Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

BrowserModifier Win32/Fotomoto yksquiqv.exe

Started by taye17 , Nov 24 2007 03:17 PM

This topic is locked

#1
taye17

Posted 24 November 2007 - 03:17 PM

New Member

Member
7 posts

Can somebody please help me? I am having problems trying to remove "BrowserModifier:Win32/Fotomoto". I have downloaded Windows Defender ant when I scan my files or it does its On-Access Scan it constantly finds it again and again and it says it removes it, so I have to choose to remove it again and again as well.

Pertaining to "yksquiqv.exe" I have McAfee and it detects it as well, but during the scan it always says "No Action Taken (Clean/Delete Failed)". It is detected as "Vundo.dr", so maybe that will give you some valuable information.

If somebody will be able to help me, I will appreciate it accordingly. This is getting on my last nerve!

P.S.
I will post a HijackThis log for you as well:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:13:53 PM, on 11/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\McAfee\Common Framework\McScript_InUse.exe
C:\WINDOWS\system32\ykspuiqv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....sn.com/?wl=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154565217781
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\ykspuiqv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8515 bytes

#2
Rorschach112

Posted 24 November 2007 - 06:46 PM

Ralphie

Retired Staff
47,710 posts

Hello, my name is Rorschach and I'll be helping you with your problem.

Download avz4en.zip from here
Save it to your desktop and unzip it to a folder on your desktop
Double click on AVZ.exe to run it.
Choose from the menu "File" => "System Investigation"
Close all windows except for AVZ
Click on "Start" and save the report to your desktop.
Let the scan run and click "No" on the right when it asks you if you want to view it.
Upload the report you saved on your desktop onto this site in your next reply.

#3
taye17

Posted 25 November 2007 - 02:25 AM

New Member

Topic Starter
Member
7 posts

Here you go

Attached Files

avz_sysinfo.htm 181.12KB 11770 downloads

#4
Rorschach112

Posted 26 November 2007 - 03:26 PM

Ralphie

Retired Staff
47,710 posts

Hello

We must disable the Real-Time Protection feature of Windows Defender for it may interfere with the changes we need to make.

To disable Real-Time Protection:

Go to "Tools" | "General Settings"
Scroll down to "Real-time protection options"
Uncheck "Turn on real-time protection (recommended)"
Remember to reactivate this feature when we have finished all our work.

* Double click on AVZ.exe
* Click File > Custom scripts
* Copy & paste the contents of the following codebox in the box in the program

begin
 QuarantineFile('C:\WINDOWS\system32\ykspuiqv.exe','');
 QuarantineFile('C:\WINDOWS\system32\ssttu.dll','');
 QuarantineFile('C:\WINDOWS\system32\opnlmli.dll','');
 DeleteFile('c:\windows\system32\ykspuiqv.exe');
 DeleteFile('C:\WINDOWS\system32\ykspuiqv.exe /service');
 DeleteFile('C:\WINDOWS\system32\opnlmli.dll');
 DeleteFile('opnlmli.dll');
 DeleteFile('pmnomlj.dll');
 DeleteFile('C:\WINDOWS\system32\ssttu.dll');
ExecuteSysClean;
RebootWindows(true);
end.

* Note: When you run the script, your PC will be restarted
* Click Run
* Restart your PC if it doesn't do it automatically, and post back with a new report.
Then go to your HijackThis folder, and rename HijackThis.exe to something like taye.exe
Then send me a new HijackThis log from taye.exe, as well as a new AVZ scan.

Edited by Rorschach112, 26 November 2007 - 03:29 PM.

#5
taye17

Posted 28 November 2007 - 03:04 AM

New Member

Topic Starter
Member
7 posts

Here you go again!

Attached Files

11.28.2007.txt 8.75KB 227 downloads
avz_sysinfo2.htm 165.69KB 1379 downloads

#6
Rorschach112

Posted 28 November 2007 - 03:06 PM

Ralphie

Retired Staff
47,710 posts

Hello

Close all windows then double click on AVZ.exe
Click File > Custom scripts

Copy & paste the contents of the following codebox in the box in the program

begin
 BC_DeleteFile('C:\WINDOWS\system32\opnlmli.dll');
 BC_DeleteFile('\SystemRoot\System32\Drivers\aftwotyv.SYS');
 BC_DeleteFile('opnlmli.dll');
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Note: When you run the script, your PC will be restarted
Click Run
Restart your PC if it doesn't do it automatically, and post back with a new AVZ report.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.

Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
Under Additional Scans on the bottom right, check the box for Reg - Disabled MS Config Items.
Now click the Run Scan button on the toolbar.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Use the Add Reply button and Copy/Paste the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.

Make sure you attach the report in your reply.

#7
taye17

Posted 29 November 2007 - 03:37 PM

New Member

Topic Starter
Member
7 posts

WinPFind3 logfile created on: 11/29/2007 3:24:28 PM
WinPFind3U by OldTimer - Version 1.0.44 Folder = C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 7.0.5730.11)

1022.37 Mb Total Physical Memory | 544.16 Mb Available Physical Memory | 53.22% Memory free
2.40 Gb Paging File | 2.00 Gb Available in Paging File | 83.20% Paging File free
Paging file location(s): Reg Data - Value does not exist

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 66.68 Gb Total Space | 26.01 Gb Free Space | 39.01% Space Free
Drive D: | 21.59 Gb Total Space | 21.53 Gb Free Space | 99.70% Space Free
E: Drive not present or media not loaded
F: Drive not present or media not loaded

Computer Name: MICHAEL
Current User Name: Derek Hawkins
Logged in as Administrator.
Current Boot Mode: Normal

