Geeks to Go Forums: AH! Please help before I shoot my computer! [CLOSED] - Geeks to Go Forums

Jump to content

i Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or start a new topic of your own. Joining allows you to enjoy all this forum has to offer. Learn more in our Welcome Guide. What are you waiting for? Click here to join for free today!
Page 1 of 1

AH! Please help before I shoot my computer! [CLOSED] thanks a bunch i know you guys rock

#1 User is offline   IrfanM 

  • Member
  • PipPip
  • Group: Member
  • Posts: 11
  • Joined: 01-August 07
  • Operating System:Windows XP

Posted 23 October 2007 - 08:13 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:20 PM, on 10/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\System32\qpudkplf.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\PERMIS~1\bin\dm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
D:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\o6b9y4jj.exe
C:\WINDOWS\mgrs.exe
D:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wuauclt.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Irfan\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\System32\ygprlxgi.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [xxy_Shell] C:\Documents and Settings\Irfan\xxy_cuso.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winshow] "C:\WINDOWS\winshow.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\o6b9y4jj.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [f03468ad] rundll32.exe "C:\WINDOWS\System32\whavltpu.dll",b
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: Yahoo! Spades - http://download2.gam...nts/y/st3_x.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Basic) - http://reports.longa...ptX/ScriptX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://vram3.vcu.edu/dwa7W.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\SXJmYW4\command.exe (file missing)
O23 - Service: DomainService - - C:\WINDOWS\System32\qpudkplf.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PermissionTV Download Manager Service (PermissionTVDownloadManager) - PermissionTV - C:\PROGRA~1\PERMIS~1\bin\dm.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O24 - Desktop Component 0: (no name) - C:\Program Files\Windows Media Player\progycawuy.html

--
End of file - 5863 bytes
0

#2 User is offline   Rorschach112 

  • Ralphie
  • Group: Geek U Moderator
  • Posts: 47,301
  • Joined: 23-March 07
  • Location:Dublin
  • Operating System:XP

Posted 23 October 2007 - 11:58 PM

Hello, my name is Rorschach and I'll be helping you with your problems.


1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Reboot your PC and do the following


Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Under Additional Scans on the bottom right, check the box for Reg - Disabled MS Config Items
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.
0

#3 User is offline   IrfanM 

  • Member
  • PipPip
  • Group: Member
  • Posts: 11
  • Joined: 01-August 07
  • Operating System:Windows XP

Posted 24 October 2007 - 02:36 PM

ComboFix 07-10-24.1 - Irfan 2007-10-24 15:01:17.1 - NTFSx86
Running from: C:\Documents and Settings\Irfan\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\General\Desktop\internet.lnk
C:\Documents and Settings\General\Desktop\Live Safety Center.lnk
C:\Documents and Settings\General\Desktop\Online Security Guide.lnk
C:\Documents and Settings\General\Favorites\Online Security Guide.lnk
C:\Documents and Settings\General\Start Menu\Programs\Outerinfo
C:\Documents and Settings\General\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\General\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Documents and Settings\Irfan\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Irfan\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Irfan\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\ecurit~1
C:\Program Files\Common Files\ecurit~1\?ecurity\
C:\Program Files\Common Files\ecurit~1\lsass.exe
C:\Program Files\Common Files\microsoft shared\web folders\ibm00001.dll
C:\Program Files\Common Files\microsoft shared\web folders\ibm00002.dll
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
C:\Program Files\Common Files\Yazzle1549OinUninstaller.exe
C:\Program Files\ComPlus Applications\holetu4444.dll
C:\Program Files\ComPlus Applications\holetu83122.dll
C:\Program Files\folder.js\
C:\Program Files\ini.ini\
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\TTC.dll
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\Program Files\web buying
C:\Program Files\web buying\v1.8.5\wbuninst.exe
C:\Program Files\web buying\v1.8.5\webbuying.exe
C:\Program Files\Windows Media Player\lawunedi.dll
C:\Program Files\Windows Media Player\lawunedi369.dll
C:\Program Files\Windows Media Player\lawunedi56.dll
C:\Program Files\Windows Media Player\lawunedi566.dll
C:\Program Files\Windows Media Player\lawunedi964.dll
C:\Program Files\Windows Media Player\lawunedi993.dll
C:\Program Files\Windows Media Player\progycawuy.html
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fCOe
C:\Temp\fCOe\tOasF.log
C:\temp\tn3
C:\WINDOWS\Casino.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1.net
C:\WINDOWS\crosof~1.net\??plorer.exe
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\mgrs.exe
C:\WINDOWS\smante~1
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\SXJmYW4\asappsrv.dll
C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\cymaxvee.dll
C:\WINDOWS\system32\dqaf.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\hhkmp.bak1
C:\WINDOWS\system32\hhkmp.bak2
C:\WINDOWS\system32\hhkmp.ini
C:\WINDOWS\system32\nqstv.bak1
C:\WINDOWS\system32\nqstv.bak2
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\oTt08e
C:\WINDOWS\system32\oTt08e\oTt08e1099.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmkhh.dll
C:\WINDOWS\system32\qpudkplf.exe
C:\WINDOWS\system32\rmvoylg.dll
C:\WINDOWS\system32\vtsqn.dll
C:\WINDOWS\system32\vtstu.dll
C:\WINDOWS\system32\wnstsisv.exe
C:\WINDOWS\system32\yaywxww.dll
C:\WINDOWS\system32\ygprlxgi.dllbox
C:\WINDOWS\tk58.exe
C:\WINDOWS\tsitra77.exe
C:\WINDOWS\TTC-4444.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NTMLSVC
-------\cmdService
-------\core
-------\DomainService
-------\NtmlSvc


((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-30 )))))))))))))))))))))))))))))))
.

2007-10-30 15:02 75,328 --a------ C:\WINDOWS\system32\fqlimgyg.exe
2007-10-24 13:58 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 13:28 20,992 --a------ C:\WINDOWS\y3jfr9hz.exe
2007-10-24 13:12 20,992 --a------ C:\WINDOWS\yprrpjct.exe
2007-10-24 10:07 <DIR> d-------- C:\Program Files\E404 Helper
2007-10-23 18:08 84,544 --a------ C:\WINDOWS\system32\whavltpu.dll
2007-10-23 17:53 84,544 --a------ C:\WINDOWS\system32\knpmupwc.dll
2007-10-23 17:11 <DIR> d-------- C:\Program Files\Adsense Helper Object
2007-10-23 06:18 14,900 --a------ C:\Program Files\3269.exe
2007-10-23 06:17 9,728 --a------ C:\Program Files\hlpsrv.exe
2007-10-23 06:15 20,992 --a------ C:\WINDOWS\o6b9y4jj.exe
2007-10-23 05:48 340,032 --a------ C:\WINDOWS\system32\ygprlxgi.dll
2007-10-23 05:47 340,032 --a------ C:\WINDOWS\system32\vtiavfdd.dll
2007-10-22 22:35 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-10-22 22:35 49,664 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2007-10-22 22:35 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-10-22 22:35 45,568 --a--c--- C:\WINDOWS\system32\dllcache\iyuv_32.dll
2007-10-22 22:35 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-10-22 22:35 8,192 --a--c--- C:\WINDOWS\system32\dllcache\tsbyuv.dll
2007-10-22 13:09 421,888 --a------ C:\WINDOWS\system32\bkinwykm.dll
2007-10-22 13:09 45,056 --a------ C:\WINDOWS\system32\katzppd.exe
2007-10-22 13:09 45,056 --a------ C:\WINDOWS\system32\katzpoyoq.exe
2007-10-22 13:09 44,922 --a------ C:\WINDOWS\system32\IKatzuUninstall.exe
2007-10-22 13:08 <DIR> d-------- C:\WINDOWS\system32\xirdrvr
2007-10-22 13:08 <DIR> d-------- C:\WINDOWS\system32\temp2
2007-10-22 13:08 <DIR> d-------- C:\WINDOWS\system32\ozde
2007-10-22 13:08 <DIR> d-------- C:\WINDOWS\system32\fixtmp
2007-10-22 13:08 <DIR> d-------- C:\WINDOWS\system32\caches2
2007-10-22 13:08 <DIR> d-------- C:\WINDOWS\system32\bit2
2007-10-22 13:08 <DIR> d--hs---- C:\WINDOWS\SXJmYW4
2007-10-22 13:08 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-10-08 14:17 150,528 --a------ C:\WINDOWS\system32\ptpusd.dll
2007-10-08 14:17 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2007-10-05 12:09 <DIR> d-------- C:\Documents and Settings\General\Application Data\Skype
2007-09-24 05:47 <DIR> d-------- C:\Documents and Settings\General\Application Data\U3
2007-09-14 08:32 32,072 --a------ C:\WINDOWS\uarejawb.exe
2007-09-14 08:32 32,072 --a------ C:\WINDOWS\r31d1pnj.exe
2007-09-14 08:32 32,072 --a------ C:\WINDOWS\ottbqeif.exe
2007-09-14 08:32 32,072 --a------ C:\WINDOWS\6twys3rx.exe
2007-09-09 19:57 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-09-09 19:57 <DIR> d-------- C:\Documents and Settings\Irfan\Application Data\U3
2007-09-07 18:34 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-09-07 18:33 <DIR> d-------- C:\Program Files\PermissionTV
2007-09-06 13:17 <DIR> d-------- C:\Documents and Settings\General\Application Data\Template

