TheTechGuide Forum

General Category => Tech Clinic => Topic started by: jewelnmd on November 07, 2005, 04:31:27 PM

Title: Virus, Pop-Ups, General Sluggishness
Post by: jewelnmd on November 07, 2005, 04:31:27 PM

I've been on business travel for almost a month and my kids have had free rein of my desktop.  I tried adaware and spybot, but i still have pop up issues, as well as sluggishness.  here is my log...


Logfile of HijackThis v1.99.1
Scan saved at 4:22:12 AM, on 11/07/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBPOLL.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTSMON.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\TOPSPEED\2.0\AOLTPSPD.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\BROADJUMP\CLIENT FOUNDATION\CFD.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\PROGRAM FILES\BELLSOUTH INTERNET TOOLS\BLSLOADER.EXE
C:\PROGRAM FILES\COMMON FILES\AOL\AOL SPYWARE PROTECTION\AOLSP SCHEDULER.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFTRAY.EXE
C:\WINDOWS\SYSTEM\APD123.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\DTNGIP.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\COMMON FILES\AOL\SCREENSAVER\YGPSSTRA.EXE
C:\PROGRAM FILES\WILD FILE\GOBACK\GBMENU.EXE
C:\PROGRAM FILES\MCAFEE.COM\PERSONAL FIREWALL\MPFAGENT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0B\WEmail RemovedEXE
C:\PROGRAM FILES\AMERICA ONLINE 9.0B\SHELLMON.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimtoday.com/search/aimtoolbar.jsp (http://\"http://channels.aimtoday.com/search/aimtoolbar.jsp\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/ (http://\"http://home.bellsouth.net/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp (http://\"http://channels.aimtoday.com/search/aimtoolbar.jsp\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_5_7_1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: BlspcHlpr Class - {15C9938F-CB96-496D-800A-B827F2E34EA1} - C:\PROGRAM FILES\BELLSOUTH INTERNET TOOLS\BLSPC.DLL
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE02A.DLL (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN2\YCOMP5_5_7_1.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\MCUPDATE.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [RFX_auto_upgrade] rundll32.exe C:\PROGRA~1\RICHFX\PLAYER\NPVPG004.DLL,auto_upg_check
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [blspcloader] "C:\PROGRAM FILES\BELLSOUTH INTERNET TOOLS\BLSLOADER.EXE"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [APD123] C:\WINDOWS\SYSTEM\APD123.exe
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\WUAUCLT.DLL,SHStart
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\dtngip.exe reg_run
O4 - HKLM\..\Run: [devldr16.exe] C:\WINDOWS\SYSTEM\devldr16.exe
O4 - HKLM\..\RunServices: [GoBack Polling Service] C:\Program Files\Wild File\GoBack\GBPoll.exe
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - HKLM\..\RunServices: [AolAcsDaemon1] "C:\PROGRAM FILES\COMMON FILES\AOL\ACS\AOLACSD.EXE"
O4 - HKLM\..\RunServices: [AOL TopSpeedMonitor] C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [You've Got Pictures Screensaver] C:\Program Files\Common Files\AOL\Screensaver\ygpsstra.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRAM FILES\AMERICA ONLINE 9.0B\Email RemovedEXE" -b
O4 - Startup: GoBack.lnk = C:\Program Files\Wild File\GoBack\GBMenu.exe
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\WINDOWS\TEMP\11241F3.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\PROGRAM FILES\AOL TOOLBAR\TOOLBAR.DLL/SEARCH.HTML
O8 - Extra context menu item: &AIM Search - res://C:\PROGRAM FILES\AIM TOOLBAR\AIMBAR.DLL/aimsearch.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Messenger - {DECDBEEF-D3AD-B3EF-DE4D-B3EFDEADB3EF} - C:\WINDOWS\Start Menu\Programs\BellSouth® Communications Suite\BellSouth Messenger.lnk
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\SBCIE02A.DLL (file missing)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v41/wo...be/wordcube.cab (http://\"http://mirror.worldwinner.com/games/v41/wordcube/wordcube.cab\")
O16 - DPF: {6BB594E2-6E4D-4CC9-98B0-931C323F9165} (DepHlp Control) - http://mirror.worldwinner.com/games/shared/dephlp.cab (http://\"http://mirror.worldwinner.com/games/shared/dephlp.cab\")
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323 (http://\"http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?323\")
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://www.contentwatch.com/audit/includes...uditControl.cab (http://\"http://www.contentwatch.com/audit/includes/ContentAuditControl.cab\")
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.Email (http://\"http://download.av.Email\") Removed/molbin/shared/m...75/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.Email (http://\"http://download.av.Email\") Removed/molbin/shared/m...,18/mcgdmgr.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.fastaccess.com/sdccommon/download/tgctlcm.cab (http://\"http://support.fastaccess.com/sdccommon/download/tgctlcm.cab\")
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.Email (http://\"http://aolcc.Email\") Removed/computercheckup/qdiagcc.cab
O16 - DPF: {47F591A1-8783-11D2-8343-00A0C945A819} (WGPlayer Class) - http://download.richfx.com/player/release/...date=01_17_2001 (http://\"http://download.richfx.com/player/release/vpsetup.cab?site=Demo&section=neimanmarcus&date=01_17_2001\")
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toontown.com/sv1.0.15.26/ttinst.cab (http://\"http://download.toontown.com/sv1.0.15.26/ttinst.cab\")
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gateway.com/support/serialharvest/gwCID.CAB (http://\"http://support.gateway.com/support/serialharvest/gwCID.CAB\")
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - https://gateway.cf1live.com/eSupport/static/bin/msjavx86.exe (http://\"https://gateway.cf1live.com/eSupport/static/bin/msjavx86.exe\")
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - https://www.webiqonline.com/WebIQ/bin/WebIQ.cab (http://\"https://www.webiqonline.com/WebIQ/bin/WebIQ.cab\")
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1435/ftp...23/cpbrkpie.cab (http://\"http://a19.g.akamai.net/7/19/7125/1435/ftp.coupons.com/v3123/cpbrkpie.cab\")
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab (http://\"http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab\")
O16 - DPF: {A1B09066-C95C-4EF6-8DFD-3DD0AFE610B6} (AOL YGP Screensaver) - http://pak01.pictures.Email (http://\"http://pak01.pictures.Email\") Removed/ygp/aol/plug...US.9.1.6.20.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB (http://\"http://support.gateway.com/support/profiler/PCPitStop.CAB\")
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static...h/weblaunch.cab (http://\"http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab\")
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...od/install.html (http://\"https://components.viewpoint.com/MTSInstall...od/install.html\")
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab (http://\"http://www.nick.com/common/groove/gx/GrooveAX27.cab\")
O16 - DPF: {BC01A402-4730-11D2-B36C-0000E8DF722B} (Illuminatus 4.5 IE Plugin) - http://www.digitalworkshop.co.uk/ilm450.cab (http://\"http://www.digitalworkshop.co.uk/ilm450.cab\")
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.cab (http://\"http://download.games.yahoo.com/games/clients/y/tt3_x.cab\")
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} (SnoopyCtrl Class) - http://www.easports.com/downloads/games/co...py/iesnoopy.cab (http://\"http://www.easports.com/downloads/games/common/snoopy/iesnoopy.cab\")
O16 - DPF: {E66A5764-212B-40EC-8FB8-16949F6A82CD} - http://www.ouchvideo.com/c8/svcmm32.cab (http://\"http://www.ouchvideo.com/c8/svcmm32.cab\")
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab (http://\"http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab\")
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.3.4.49/mlsl...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.3.4.49/mlslots/mlslots-ob-assets.cab\")
O16 - DPF: ConferenceRoom Java Client - http://java.irc.liveharmony.org:8080/java/cr.cab (http://\"http://java.irc.liveharmony.org:8080/java/cr.cab\")
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.3.4.49/supe...o-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.3.4.49/superbingo/superbingo-ob-assets.cab\")
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.2.1.27/blac...k-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.1.27/blackjack/blackjack-ob-assets.cab\")
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab (http://\"http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab\")
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab (http://\"http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab\")
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin.com/cab/wabctrl.cab (http://\"https://www.linkedin.com/cab/wabctrl.cab\")
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edgesuite...vex-2.0.2.7.cab (http://\"http://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.2.7.cab\")
O16 - DPF: Jigsaw Detective by pogo - http://game1.pogo.com/applet-6.2.4.32/jigs...w-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.2.4.32/jigsaw/jigsaw-ob-assets.cab\")
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.3.3.27/euch...e-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.3.3.27/euchre/euchre-ob-assets.cab\")
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.3.3.27/swee...h-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.3.3.27/sweettooth/sweettooth-ob-assets.cab\")
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.3.3.27/vide...d-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.3.3.27/videopoker2/jokerswild-ob-assets.cab\")
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.3.27/turb...1-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.3.3.27/turbo21/turbo21-ob-assets.cab\")
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.3.3.38/popp...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.3.3.38/poppit2/poppit2-ob-assets.cab\")
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.3.38/back...n-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.3.3.38/backgammon/backgammon-ob-assets.cab\")
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.3.4.49/hold...m-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.3.4.49/holdem/holdem-ob-assets.cab\")
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.3.4.49/sque...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.3.4.49/squelchies/squelchies-ob-assets.cab\")
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.3.4.49/lott...o-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.3.4.49/lottso/lottso-ob-assets.cab\")
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.3.4.64/spid...r-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.3.4.64/spider/spider-ob-assets.cab\")
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.3.4.64/word...2-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.3.4.64/wordwhomp2/whomp2-ob-assets.cab\")
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangocash.com/cab/Zango/ie/bridge-c356.cab (http://\"http://static.zangocash.com/cab/Zango/ie/bridge-c356.cab\")
O16 - DPF: Double Deuce Poker by pogo - http://game1.pogo.com/applet-6.4.0.34/vide...e-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.4.0.34/videopoker2/doubledeuce-ob-assets.cab\")
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.4.0.34/chec...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.4.0.34/checkers2/checkers-ob-assets.cab\")
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downloads/g...GameManager.cab (http://\"http://www.disney.go.com/games/downloads/gamemanager/DIGGameManager.cab\")
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll (http://\"http://www.miniclip.com/supergerball/miniclipGameLoader.dll\")
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.4.0.41/vide...k-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.4.0.41/videoblackjack/videoblackjack-ob-assets.cab\")
O16 - DPF: Penguin Blocks by pogo - http://game1.pogo.com/applet-6.4.0.41/peng...s-ob-assets.cab (http://\"http://game1.pogo.com/applet-6.4.0.41/penguins/penguins-ob-assets.cab\")
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aoldsl.net
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - (no file)

Title: Virus, Pop-Ups, General Sluggishness
Post by: guestolo on November 07, 2005, 09:05:46 PM

Hi Jewelnmd, can you do the following please

==Download and save WinPFind.zip (http://\"http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip\")
UNZIP the contents to your desktop

Download and save Trackqoo.zip (http://\"http://www.bleepingcomputer.com/files/mosaic1/Trackqoo.zip\")
UNZIP the contents to your desktop

RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for an alternative method

Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
This could take some time as it will scan your drive

Reboot back to Normal mode

Double Click on "Track qoo.vbs"
Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post
Also,
# Go to the WinPFind folder
# Locate WinPFind.txt
# Place those results here

One more log
Open hijackthis>>Open the misc tools section
Open the Uninstall Manager>>Click the SAVE LIST button
Save this list to desktop and copy and paste the contents back here