol\1097724317\ee\aolssc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
C:\Program Files\mcafee.com\personal firewall\MPFService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dumprep.exe
C:\Documents and Settings\trint\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oklahomapoker.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1097724317\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1097724317\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe
O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe
O4 - HKLM\..\Run: [MPFExe] C:\Program Files\mcafee.com\personal firewall\MPfTray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://usercenter.cox.net/rsuite/sdccom ... gctlcm.jsp
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/share ... insctl.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures05.aim.com/ygp/aol/plugi ... .5.1.8.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/share ... cgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aolweb03.pogo.com/game/deluxe/in ... der_v6.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EP ... -0-3-0.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ddcca - C:\WINDOWS\system32\ddcca.dll
O20 - Winlogon Notify: jkhfg - jkhfg.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Antivirus Update Service (aolavupd) - America Online - C:\Program Files\Common Files\AOL\1097724317\ee\services\sscFirewallPlugin\ver1_10_3_1\aolavupd.exe
O23 - Service: McAfee McShield (McShield) - McAfee Inc. - C:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\Program Files\mcafee.com\personal firewall\MPFService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe


VundoFix stated there was no infected files found therefore did not create a log. I tried running it normal and in safe mode and gave me the same message both times.
trint
Regular Member
 
Posts: 16
Joined: January 22nd, 2006, 4:15 pm
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 300 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware