Virus? Trojan? ddcca and awtspqq.dll

Hey MajorGeeks,
While on the Internet earlier tonight, a new window opens up advertising PartyPoker. I didn't want to visit PartyPoker... Something is obviously wrong

My problems may have started a few days ago. While running a routine Virus Scan, four items were detected, two of them in C:\WINDOWS\system32, but AVG apparently deleted them. I do not know if this has to do with my current problem, but I felt it should be mentioned.

I have performed the READ ME steps.

* Windows Malicious Software Removal - Found nothing.
* Spybot S&D - Found nothing.
* CounterSpy - Did find stuff. It even gave the option to quarantine, ignore, or remove the malicious stuff. But a weird problem happened as I went to make the selection to quarantine. The screen suddenly filled with diagonal lines and the program soon closed. I did save a report and it is included.

I then ran the online scans. Being that I use Broadband, I should have been able to run them in Safe Mode with Networking. In fact, I have done that before. This time, though, when I opened IE the page would not load. I had to run these scans in Normal Boot Mode.

* Bitdefender - Ran scan and found nothing. But I screwed up and forgot to save a report
* Panda Activescan - Ran scan and it found twenty items. I saved a report and it is included.

I can also provide a screenshot of the Virus Scan I ran a few days ago which show the items found and removed, if that could provide assistance.

Sorry for some of the errors I made. I can repeat some of the steps if you feel it necessary. I really appreciate any help you guys can provide.

 

Please see the below thread, then attach a current HJT log.
http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

 

Hey bjgarrick!
Thank you very much for helping. I knew I forgot something.

I should also mention that while running the Bitdefender scan which did not find anything, AVG alerted me that it was detecting an infected file that was attempting to be opened. The window offered several options, but similar to what happened with the CounterSpy option window, this one closed so quickly I did not have a chance to choose an option. The scan was uninterrupted.

Here is the HijackThis log. I renamed the program as per the instructions. Thank you again for reviewing these.

 

The first thing I notice in your HJT log is that you running AVG and McAfee. This is not recommended as running more than one antivirus will cause conflicts in your system. Please uninstall pick one and uninstall the other.

 

Please see the below threads...

• Running WinPfind by OldTimer
• Using GetRunKey
• Using ShowNew

Once you have followed each thread you should attach these three logs to your next post.

• WinPFind.txt
• runkey.txt
• newfiles.txt

 

Hey again, bjgarrick!
The reason you see both AVG and McAfee in the HJT Log is because over a year ago, I installed their Internet Security Suite. The anti-virus portion expired a few months ago. Before it did, I decided to replace it with AVG for my anti-virus application. I have since uninstalled the McAfee VirusScan portion of the suite, but I have yet to uninstall its remaining components.

AVG is the only Anti-Virus application running.

I have installed the programs as per your request and performed the scans which are attached.

Please review these logs and thank you very much for your assistance.

 

Your logs look good to me, you can attach a fresh HJT log to confirm it's clean.

Are you having any current problems?

 

Hey again,
Over the last day, I have not had any further problems. What caused me concern was the PartyPoker pop-up that seemed to appear for no reason. When this type of thing happened before, there was usually a spyware issue as the cause, and that is why I felt it best to request assistance.

I am concerned about the findings in the CounterSpy log that I attached. The part where it found a "Trojan-Downloader.Win32.ConHook.aa" and the three affected registry entries. As you notice, no action was taken after the scan and these were "ignored". The reason for the ignore was the program suddenly appeared to crash and I could not select an option. CounterSpy offered that I could quarantine these, but the crash happened before I could do so.

Could you please explain the findings to me? Thank you again.

 

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Once you complete this reboot and run another scan and see if they are still detected.

 

Okay. I can do that.

I just have a couple of questions, though. What are these particular registry entries showing? And did the CounterSpy scan reveal an active trojan or virus?

Thank you, bjgarrick.

 

Per your first CounterSpy log it showed the previous registry entries as "Trojan Downloader". I am not sure about this particular detection, however if you completed the previous post this should be removed.

If you like you can run another scan with Counter Spy to be sure they are gone.