[Processes - Non-Microsoft Only]
clclean.0001 -> %SystemDrive%\DOCUME~1\DEREKH~1.DER\LOCALS~1\Temp\clclean.000 -> File not found
creativelicensing.exe -> %CommonProgramFiles%\Creative Labs Shared\Service\CreativeLicensing.exe -> Creative Labs [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 7/23/2006 8:56:08 PM | Attr = ]
cvpnd.exe -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 5.0.00.0340 | Size = 1516584 bytes | Modified Date = 4/3/2007 3:18:08 PM | Attr = ]
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.0.4 | Size = 643072 bytes | Modified Date = 2/21/2007 10:28:36 AM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.10: 2007111504 | Size = 7650416 bytes | Modified Date = 11/27/2007 8:58:28 PM | Attr = ]
frameworkservice.exe -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 104000 bytes | Modified Date = 12/19/2006 10:24:50 AM | Attr = ]
gapojfnt.exe -> %System32%\gapojfnt.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/28/2007 3:14:24 PM | Attr = ]
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 11.1.0.2 | Size = 970752 bytes | Modified Date = 2/21/2007 10:17:42 AM | Attr = ]
isuspm.exe -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 3/20/2006 4:40:32 PM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:36 AM | Attr = ]
mctray.exe -> %ProgramFiles%\McAfee\Common Framework\Mctray.exe -> McAfee, Inc. [Ver = 1.0.0.125 | Size = 86016 bytes | Modified Date = 12/19/2006 2:06:00 PM | Attr = ]
naprdmgr.exe -> %ProgramFiles%\McAfee\Common Framework\naPrdMgr.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 10:27:54 AM | Attr = ]
nicconfigsvc.exe -> %ProgramFiles%\Dell\QuickSet\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 380928 bytes | Modified Date = 4/6/2006 1:57:54 PM | Attr = ]
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 1, 8, 0 | Size = 1032192 bytes | Modified Date = 4/6/2006 1:58:52 PM | Attr = ]
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.0.0 | Size = 327680 bytes | Modified Date = 2/21/2007 10:10:00 AM | Attr = ]
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 11, 1, 0, 9 | Size = 983040 bytes | Modified Date = 2/21/2007 10:16:48 AM | Attr = ]
sabsvc.exe -> %ProgramFiles%\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE -> SuperAdBlocker.com [Ver = 1, 0, 0, 1028 | Size = 65536 bytes | Modified Date = 8/31/2005 1:26:34 PM | Attr = ]
sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 10/9/2007 5:56:30 PM | Attr = ]
syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.3.4 19May06 | Size = 774233 bytes | Modified Date = 5/19/2006 1:51:16 PM | Attr = ]
udaterui.exe -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 10:27:00 AM | Attr = ]
vstskmgr.exe -> %ProgramFiles%\McAfee\VirusScan Enterprise\vstskmgr.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 54872 bytes | Modified Date = 2/22/2007 7:50:00 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.44.0 | Size = 371200 bytes | Modified Date = 11/21/2007 9:19:46 AM | Attr = ]
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 11.1.0.4 | Size = 294912 bytes | Modified Date = 2/21/2007 10:19:40 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(Active Common Service) Active Common Service [Win32_Own | Disabled | Stopped] -> -> File not found
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Disabled | Stopped] -> %System32%\ati2evxx.exe -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 405504 bytes | Modified Date = 2/16/2006 5:33:12 AM | Attr = ]
(Creative Labs Licensing Service) Creative Labs Licensing Service [Win32_Own | On_Demand | Running] -> %CommonProgramFiles%\Creative Labs Shared\Service\CreativeLicensing.exe -> Creative Labs [Ver = 2.65.010 | Size = 69632 bytes | Modified Date = 7/23/2006 8:56:08 PM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Disabled | Stopped] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 12/13/1999 1:01:00 AM | Attr = ]
(CVPND) Cisco Systems, Inc. VPN Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Cisco Systems\VPN Client\cvpnd.exe -> Cisco Systems, Inc. [Ver = 5.0.00.0340 | Size = 1516584 bytes | Modified Date = 4/3/2007 3:18:08 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 8/4/2004 4:00:00 AM | Attr = ]
(DomainService) DomainService [Win32_Own | Auto | Running] -> %System32%\gapojfnt.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/28/2007 3:14:24 PM | Attr = ]
(DSBrokerService) DSBrokerService [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [Ver = 1, 0, 0, 8 | Size = 76848 bytes | Modified Date = 3/7/2007 2:47:46 PM | Attr = ]
(EvtEng) Intel® PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> Intel Corporation [Ver = 11.1.0.4 | Size = 643072 bytes | Modified Date = 2/21/2007 10:28:36 AM | Attr = ]
(freenet-darknet) Freenet 0.7 darknet [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\freenet\bin\wrapper-windows-x86-32.exe -> [Ver = | Size = 167936 bytes | Modified Date = 9/1/2006 3:10:40 PM | Attr = ]
(GameConsoleService) GameConsoleService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Dell Games\Dell Game Console\GameConsoleService.exe -> WildTangent, Inc. [Ver = 1.0.0.1 | Size = 181784 bytes | Modified Date = 11/9/2007 4:59:36 PM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 1/3/2007 7:40:22 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.50.42618 | Size = 69632 bytes | Modified Date = 11/14/2005 12:06:04 AM | Attr = ]
(LxrJD31s) Lexar JD31 [Win32_Own | Disabled | Stopped] -> %System32%\LxrJD31s.exe -> [Ver = | Size = 71168 bytes | Modified Date = 9/9/2007 11:11:20 AM | Attr = ]
(McAfeeFramework) McAfee Framework Service [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\Common Framework\FrameworkService.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 104000 bytes | Modified Date = 12/19/2006 10:24:50 AM | Attr = ]
(McTaskManager) McAfee Task Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee\VirusScan Enterprise\vstskmgr.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 54872 bytes | Modified Date = 2/22/2007 7:50:00 PM | Attr = ]
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\QuickSet\NICCONFIGSVC.exe -> Dell Inc. [Ver = 7, 0, 7, 0 | Size = 380928 bytes | Modified Date = 4/6/2006 1:57:54 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Disabled | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 9, 0, 0, 0 | Size = 69632 bytes | Modified Date = 9/29/2004 11:14:36 AM | Attr = ]
(ProtexisLicensing) ProtexisLicensing [Win32_Own | Auto | Stopped] -> -> File not found
(rcp_service) ReaConverter scheduler service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\ReaConverter 5.0 Pro\rcp_scheduler.exe -> ReaSoft [Ver = 1.0.0.0 | Size = 552960 bytes | Modified Date = 6/14/2007 5:45:52 PM | Attr = ]
(RegSrvc) Intel® PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> Intel Corporation [Ver = 11.1.0.0 | Size = 327680 bytes | Modified Date = 2/21/2007 10:10:00 AM | Attr = ]
(S24EventMonitor) Intel® PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> Intel Corporation [Ver = 11, 1, 0, 9 | Size = 983040 bytes | Modified Date = 2/21/2007 10:16:48 AM | Attr = ]
(SABSVC) Super Ad Blocker Service [Win32_Own | Auto | Running] -> %ProgramFiles%\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE -> SuperAdBlocker.com [Ver = 1, 0, 0, 1028 | Size = 65536 bytes | Modified Date = 8/31/2005 1:26:34 PM | Attr = ]
(sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 10/9/2007 5:56:30 PM | Attr = ]
(WLANKEEPER) Intel® PROSet/Wireless SSO Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> Intel® Corporation [Ver = 11.1.0.4 | Size = 294912 bytes | Modified Date = 2/21/2007 10:19:40 AM | Attr = ]
(YPCService) YPCService [Win32_Own | Disabled | Stopped] -> %System32%\YPcservice.exe -> Yahoo! Inc. [Ver = 2003, 5, 19, 1 | Size = 86016 bytes | Modified Date = 5/19/2003 2:07:38 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
Dell QuickSet -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> Dell Inc [Ver = 7, 1, 8, 0 | Size = 1032192 bytes | Modified Date = 4/6/2006 1:58:52 PM | Attr = ]
dscactivate -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe -> [Ver = 1.0.2767.18581 | Size = 16384 bytes | Modified Date = 10/9/2007 5:57:14 PM | Attr = ]
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> Intel Corporation [Ver = 11.1.0.2 | Size = 970752 bytes | Modified Date = 2/21/2007 10:17:42 AM | Attr = ]
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 3/20/2006 4:40:32 PM | Attr = ]
MBMon -> %System32%\CTMBHA.DLL [Rundll32 CTMBHA.DLL,MBMon] -> [Ver = 1.0.1.328 | Size = 1355938 bytes | Modified Date = 3/3/2006 9:18:08 AM | Attr = ]
McAfeeUpdaterUI -> %ProgramFiles%\McAfee\Common Framework\UdaterUI.exe -> McAfee, Inc. [Ver = 3.6.0.480 | Size = 136768 bytes | Modified Date = 12/19/2006 10:27:00 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.6.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:36 AM | Attr = ]
SynTPEnh -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> Synaptics, Inc. [Ver = 8.3.4 19May06 | Size = 774233 bytes | Modified Date = 5/19/2006 1:51:16 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\ ->
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
DellSupport -> %ProgramFiles%\DellSupport\DSAgnt.exe -> Gteko Ltd. [Ver = 3, 0, 0, 197 | Size = 460784 bytes | Modified Date = 3/15/2007 10:09:36 AM | Attr = ]
< AppInit_DLLs [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs ->
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} [HKLM] -> Reg Data - Key not found [] -> File not found
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> Reg Data - Key not found [] -> File not found
{827D3881-317C-442A-B4ED-F576CBA700BB} [HKLM] -> Reg Data - Key not found [GW SEH Intercept] -> File not found
{ED203331-9C33-49D8-8714-D24A366A04EC} [HKLM] -> %System32%\opnlmli.dll [] -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
ntoskrnl.dll -> ntoskrnl.dll -> File not found
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL ->
IWPDGINA.DLL -> %System32%\IWPDGINA.dll -> Intel Corporation [Ver = 11, 1, 0, 1 | Size = 229376 bytes | Modified Date = 5/26/2007 5:13:06 AM | Attr = ]
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
!SABWinLogon -> %ProgramFiles%\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL -> SuperAdBlocker.com [Ver = 1, 0, 0, 1028 | Size = 176128 bytes | Modified Date = 5/14/2007 12:20:32 PM | Attr = ]
!SASWinLogon -> %ProgramFiles%\SUPERAntiSpyware\SASWINLO.dll -> SUPERAntiSpyware.com [Ver = 1, 0, 0, 1046 | Size = 294912 bytes | Modified Date = 4/19/2007 12:41:36 PM | Attr = ]
AtiExtEvent -> %System32%\ati2evxx.dll -> ATI Technologies Inc. [Ver = 6.14.10.4124 | Size = 61440 bytes | Modified Date = 2/16/2006 5:34:14 AM | Attr = ]
ljjjijj -> Reg Data - Value does not exist -> File not found
opnlmli -> opnlmli.dll -> File not found
pmnomlj -> Reg Data - Value does not exist -> File not found
ssqro -> Reg Data - Value does not exist -> File not found
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Attachments\\ScanWithAntiVirus -> 2 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoCDBurning -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousMachineGroupPolicy -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\SynchronousUserGroupPolicy -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\ClassicShell -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> ÿÿÿÿ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 36 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInstrumentation -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisableCurrentUserRun -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisableLocalMachineRunOnce -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\DisableCurrentUserRunOnce -> 1 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{645FF040-5081-101B-9F08-00AA002F954E} -> 0 ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://go.microsoft....k/?LinkId=69157 ->
HKLM: Main\\Default_Search_URL -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Local Page -> % ->
HKLM: Search Bar -> http://us.rd.yahoo.c...rch/search.html ->
HKLM: Search Page -> http://go.microsoft....k/?LinkId=54896 ->
HKLM: Start Page -> http://www.microsoft...p...&ar=msnhome ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Default_Search_URL -> http://www.google.com/ie ->
HKCU: Search Bar -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Search Page -> http://www.microsoft...amp;ar=iesearch ->
HKCU: Start Page -> http://go.microsoft....sn.com/?wl=true ->
HKCU: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKCU: Search\\Default_Search_URL -> http://www.google.com/ie ->
HKCU: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
msn.com [ - ] -> ->
online_musicmatch.com [https] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{ED203331-9C33-49D8-8714-D24A366A04EC} [HKLM] -> %System32%\opnlmli.dll [Reg Data - Value does not exist] -> File not found
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2003, 6, 23, 1 | Size = 274503 bytes | Modified Date = 6/23/2003 11:30:02 AM | Attr = ]
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\ ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> %ProgramFiles%\Yahoo!\Messenger\yhexbmes.dll [&Yahoo! Messenger] -> Yahoo! Inc. [Ver = 2003, 6, 23, 1 | Size = 274503 bytes | Modified Date = 6/23/2003 11:30:02 AM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{B4B3001E-0F56-4E51-8250-BDE11547EC55} [HKLM] -> %ProgramFiles%\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll [Super Ad Blocker Toolbar] -> [Ver = 1, 0, 0, 1018 | Size = 94208 bytes | Modified Date = 6/27/2006 3:25:32 PM | Attr = ]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} [HKLM] -> Reg Data - Value does not exist [Big Fish Games Toolbar] -> File not found
WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{B4B3001E-0F56-4E51-8250-BDE11547EC55} [HKLM] -> %ProgramFiles%\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll [Super Ad Blocker Toolbar] -> [Ver = 1, 0, 0, 1018 | Size = 94208 bytes | Modified Date = 6/27/2006 3:25:32 PM | Attr = ]
WebBrowser\\{B7D3E479-CC68-42B5-A338-938ECE35F419} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> %ProgramFiles%\Yahoo!\Companion\Installs\cpn2\yt.dll [Yahoo! Toolbar] -> Yahoo! Inc. [Ver = 2006, 10, 26, 1 | Size = 440384 bytes | Modified Date = 10/26/2006 10:28:40 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_03\bin\npjpi160_03.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 132496 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.6.0_03\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 501136 bytes | Modified Date = 9/25/2007 12:11:34 AM | Attr = ]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services] -> File not found
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist] -> File not found
{d81ca86b-ef63-42af-bee3-4502d9a03c2d} -> http:\wwws.musicmatch.com\mmz\openWebRadio.htm [ButtonText: MUSICMATCH MX Web Player] -> File not found
{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001] -> File not found
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
&Windows Live Search -> %ProgramFiles%\Windows Live Toolbar\msntb.dll\search.htm -> File not found
&Yahoo! Search -> %ProgramFiles%\Yahoo!\common\YCSRCH.HTM -> [Ver = | Size = 605 bytes | Modified Date = 6/3/2005 6:07:38 PM | Attr = ]
Add to Windows &Live Favorites -> http:\favorites.live.com\quickadd.asp -> File not found
E&xport to Microsoft Excel -> -> File not found
Yahoo! &Dictionary -> %ProgramFiles%\Yahoo!\common\YCDICT.HTM -> [Ver = | Size = 616 bytes | Modified Date = 6/3/2005 6:07:16 PM | Attr = ]
Yahoo! &Maps -> %ProgramFiles%\Yahoo!\common\ycmap.htm -> [Ver = | Size = 690 bytes | Modified Date = 6/3/2005 6:07:44 PM | Attr = ]
Yahoo! &SMS -> %ProgramFiles%\Yahoo!\common\YCsms.htm -> [Ver = | Size = 1006 bytes | Modified Date = 8/1/2005 5:43:00 PM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ->
YPC 3.2.0 -> Yahoo! Parental Controls ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{57280C6D-97EA-4414-B4D7-ABE0ABBBEA0E} -> (1394 Net Adapter) ->
{5F1DAE34-F4DF-4D7A-B8E4-55996B2433A4} -> (Intel® PRO/Wireless 3945ABG Network Connection) ->
{7848173A-2A04-40D3-A03E-6FE3AA553D77} -> (Broadcom 440x 10/100 Integrated Controller) ->
{DDDCCB18-CD19-4550-9BC2-304B7BF88D1A} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{0A5FD7C5-A45C-49FC-ADB5-9952547D5715} -> Creative Software AutoUpdate - CodeBase = http://www.creative....026/CTSUEng.cab ->
{231B1C6E-F934-42A2-92B6-C2FEFEC24276} -> yucsetreg Class - CodeBase = C:\Program Files\Yahoo!\common\yucconfig.dll ->
{233C1507-6A77-46A4-9443-F871F945D258} -> Shockwave ActiveX Control - CodeBase = http://download.macr...director/sw.cab ->
{459E93B6-150E-45D5-8D4B-45C66FC035FE} -> get_atlcom Class - CodeBase = http://apps.corel.co...IEGetPlugin.ocx ->
{5F8469B4-B055-49DD-83F7-62B522420ECC} -> Facebook Photo Uploader Control - CodeBase = http://upload.facebo...otoUploader.cab ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -> MUWebControl Class - CodeBase = http://update.micros...b?1154565217781 ->
{8A0019EB-51FA-4AE5-A40B-C0496BBFC739} -> Verizon Wireless Media Upload - CodeBase = http://www.vzwpix.co...loadControl.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -> - CodeBase = http://fpdownload.ma...t/ultrashim.cab ->
{A17E30C4-A9BA-11D4-8673-60DB54C10000} -> YahooYMailTo Class - CodeBase = http://download.yaho...mail/ymmapi.dll ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_01 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_02 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.6.0_03 - CodeBase = http://java.sun.com/...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.ma...ent/swflash.cab ->
{E856B973-45FD-4559-8F82-EAB539144667} -> Dell PC Checkup Installer Control - CodeBase = http://pccheckup.del...ll/gtdownde.cab ->

[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Services [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
Active Common Service -> ->
Ati HotKey Poller -> ->
comHost -> ->
Creative Labs Licensing Service -> ->
Creative Service for CDROM Access -> ->
DSBrokerService -> ->
Fax -> ->
freenet-darknet -> ->
gusvc -> ->
LxrJD31s -> ->
MDM -> ->
mnmsrvc -> ->
Pml Driver HPZ12 -> ->
WMPNetworkSvc -> ->
WZCSVC -> ->
YPCService -> ->
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_SL.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 6:51:56 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk -> %ProgramFiles%\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe -> Adobe Systems Incorporated [Ver = 8.1.0.2007051100 | Size = 738968 bytes | Modified Date = 5/10/2007 11:29:22 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Cisco Systems VPN Client.lnk -> %ProgramFiles%\Cisco Systems\VPN Client\vpngui.exe -> Cisco Systems, Inc. [Ver = 5.0.00.0340 | Size = 1537064 bytes | Modified Date = 4/3/2007 3:18:14 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk -> %ProgramFiles%\Dell Network Assistant\ezi_hnm2.exe -> SingleClick Systems [Ver = 1, 0, 5, 2 | Size = 910896 bytes | Modified Date = 12/20/2006 6:44:28 AM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 282624 bytes | Modified Date = 5/11/2005 10:23:26 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> Hewlett-Packard Co. [Ver = 053.000.013.000 | Size = 73728 bytes | Modified Date = 5/12/2005 12:49:24 AM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk -> %SystemRoot%\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico -> [Ver = | Size = 6144 bytes | Modified Date = 10/18/2007 10:34:38 PM | Attr = R ]
C:^Documents and Settings^Derek Hawkins.DEREKHAWK^Start Menu^Programs^Startup^LimeWire Ultra Accelerator.lnk -> %ProgramFiles%\LimeWire Ultra Accelerator\LimeWire Ultra Accelerator.exe -> TrafficSpeeders LLC [Ver = 4, 2, 3, 0 | Size = 251392 bytes | Modified Date = 7/18/2007 9:11:30 AM | Attr = ]
C:^Documents and Settings^Derek Hawkins.DEREKHAWK^Start Menu^Programs^Startup^Slide.exe.lnk -> Reg Data - Value does not exist -> File not found
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
Adobe Reader Speed Launcher -> %ProgramFiles%\Adobe\Reader 8.0\Reader\Reader_sl.exe -> Adobe Systems Incorporated [Ver = 8.0.0.0 | Size = 39792 bytes | Modified Date = 10/10/2007 6:51:56 PM | Attr = ]
Creative Detector -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> Creative Technology Ltd [Ver = 3.0.2.0 | Size = 102400 bytes | Modified Date = 12/2/2004 6:23:34 PM | Attr = ]
CTSysVol -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.8.0 | Size = 57344 bytes | Modified Date = 10/31/2005 10:51:52 AM | Attr = ]
DAEMON Tools -> %ProgramFiles%\DAEMON Tools\daemon.exe -> DT Soft Ltd. [Ver = 4.09.0.0 | Size = 165784 bytes | Modified Date = 4/3/2007 4:29:16 PM | Attr = ]
DellSupportCenter -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> SupportSoft, Inc. [Ver = 7.0.585.0 | Size = 202544 bytes | Modified Date = 10/9/2007 5:56:24 PM | Attr = ]
HP Software Update -> %ProgramFiles%\HP\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 53.0.13.000 | Size = 49152 bytes | Modified Date = 5/11/2005 10:12:54 PM | Attr = ]
ISUSPM -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe -> Macrovision Corporation [Ver = 5, 01, 100, 47363 | Size = 213936 bytes | Modified Date = 3/20/2006 4:40:32 PM | Attr = ]
McAfeeUpdaterUI -> Reg Data - Value does not exist -> File not found
MSKDetectorExe -> %ProgramFiles%\McAfee\SpamKiller\MSKDetct.exe -> McAfee, Inc. [Ver = 7.0.1.6 | Size = 1121792 bytes | Modified Date = 8/12/2005 3:16:44 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\QTTask.exe -> Apple Inc. [Ver = 7.3 | Size = 286720 bytes | Modified Date = 10/19/2007 8:16:26 PM | Attr = ]
scheduler_monitor -> %ProgramFiles%\ReaConverter 5.0 Pro\init_scheduler.exe -> [Ver = | Size = 27136 bytes | Modified Date = 6/15/2007 10:17:28 AM | Attr = ]
SetDefaultMIDI -> %SystemRoot%\MIDIDEF.EXE -> Creative Technology Ltd [Ver = 2, 9, 0, 4 | Size = 24576 bytes | Modified Date = 12/22/2004 7:40:02 PM | Attr = ]
setup -> Reg Data - Value does not exist -> File not found
ShStatEXE -> %ProgramFiles%\McAfee\VirusScan Enterprise\shstat.exe -> McAfee, Inc. [Ver = 8.5.0.830 | Size = 112216 bytes | Modified Date = 2/22/2007 7:50:00 PM | Attr = ]
swg -> Reg Data - Value does not exist -> File not found
UpdReg -> %SystemRoot%\Updreg.EXE -> Creative Technology Ltd. [Ver = 1.0.2 | Size = 90112 bytes | Modified Date = 5/11/2000 1:00:00 AM | Attr = ]
VoiceCenter -> %ProgramFiles%\Creative\VoiceCenter\AndreaVC.exe -> Andrea Electronics Corporation [Ver = 2, 1, 4, 0 | Size = 1126400 bytes | Modified Date = 1/2/2006 9:13:52 AM | Attr = ]
Yahoo! Pager -> %ProgramFiles%\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 9:49:04 PM | Attr = ]
YBrowser -> %ProgramFiles%\Yahoo!\browser\ybrwicon.exe -> Yahoo!, Inc. [Ver = 2003, 7, 11, 1 | Size = 57344 bytes | Modified Date = 7/11/2003 12:51:16 PM | Attr = ]

[Files/Folders - Created Within 30 days]
autorun.inf -> %SystemDrive%\autorun.inf -> [Folder | Created Date = 11/22/2007 9:35:43 PM | Attr = RHS]
BackupRegistry -> %SystemDrive%\BackupRegistry -> [Folder | Created Date = 11/23/2007 2:24:46 PM | Attr = ]
BackupRegistry(20071124).reg -> %SystemDrive%\BackupRegistry(20071124).reg -> [Ver = | Size = 132532866 bytes | Created Date = 11/24/2007 12:39:23 PM | Attr = ]
BLUX_KVCD -> %SystemDrive%\BLUX_KVCD -> [Folder | Created Date = 7/13/2078 6:00:00 PM | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Created Date = 11/17/2007 8:50:36 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072103424 bytes | Created Date = 1/1/1601 6:00:00 AM | Attr = HS]
oaif.exe -> %SystemDrive%\oaif.exe -> [Ver = | Size = 58368 bytes | Created Date = 11/20/2007 8:28:12 AM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 11/22/2007 9:40:00 PM | Attr = ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Created Date = 11/14/2007 7:08:10 AM | Attr = H ]
35C03C043F1F42C2A989A757EE691F65.TMP -> %SystemRoot%\35C03C043F1F42C2A989A757EE691F65.TMP -> [Folder | Created Date = 11/6/2007 8:21:55 PM | Attr = ]
AUDC80UI.dat -> %SystemRoot%\AUDC80UI.dat -> [Ver = | Size = 200 bytes | Created Date = 11/5/2007 1:46:00 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136704 bytes | Created Date = 11/22/2007 9:39:27 PM | Attr = ]
cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 1921 bytes | Created Date = 11/28/2007 7:20:29 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 11/22/2007 9:55:54 PM | Attr = ]
HexEditor_FindList.hed -> %SystemRoot%\HexEditor_FindList.hed -> [Ver = | Size = 66 bytes | Created Date = 11/18/2007 4:28:12 PM | Attr = ]
MegaManager.INI -> %SystemRoot%\MegaManager.INI -> [Ver = | Size = 50 bytes | Created Date = 11/18/2007 11:14:13 PM | Attr = ]
MoominCodec.ini -> %SystemRoot%\MoominCodec.ini -> [Ver = | Size = 25 bytes | Created Date = 11/21/2007 5:33:39 PM | Attr = ]
nircmd.exe -> %SystemRoot%\nircmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 11/22/2007 9:38:17 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Created Date = 11/26/2007 5:22:44 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 11/24/2007 4:32:01 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 11/24/2007 4:32:01 AM | Attr = H ]
setup.pss -> %SystemRoot%\setup.pss -> [Folder | Created Date = 11/2/2007 8:20:25 AM | Attr = ]
TEMP -> %SystemRoot%\TEMP -> [Folder | Created Date = 11/22/2007 10:04:07 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Created Date = 11/2/2007 9:31:56 AM | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 270 bytes | Created Date = 11/23/2007 4:48:49 AM | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Created Date = 11/23/2007 2:38:57 AM | Attr = H ]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job -> [Ver = | Size = 454 bytes | Created Date = 11/2/2007 7:31:51 AM | Attr = ]
RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 388 bytes | Created Date = 11/2/2007 7:31:49 AM | Attr = ]
bccdd.bak1 -> %System32%\bccdd.bak1 -> [Ver = | Size = 6465 bytes | Created Date = 11/25/2007 11:01:33 AM | Attr = HS]
bccdd.ini -> %System32%\bccdd.ini -> [Ver = | Size = 6887 bytes | Created Date = 11/25/2007 11:01:18 AM | Attr = HS]
bsbxjasi.ini -> %System32%\bsbxjasi.ini -> [Ver = | Size = 294 bytes | Created Date = 11/26/2007 5:45:12 PM | Attr = HS]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Created Date = 11/22/2007 5:32:02 PM | Attr = ]
dfhkj.bak1 -> %System32%\dfhkj.bak1 -> [Ver = | Size = 6490 bytes | Created Date = 11/27/2007 3:20:58 PM | Attr = HS]
dfhkj.ini -> %System32%\dfhkj.ini -> [Ver = | Size = 53047 bytes | Created Date = 11/27/2007 3:20:43 PM | Attr = HS]
dxpsenyl.exe -> %System32%\dxpsenyl.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/26/2007 5:35:59 PM | Attr = ]
gapojfnt.exe -> %System32%\gapojfnt.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/28/2007 3:14:23 PM | Attr = ]
govrmpst.ini -> %System32%\govrmpst.ini -> [Ver = | Size = 789358 bytes | Created Date = 11/28/2007 3:20:35 PM | Attr = HS]
hkgnhvfo.exe -> %System32%\hkgnhvfo.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/29/2007 3:14:23 PM | Attr = ]
ihkmp.bak1 -> %System32%\ihkmp.bak1 -> [Ver = | Size = 682197 bytes | Created Date = 11/23/2007 5:37:29 PM | Attr = HS]
ihkmp.ini -> %System32%\ihkmp.ini -> [Ver = | Size = 691274 bytes | Created Date = 11/23/2007 5:37:15 PM | Attr = HS]
iviaudio.ax -> %System32%\iviaudio.ax -> InterVideo Inc. [Ver = 2.8.18.0 | Size = 466944 bytes | Created Date = 11/24/2007 11:59:21 AM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/1/2007 9:29:40 AM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 135168 bytes | Created Date = 11/1/2007 9:29:40 AM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 6.0.30.5 | Size = 139264 bytes | Created Date = 11/1/2007 9:29:40 AM | Attr = ]
jlnmp.bak1 -> %System32%\jlnmp.bak1 -> [Ver = | Size = 649626 bytes | Created Date = 11/23/2007 12:59:39 AM | Attr = HS]
jlnmp.bak2 -> %System32%\jlnmp.bak2 -> [Ver = | Size = 6537 bytes | Created Date = 11/23/2007 12:59:46 PM | Attr = HS]
jlnmp.ini -> %System32%\jlnmp.ini -> [Ver = | Size = 655354 bytes | Created Date = 11/23/2007 12:59:12 AM | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Created Date = 11/25/2007 6:54:54 PM | Attr = ]
mobjfltu.dll -> %System32%\mobjfltu.dll -> [Ver = | Size = 80960 bytes | Created Date = 11/26/2007 5:42:00 PM | Attr = ]
mvcerc051010.dll -> %System32%\mvcerc051010.dll -> [Ver = | Size = 19 bytes | Created Date = 11/21/2007 5:32:35 PM | Attr = ]
pncrt.dll -> %System32%\pncrt.dll -> Real Networks, Inc [Ver = 6.0.0.0 | Size = 278528 bytes | Created Date = 11/8/2007 1:08:31 PM | Attr = ]
pndx5016.dll -> %System32%\pndx5016.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 6656 bytes | Created Date = 11/8/2007 1:08:31 PM | Attr = ]
pndx5032.dll -> %System32%\pndx5032.dll -> RealNetworks, Inc. [Ver = 5.0.0.0 | Size = 5632 bytes | Created Date = 11/8/2007 1:08:31 PM | Attr = ]
qaqoesok.dll -> %System32%\qaqoesok.dll -> [Ver = | Size = 81984 bytes | Created Date = 11/28/2007 3:23:23 PM | Attr = ]
rmoc3260.dll -> %System32%\rmoc3260.dll -> RealNetworks, Inc. [Ver = 6.0.9.2568 | Size = 185952 bytes | Created Date = 11/8/2007 1:08:31 PM | Attr = ]
rqstv.bak1 -> %System32%\rqstv.bak1 -> [Ver = | Size = 652217 bytes | Created Date = 11/28/2007 3:11:40 AM | Attr = HS]
rqstv.ini -> %System32%\rqstv.ini -> [Ver = | Size = 650565 bytes | Created Date = 11/28/2007 3:11:25 AM | Attr = HS]
rqtwa.bak1 -> %System32%\rqtwa.bak1 -> [Ver = | Size = 6465 bytes | Created Date = 11/27/2007 12:22:17 AM | Attr = HS]
rqtwa.ini -> %System32%\rqtwa.ini -> [Ver = | Size = 13362 bytes | Created Date = 11/27/2007 12:22:03 AM | Attr = HS]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.8 | Size = 279552 bytes | Created Date = 11/22/2007 9:39:27 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 11/22/2007 9:39:27 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 11/22/2007 9:39:27 PM | Attr = ]
tspmrvog.dll -> %System32%\tspmrvog.dll -> [Ver = | Size = 85056 bytes | Created Date = 11/28/2007 3:20:23 PM | Attr = ]
uttss.bak1 -> %System32%\uttss.bak1 -> [Ver = | Size = 6465 bytes | Created Date = 11/24/2007 2:37:43 PM | Attr = HS]
uttss.bak2 -> %System32%\uttss.bak2 -> [Ver = | Size = 6583 bytes | Created Date = 11/28/2007 2:45:43 AM | Attr = HS]
uttss.ini -> %System32%\uttss.ini -> [Ver = | Size = 8167 bytes | Created Date = 11/24/2007 2:37:28 PM | Attr = HS]
uydlrqos.ini -> %System32%\uydlrqos.ini -> [Ver = | Size = 718419 bytes | Created Date = 11/22/2007 1:26:39 AM | Attr = HS]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 11/22/2007 9:39:27 PM | Attr = ]
vgrotkbs.ini -> %System32%\vgrotkbs.ini -> [Ver = | Size = 689163 bytes | Created Date = 11/21/2007 1:23:03 AM | Attr = HS]
wvuturr.dll -> %System32%\wvuturr.dll -> [Ver = | Size = 37376 bytes | Created Date = 11/20/2007 8:27:34 AM | Attr = ]
XButton.ocx -> %System32%\XButton.ocx -> Acrotech Solutions [Ver = 1.00 | Size = 57344 bytes | Created Date = 11/16/2007 9:05:35 PM | Attr = ]
ydlcysrh.ini -> %System32%\ydlcysrh.ini -> [Ver = | Size = 775832 bytes | Created Date = 11/24/2007 5:40:44 AM | Attr = HS]
ykspuiqv.bak -> %System32%\ykspuiqv.bak -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Created Date = 11/24/2007 5:40:16 AM | Attr = ]
ymybotjs.ini -> %System32%\ymybotjs.ini -> [Ver = | Size = 738306 bytes | Created Date = 11/22/2007 6:10:27 PM | Attr = HS]

[Files/Folders - Modified Within 30 days]
autorun.inf -> %SystemDrive%\autorun.inf -> [Folder | Modified Date = 11/22/2007 9:35:44 PM | Attr = RHS]
BackupRegistry -> %SystemDrive%\BackupRegistry -> [Folder | Modified Date = 11/23/2007 2:25:04 PM | Attr = ]
BackupRegistry(20071124).reg -> %SystemDrive%\BackupRegistry(20071124).reg -> [Ver = | Size = 132532866 bytes | Modified Date = 11/24/2007 12:39:38 PM | Attr = ]
BLUX_KVCD -> %SystemDrive%\BLUX_KVCD -> [Folder | Modified Date = 7/13/2078 6:00:00 PM | Attr = ]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 222 bytes | Modified Date = 11/21/2007 6:27:04 AM | Attr = HS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 11/29/2007 6:30:24 AM | Attr = HS]
dell -> %SystemDrive%\dell -> [Folder | Modified Date = 11/23/2007 3:27:28 PM | Attr = ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 11/1/2007 3:51:06 PM | Attr = ]
Downloads -> %SystemDrive%\Downloads -> [Folder | Modified Date = 11/18/2007 11:57:08 AM | Attr = ]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1072103424 bytes | Modified Date = 11/29/2007 3:18:50 PM | Attr = HS]
i386 -> %SystemDrive%\i386 -> [Folder | Modified Date = 11/23/2007 10:41:22 PM | Attr = ]
oaif.exe -> %SystemDrive%\oaif.exe -> [Ver = | Size = 58368 bytes | Modified Date = 11/20/2007 8:28:14 AM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 11/27/2007 1:01:24 AM | Attr = ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 11/22/2007 10:04:04 PM | Attr = ]
QUARANTINE -> %SystemDrive%\QUARANTINE -> [Folder | Modified Date = 11/24/2007 3:15:10 PM | Attr = ]
System Volume Information -> %SystemDrive%\System Volume Information -> [Folder | Modified Date = 11/22/2007 9:21:10 PM | Attr = HS]
Temp -> %SystemDrive%\Temp -> [Folder | Modified Date = 10/31/2007 11:21:54 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 11/29/2007 3:20:00 PM | Attr = ]
$hf_mig$ -> %SystemRoot%\$hf_mig$ -> [Folder | Modified Date = 11/14/2007 7:07:46 AM | Attr = H ]
$NtUninstallKB943460$ -> %SystemRoot%\$NtUninstallKB943460$ -> [Folder | Modified Date = 11/14/2007 7:08:12 AM | Attr = H ]
35C03C043F1F42C2A989A757EE691F65.TMP -> %SystemRoot%\35C03C043F1F42C2A989A757EE691F65.TMP -> [Folder | Modified Date = 11/6/2007 8:21:56 PM | Attr = ]
AUDC80UI.dat -> %SystemRoot%\AUDC80UI.dat -> [Ver = | Size = 200 bytes | Modified Date = 11/21/2007 3:44:20 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136704 bytes | Modified Date = 11/8/2007 4:59:02 PM | Attr = ]
cookies.ini -> %SystemRoot%\cookies.ini -> [Ver = | Size = 1921 bytes | Modified Date = 11/28/2007 8:00:30 PM | Attr = ]
Cursors -> %SystemRoot%\Cursors -> [Folder | Modified Date = 11/18/2007 7:41:40 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 11/22/2007 9:55:56 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 11/23/2007 3:27:42 PM | Attr = ]
HexEditor_FindList.hed -> %SystemRoot%\HexEditor_FindList.hed -> [Ver = | Size = 66 bytes | Modified Date = 11/24/2007 4:13:10 AM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 11/23/2007 2:35:14 AM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 11/29/2007 6:30:24 AM | Attr = HS]
MegaManager.INI -> %SystemRoot%\MegaManager.INI -> [Ver = | Size = 50 bytes | Modified Date = 11/18/2007 11:14:14 PM | Attr = ]
Minidump -> %SystemRoot%\Minidump -> [Folder | Modified Date = 11/22/2007 3:00:08 AM | Attr = ]
MoominCodec.ini -> %SystemRoot%\MoominCodec.ini -> [Ver = | Size = 25 bytes | Modified Date = 11/21/2007 5:33:40 PM | Attr = ]
popcinfo.dat -> %SystemRoot%\popcinfo.dat -> [Ver = | Size = 30 bytes | Modified Date = 11/26/2007 5:18:14 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 11/29/2007 3:24:08 PM | Attr = ]
pss -> %SystemRoot%\pss -> [Folder | Modified Date = 11/21/2007 6:27:02 AM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 11/24/2007 4:32:02 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 11/27/2007 1:04:56 AM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 11/2/2007 11:26:48 AM | Attr = ]
setup.pss -> %SystemRoot%\setup.pss -> [Folder | Modified Date = 11/2/2007 11:05:12 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 246 bytes | Modified Date = 11/21/2007 6:27:04 AM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 11/29/2007 3:23:14 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 11/29/2007 3:22:04 PM | Attr = S]
TEMP -> %SystemRoot%\TEMP -> [Folder | Modified Date = 11/29/2007 3:24:10 PM | Attr = ]
TSearch.INI -> %SystemRoot%\TSearch.INI -> [Ver = | Size = 1819 bytes | Modified Date = 11/24/2007 4:13:10 AM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 634 bytes | Modified Date = 11/21/2007 6:27:04 AM | Attr = ]
WinSxS -> %SystemRoot%\WinSxS -> [Folder | Modified Date = 11/18/2007 7:40:22 PM | Attr = ]
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [Ver = | Size = 284 bytes | Modified Date = 11/20/2007 2:59:32 PM | Attr = ]
Check Updates for Windows Live Toolbar.job -> %SystemRoot%\tasks\Check Updates for Windows Live Toolbar.job -> [Ver = | Size = 270 bytes | Modified Date = 11/29/2007 3:14:04 PM | Attr = ]
MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [Ver = | Size = 330 bytes | Modified Date = 11/29/2007 3:22:04 PM | Attr = H ]
RegCure Program Check.job -> %SystemRoot%\tasks\RegCure Program Check.job -> [Ver = | Size = 454 bytes | Modified Date = 11/29/2007 3:19:26 PM | Attr = ]
RegCure.job -> %SystemRoot%\tasks\RegCure.job -> [Ver = | Size = 388 bytes | Modified Date = 11/29/2007 3:11:58 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 11/29/2007 3:19:04 PM | Attr = H ]
bccdd.bak1 -> %System32%\bccdd.bak1 -> [Ver = | Size = 6465 bytes | Modified Date = 11/25/2007 11:01:34 AM | Attr = HS]
bccdd.ini -> %System32%\bccdd.ini -> [Ver = | Size = 6887 bytes | Modified Date = 11/26/2007 5:20:56 AM | Attr = HS]
bsbxjasi.ini -> %System32%\bsbxjasi.ini -> [Ver = | Size = 294 bytes | Modified Date = 11/26/2007 5:45:14 PM | Attr = HS]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 11/29/2007 3:19:48 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 11/24/2007 12:49:02 PM | Attr = ]
d3d9caps.dat -> %System32%\d3d9caps.dat -> [Ver = | Size = 664 bytes | Modified Date = 11/22/2007 5:32:04 PM | Attr = ]
dfhkj.bak1 -> %System32%\dfhkj.bak1 -> [Ver = | Size = 6490 bytes | Modified Date = 11/27/2007 3:21:00 PM | Attr = HS]
dfhkj.ini -> %System32%\dfhkj.ini -> [Ver = | Size = 53047 bytes | Modified Date = 11/28/2007 2:36:10 AM | Attr = HS]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 11/14/2007 9:42:24 AM | Attr = RHS]
drivers -> %System32%\drivers -> [Folder | Modified Date = 11/29/2007 3:18:36 PM | Attr = ]
dxpsenyl.exe -> %System32%\dxpsenyl.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/26/2007 5:36:02 PM | Attr = ]
gapojfnt.exe -> %System32%\gapojfnt.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/28/2007 3:14:24 PM | Attr = ]
govrmpst.ini -> %System32%\govrmpst.ini -> [Ver = | Size = 789358 bytes | Modified Date = 11/28/2007 8:00:26 PM | Attr = HS]
hkgnhvfo.exe -> %System32%\hkgnhvfo.exe -> [Ver = 1, 0, 0, 1 | Size = 71232 bytes | Modified Date = 11/29/2007 3:14:24 PM | Attr = ]
ihkmp.bak1 -> %System32%\ihkmp.bak1 -> [Ver = | Size = 682197 bytes | Modified Date = 11/24/2007 5:37:38 AM | Attr = HS]
ihkmp.ini -> %System32%\ihkmp.ini -> [Ver = | Size = 691274 bytes | Modified Date = 11/24/2007 12:28:52 PM | Attr = HS]
jlnmp.bak1 -> %System32%\jlnmp.bak1 -> [Ver = | Size = 649626 bytes | Modified Date = 11/26/2007 5:33:46 PM | Attr = HS]
jlnmp.bak2 -> %System32%\jlnmp.bak2 -> [Ver = | Size = 6537 bytes | Modified Date = 11/26/2007 5:32:36 AM | Attr = HS]
jlnmp.ini -> %System32%\jlnmp.ini -> [Ver = | Size = 655354 bytes | Modified Date = 11/27/2007 12:07:50 AM | Attr = HS]
KGyGaAvL.sys -> %System32%\KGyGaAvL.sys -> [Ver = | Size = 6424 bytes | Modified Date = 11/19/2007 8:45:26 PM | Attr = HS]
mcrh.tmp -> %System32%\mcrh.tmp -> [Ver = | Size = 143 bytes | Modified Date = 11/27/2007 10:10:30 AM | Attr = ]
mobjfltu.dll -> %System32%\mobjfltu.dll -> [Ver = | Size = 80960 bytes | Modified Date = 11/26/2007 5:42:02 PM | Attr = ]
mvcerc051010.dll -> %System32%\mvcerc051010.dll -> [Ver = | Size = 19 bytes | Modified Date = 11/21/2007 5:32:36 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 65006 bytes | Modified Date = 11/29/2007 3:23:14 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 405602 bytes | Modified Date = 11/29/2007 3:23:14 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 477774 bytes | Modified Date = 11/29/2007 3:23:14 PM | Attr = ]
qaqoesok.dll -> %System32%\qaqoesok.dll -> [Ver = | Size = 81984 bytes | Modified Date = 11/28/2007 3:23:26 PM | Attr = ]
Restore -> %System32%\Restore -> [Folder | Modified Date = 11/22/2007 9:21:10 PM | Attr = ]
rqstv.bak1 -> %System32%\rqstv.bak1 -> [Ver = | Size = 652217 bytes | Modified Date = 11/29/2007 3:12:00 PM | Attr =

Attached Files

WinPFind3.Txt 56.65KB 216 downloads

#8
Rorschach112

Posted 29 November 2007 - 03:53 PM

Ralphie

Retired Staff
47,710 posts

Hello

Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Unregister Dlls]
[Processes - Non-Microsoft Only]
YN -> clclean.0001 -> %SystemDrive%\DOCUME~1\DEREKH~1.DER\LOCALS~1\Temp\clclean.000
YY -> gapojfnt.exe -> %System32%\gapojfnt.exe
[Win32 Services - Non-Microsoft Only]
YY -> (DomainService) DomainService [Win32_Own | Auto | Running] -> %System32%\gapojfnt.exe
[Registry - Non-Microsoft Only]
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
YN -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} [HKLM] -> Reg Data - Key not found []
YN -> {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} [HKLM] -> Reg Data - Key not found []
YN -> {827D3881-317C-442A-B4ED-F576CBA700BB} [HKLM] -> Reg Data - Key not found [GW SEH Intercept]
YN -> {ED203331-9C33-49D8-8714-D24A366A04EC} [HKLM] -> %System32%\opnlmli.dll []
*SecurityProviders* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
YN -> ntoskrnl.dll -> ntoskrnl.dll
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> ljjjijj -> Reg Data - Value does not exist
YN -> opnlmli -> opnlmli.dll
YN -> pmnomlj -> Reg Data - Value does not exist
YN -> ssqro -> Reg Data - Value does not exist
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {ED203331-9C33-49D8-8714-D24A366A04EC} [HKLM] -> %System32%\opnlmli.dll [Reg Data - Value does not exist]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} [HKLM] -> Reg Data - Value does not exist [Big Fish Games Toolbar]
YN -> WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
YN -> WebBrowser\\{B7D3E479-CC68-42B5-A338-938ECE35F419} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -> Reg Data - Value does not exist [ButtonText: Yahoo! Services]
YN -> {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> Reg Data - Key not found [MenuText: Reg Data - Value does not exist]
YN -> {d81ca86b-ef63-42af-bee3-4502d9a03c2d} -> http:\wwws.musicmatch.com\mmz\openWebRadio.htm [ButtonText: MUSICMATCH MX Web Player]
YN -> {e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> Reg Data - Key not found [MenuText: @xpsp3res.dll,-20001]
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Documents and Settings^Derek Hawkins.DEREKHAWK^Start Menu^Programs^Startup^Slide.exe.lnk -> Reg Data - Value does not exist
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YN -> McAfeeUpdaterUI -> Reg Data - Value does not exist
YN -> setup -> Reg Data - Value does not exist
YN -> swg -> Reg Data - Value does not exist
[Files/Folders - Created Within 30 days]
NY -> oaif.exe -> %SystemDrive%\oaif.exe
NY -> bccdd.bak1 -> %System32%\bccdd.bak1
NY -> bccdd.ini -> %System32%\bccdd.ini
NY -> bsbxjasi.ini -> %System32%\bsbxjasi.ini
NY -> dfhkj.bak1 -> %System32%\dfhkj.bak1
NY -> dfhkj.ini -> %System32%\dfhkj.ini
NY -> dxpsenyl.exe -> %System32%\dxpsenyl.exe
NY -> gapojfnt.exe -> %System32%\gapojfnt.exe
NY -> govrmpst.ini -> %System32%\govrmpst.ini
NY -> hkgnhvfo.exe -> %System32%\hkgnhvfo.exe
NY -> ihkmp.bak1 -> %System32%\ihkmp.bak1
NY -> ihkmp.ini -> %System32%\ihkmp.ini
NY -> jlnmp.bak1 -> %System32%\jlnmp.bak1
NY -> jlnmp.bak2 -> %System32%\jlnmp.bak2
NY -> jlnmp.ini -> %System32%\jlnmp.ini
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> mobjfltu.dll -> %System32%\mobjfltu.dll
NY -> mvcerc051010.dll -> %System32%\mvcerc051010.dll
NY -> qaqoesok.dll -> %System32%\qaqoesok.dll
NY -> rqstv.bak1 -> %System32%\rqstv.bak1
NY -> rqstv.ini -> %System32%\rqstv.ini
NY -> rqtwa.bak1 -> %System32%\rqtwa.bak1
NY -> rqtwa.ini -> %System32%\rqtwa.ini
NY -> tspmrvog.dll -> %System32%\tspmrvog.dll
NY -> uttss.bak1 -> %System32%\uttss.bak1
NY -> uttss.bak2 -> %System32%\uttss.bak2
NY -> uttss.ini -> %System32%\uttss.ini
NY -> uydlrqos.ini -> %System32%\uydlrqos.ini
NY -> vgrotkbs.ini -> %System32%\vgrotkbs.ini
NY -> wvuturr.dll -> %System32%\wvuturr.dll
NY -> ydlcysrh.ini -> %System32%\ydlcysrh.ini
NY -> ykspuiqv.bak -> %System32%\ykspuiqv.bak
NY -> ymybotjs.ini -> %System32%\ymybotjs.ini
[Files/Folders - Modified Within 30 days]
NY -> oaif.exe -> %SystemDrive%\oaif.exe
NY -> bccdd.bak1 -> %System32%\bccdd.bak1
NY -> bccdd.ini -> %System32%\bccdd.ini
NY -> bsbxjasi.ini -> %System32%\bsbxjasi.ini
NY -> dfhkj.bak1 -> %System32%\dfhkj.bak1
NY -> dfhkj.ini -> %System32%\dfhkj.ini
NY -> dxpsenyl.exe -> %System32%\dxpsenyl.exe
NY -> gapojfnt.exe -> %System32%\gapojfnt.exe
NY -> govrmpst.ini -> %System32%\govrmpst.ini
NY -> hkgnhvfo.exe -> %System32%\hkgnhvfo.exe
NY -> ihkmp.bak1 -> %System32%\ihkmp.bak1
NY -> ihkmp.ini -> %System32%\ihkmp.ini
NY -> jlnmp.bak1 -> %System32%\jlnmp.bak1
NY -> jlnmp.bak2 -> %System32%\jlnmp.bak2
NY -> jlnmp.ini -> %System32%\jlnmp.ini
NY -> mcrh.tmp -> %System32%\mcrh.tmp
NY -> mobjfltu.dll -> %System32%\mobjfltu.dll
NY -> mvcerc051010.dll -> %System32%\mvcerc051010.dll
NY -> qaqoesok.dll -> %System32%\qaqoesok.dll
NY -> rqstv.bak1 -> %System32%\rqstv.bak1
NY -> rqstv.ini -> %System32%\rqstv.ini
NY -> rqtwa.bak1 -> %System32%\rqtwa.bak1
NY -> rqtwa.ini -> %System32%\rqtwa.ini
NY -> tspmrvog.dll -> %System32%\tspmrvog.dll
NY -> uttss.bak1 -> %System32%\uttss.bak1
NY -> uttss.bak2 -> %System32%\uttss.bak2
NY -> uttss.ini -> %System32%\uttss.ini
NY -> uydlrqos.ini -> %System32%\uydlrqos.ini
NY -> vgrotkbs.ini -> %System32%\vgrotkbs.ini
NY -> wvuturr.dll -> %System32%\wvuturr.dll
NY -> ydlcysrh.ini -> %System32%\ydlcysrh.ini
NY -> ykspuiqv.bak -> %System32%\ykspuiqv.bak
NY -> ymybotjs.ini -> %System32%\ymybotjs.ini
[File String Scan - Non-Microsoft Only]
NY -> @Alternate Data Stream - 88 bytes -> %System32%\IWPDGINA.dll:SummaryInformation
NY -> @Alternate Data Stream - 0 bytes -> %System32%\IWPDGINA.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
[Empty Temp Folders]
[Start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan(attach the WinPFind3 scan report).

I will review the information when it comes back in.

#9
taye17

Posted 29 November 2007 - 05:17 PM

New Member

Topic Starter
Member
7 posts

Explorer killed successfully
[Processes - Non-Microsoft Only]
Process clclean.0001 killed successfully.
Unable to kill process gapojfnt.exe .
C:\WINDOWS\SYSTEM32\gapojfnt.exe moved successfully.
[Win32 Services - Non-Microsoft Only]
Service DomainService stopped successfully.
Service DomainService deleted successfully.
File C:\WINDOWS\SYSTEM32\gapojfnt.exe not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000D7} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{827D3881-317C-442A-B4ED-F576CBA700BB} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{ED203331-9C33-49D8-8714-D24A366A04EC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED203331-9C33-49D8-8714-D24A366A04EC} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders written successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjjijj deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnlmli deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnomlj deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqro deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED203331-9C33-49D8-8714-D24A366A04EC} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-86BD-FD60BB9AAE3A} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{B7D3E479-CC68-42B5-A338-938ECE35F419} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d81ca86b-ef63-42af-bee3-4502d9a03c2d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d81ca86b-ef63-42af-bee3-4502d9a03c2d} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} deleted successfully.
[Registry - Additional Scans - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Derek Hawkins.DEREKHAWK^Start Menu^Programs^Startup^Slide.exe.lnk deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\McAfeeUpdaterUI deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\setup deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg deleted successfully.
File not found.
[Files/Folders - Created Within 30 days]
C:\oaif.exe moved successfully.
C:\WINDOWS\SYSTEM32\bccdd.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\bccdd.ini moved successfully.
C:\WINDOWS\SYSTEM32\bsbxjasi.ini moved successfully.
C:\WINDOWS\SYSTEM32\dfhkj.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\dfhkj.ini moved successfully.
C:\WINDOWS\SYSTEM32\dxpsenyl.exe moved successfully.
File C:\WINDOWS\SYSTEM32\gapojfnt.exe not found!
C:\WINDOWS\SYSTEM32\govrmpst.ini moved successfully.
C:\WINDOWS\SYSTEM32\hkgnhvfo.exe moved successfully.
C:\WINDOWS\SYSTEM32\ihkmp.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\ihkmp.ini moved successfully.
C:\WINDOWS\SYSTEM32\jlnmp.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\jlnmp.bak2 moved successfully.
C:\WINDOWS\SYSTEM32\jlnmp.ini moved successfully.
C:\WINDOWS\SYSTEM32\mcrh.tmp moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\mobjfltu.dll
C:\WINDOWS\SYSTEM32\mobjfltu.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\mobjfltu.dll moved successfully.
LoadLibrary failed for C:\WINDOWS\SYSTEM32\mvcerc051010.dll
C:\WINDOWS\SYSTEM32\mvcerc051010.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\mvcerc051010.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\qaqoesok.dll
C:\WINDOWS\SYSTEM32\qaqoesok.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\qaqoesok.dll moved successfully.
C:\WINDOWS\SYSTEM32\rqstv.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\rqstv.ini moved successfully.
C:\WINDOWS\SYSTEM32\rqtwa.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\rqtwa.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\tspmrvog.dll
C:\WINDOWS\SYSTEM32\tspmrvog.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\tspmrvog.dll moved successfully.
C:\WINDOWS\SYSTEM32\uttss.bak1 moved successfully.
C:\WINDOWS\SYSTEM32\uttss.bak2 moved successfully.
C:\WINDOWS\SYSTEM32\uttss.ini moved successfully.
C:\WINDOWS\SYSTEM32\uydlrqos.ini moved successfully.
C:\WINDOWS\SYSTEM32\vgrotkbs.ini moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\wvuturr.dll
C:\WINDOWS\SYSTEM32\wvuturr.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\wvuturr.dll moved successfully.
C:\WINDOWS\SYSTEM32\ydlcysrh.ini moved successfully.
C:\WINDOWS\SYSTEM32\ykspuiqv.bak moved successfully.
C:\WINDOWS\SYSTEM32\ymybotjs.ini moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\oaif.exe not found!
File C:\WINDOWS\SYSTEM32\bccdd.bak1 not found!
File C:\WINDOWS\SYSTEM32\bccdd.ini not found!
File C:\WINDOWS\SYSTEM32\bsbxjasi.ini not found!
File C:\WINDOWS\SYSTEM32\dfhkj.bak1 not found!
File C:\WINDOWS\SYSTEM32\dfhkj.ini not found!
File C:\WINDOWS\SYSTEM32\dxpsenyl.exe not found!
File C:\WINDOWS\SYSTEM32\gapojfnt.exe not found!
File C:\WINDOWS\SYSTEM32\govrmpst.ini not found!
File C:\WINDOWS\SYSTEM32\hkgnhvfo.exe not found!
File C:\WINDOWS\SYSTEM32\ihkmp.bak1 not found!
File C:\WINDOWS\SYSTEM32\ihkmp.ini not found!
File C:\WINDOWS\SYSTEM32\jlnmp.bak1 not found!
File C:\WINDOWS\SYSTEM32\jlnmp.bak2 not found!
File C:\WINDOWS\SYSTEM32\jlnmp.ini not found!
File C:\WINDOWS\SYSTEM32\mcrh.tmp not found!
File C:\WINDOWS\SYSTEM32\mobjfltu.dll not found!
File C:\WINDOWS\SYSTEM32\mvcerc051010.dll not found!
File C:\WINDOWS\SYSTEM32\qaqoesok.dll not found!
File C:\WINDOWS\SYSTEM32\rqstv.bak1 not found!
File C:\WINDOWS\SYSTEM32\rqstv.ini not found!
File C:\WINDOWS\SYSTEM32\rqtwa.bak1 not found!
File C:\WINDOWS\SYSTEM32\rqtwa.ini not found!
File C:\WINDOWS\SYSTEM32\tspmrvog.dll not found!
File C:\WINDOWS\SYSTEM32\uttss.bak1 not found!
File C:\WINDOWS\SYSTEM32\uttss.bak2 not found!
File C:\WINDOWS\SYSTEM32\uttss.ini not found!
File C:\WINDOWS\SYSTEM32\uydlrqos.ini not found!
File C:\WINDOWS\SYSTEM32\vgrotkbs.ini not found!
File C:\WINDOWS\SYSTEM32\wvuturr.dll not found!
File C:\WINDOWS\SYSTEM32\ydlcysrh.ini not found!
File C:\WINDOWS\SYSTEM32\ykspuiqv.bak not found!
File C:\WINDOWS\SYSTEM32\ymybotjs.ini not found!
[File String Scan - Non-Microsoft Only]
ADS C:\WINDOWS\SYSTEM32\IWPDGINA.dll:SummaryInformation deleted successfully.
ADS C:\WINDOWS\SYSTEM32\IWPDGINA.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} deleted successfully.
[Empty Temp Folders]
C:\DOCUME~1\DEREKH~1.DER\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
Explorer started successfully
< End of log >
Created on 11/29/2007 15:54:36

Attached Files

WinPFind3_Log2.txt 39.96KB 694 downloads

#10
Rorschach112

Posted 29 November 2007 - 05:30 PM

Ralphie

Retired Staff
47,710 posts

Hello

Download and scan with SUPERAntiSpyware Free for Home Users

Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes".
To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.

Also post a new HijackThis log and tell me how your PC is running now.

#11
taye17

Posted 30 November 2007 - 09:35 PM

New Member

Topic Starter
Member
7 posts

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/30/2007 at 07:03 PM

Application Version : 3.9.1008

Core Rules Database Version : 3352
Trace Rules Database Version: 1351

Scan type : Complete Scan
Total Scan Time : 02:50:56

Memory items scanned : 513
Memory threats detected : 0
Registry items scanned : 7271
Registry threats detected : 4
File items scanned : 176469
File threats detected : 86

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{A022A6E9-1C2A-485B-A4D4-1B87DA56F5CE}
HKCR\CLSID\{A022A6E9-1C2A-485B-A4D4-1B87DA56F5CE}
HKCR\CLSID\{A022A6E9-1C2A-485B-A4D4-1B87DA56F5CE}\InprocServer32
HKCR\CLSID\{A022A6E9-1C2A-485B-A4D4-1B87DA56F5CE}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\VTSQR.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@serving-sys[1].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@overture[1].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@atdmt[2].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@trafficmp[2].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@doubleclick[3].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\[email protected][2].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@2o7[2].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\[email protected][1].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\[email protected][1].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\[email protected][1].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\[email protected][3].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@adrevolver[2].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\[email protected][1].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\[email protected][1].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@tribalfusion[2].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek [email protected]
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@interclick[2].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@hotbar[1].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@indiads[1].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@fastclick[2].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\[email protected][1].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@adrevolver[1].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@advertising[10].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@advertising[11].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@advertising[2].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@advertising[3].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@advertising[4].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@advertising[5].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@advertising[6].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@advertising[7].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@advertising[8].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@advertising[9].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\derek_hawkins@doubleclick[1].txt
C:\Documents and Settings\Derek Hawkins.DEREKHAWK\Cookies\[email protected][2].txt

Malware.MalwareAlarm
C:\Program Files\MalwareAlarm\MalwareAlarm.lic
C:\Program Files\MalwareAlarm

Malware.Installer-Pkg/Gen
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{3C48F877-A164-45E9-B9DA-26A049FFC207}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{6293BC00-4EB8-4C65-8548-53E2FC3BF937}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C0A0AA4D-C79B-48CA-8843-2B02B626C9E6}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{C2D8F0E2-6978-4409-8351-BA8785DA11EE}.EXE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\WILDTANGENT\DELL GAME CONSOLE\DOWNLOADS\INSTALLERS\{E0814F95-5380-4892-B8C8-7FA4B349EF46}.EXE

Trojan.Downloader-Gen/DDC
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\AVZ4EN\QUARANTINE\2007-11-28\AVZ00001.DTA
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\DXPSENYL.EXE
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\GAPOJFNT.EXE
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\HKGNHVFO.EXE
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\YKSPUIQV.BAK
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP18\A0056219.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP24\A0058442.EXE

Adware.Vundo Variant
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\AVZ4EN\QUARANTINE\2007-11-28\AVZ00003.DTA

Trojan.Downloader-Gen/OAIf
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\WINPFIND3U\MOVEDFILES\OAIF.EXE

Adware.Vundo Variant/Rel
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\DFHKJ.BAK1
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\MCRH.TMP
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\RQSTV.BAK1
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\RQSTV.INI
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\UTTSS.BAK1
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\UTTSS.INI

Adware.Vundo-Variant/Small-A
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\MOBJFLTU.DLL
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\QAQOESOK.DLL
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\TSPMRVOG.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP18\A0056194.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP18\A0056217.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP18\A0056218.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP19\A0056223.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP19\A0056224.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP19\A0056225.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP22\A0056398.DLL

Adware.Vundo-Variant/Small
C:\DOCUMENTS AND SETTINGS\DEREK HAWKINS.DEREKHAWK\DESKTOP\WINPFIND3U\MOVEDFILES\WINDOWS\SYSTEM32\WVUTURR.DLL

Malware.Ultimate Defender
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VGFDDWTV\VGFDDWTV1.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VGFDDWTV\VGFDDWTV2.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\VGFDDWTV\VGFDDWTV3.EXE.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0055111.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0055112.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0055113.EXE

Rootkit.Rustock/NTNDis
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\XPDX.SYS.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0055118.SYS

Adware.Vundo-Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP17\A0055896.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP18\A0056190.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP20\A0056348.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP22\A0056396.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP24\A0058432.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP26\A0058505.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0055124.DLL

Adware.180solutions/ZangoSearch
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP17\A0056024.EXE

Adware.180solutions/Seekmo
C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP18\A0056193.DLL

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:33:50 PM, on 11/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\DOCUME~1\DEREKH~1.DER\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\taye.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....sn.com/?wl=true
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....026/CTSUEng.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.co...IEGetPlugin.ocx
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1154565217781
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.del...ll/gtdownde.cab
O20 - Winlogon Notify: !SABWinLogon - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABWINLO.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.0 Pro\rcp_scheduler.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/DEREKH~1.DER/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

--
End of file - 8941 bytes

It's running at a normal pace.

Edited by taye17, 30 November 2007 - 09:36 PM.

#12
Rorschach112

Posted 01 December 2007 - 03:36 PM

Ralphie

Retired Staff
47,710 posts

Is your PC having any problems? Your logs look good.

#13
taye17

Posted 02 December 2007 - 02:02 PM

New Member

Topic Starter
Member
7 posts

Yes, its running smoother than before.

#14
Rorschach112

Posted 02 December 2007 - 05:33 PM

Ralphie

Retired Staff
47,710 posts

We are all done then. Just a few little things

Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

* I recommend the following anti-spyware programs to protect yourself against spyware, make sure you only use one real-time anti-spyware protection program though :
AVG anti-spyware
SUPERAntiSpyware
Spybot - Search and Destroy
Ad-Aware 2007 Free

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.

#15
Rorschach112

Posted 04 December 2007 - 11:12 PM

Ralphie

Retired Staff
47,710 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.