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-24 15:07 --------- d-----w C:\Documents and Settings\General\Application Data\OpenOffice.org2
2007-10-24 02:09 75 ----a-w C:\Program Files\ini.ini
2007-10-23 02:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-10-19 10:49 --------- d-----w C:\Documents and Settings\Irfan\Application Data\OpenOffice.org2
2007-09-01 01:08 --------- d-----w C:\Documents and Settings\Irfan\Application Data\Printer Info Cache
2007-09-01 01:08 --------- d-----w C:\Documents and Settings\Irfan\Application Data\Image Zone Express
2007-09-01 01:05 --------- d-----w C:\Documents and Settings\Irfan\Application Data\HP
2007-08-29 00:15 --------- d-----w C:\Program Files\Google
2007-06-14 09:22 2,231 ----a-w C:\Program Files\folder.js
2006-09-08 01:02 0 ---ha-w C:\Documents and Settings\General\hpothb07.dat
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\SXJmYW4\mrLAsqb.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18FA53D3-B7A8-4309-8045-D43D6AA2DCE9}]
2007-10-23 17:11 26112 --a------ C:\Program Files\Adsense Helper Object\aho.v5.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-10-23 05:48 340032 --a------ C:\WINDOWS\system32\ygprlxgi.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EA5159DF-E413-4878-8AE2-D921D41BB942}]
2007-10-22 13:09 421888 --a------ C:\WINDOWS\System32\bkinwykm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}]
2007-10-24 10:07 15872 --a------ C:\Program Files\E404 Helper\e404.v1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\ygprlxgi.dll [2007-10-23 05:48 340032]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avp"="C:\WINDOWS\y3jfr9hz.exe" [2007-10-24 13:28]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-03-11 13:24]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 13:11]
"ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 12:29]
"MCUpdateExe"="C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe" [2002-09-04 10:28]
"QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2002-08-29 07:00]
"ArtChk"="C:\WINDOWS\System32\artchker.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="D:\Program Files\AIM\aim.exe" [2006-08-01 15:35]

C:\Documents and Settings\General\Start Menu\Programs\Startup\
Chesterfield County Public Library Tray App.lnk - C:\Program Files\PermissionTV\bin\dmtray.exe [2007-09-07 18:34:01]
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"OPZRnCURJiexZTOIZ"= {F0346803-5A9E-C2A9-408F-5876C1B036D3} - C:\WINDOWS\System32\wccb.dll [2006-10-24 13:14 25088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ygprlxgi]
ygprlxgi.dll 2007-10-23 05:48 340032 C:\WINDOWS\system32\ygprlxgi.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\System32\vtsqn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=C:\WINDOWS\pss\Billminder.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=C:\WINDOWS\pss\Quicken Startup.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Irfan^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Irfan\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Irfan^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\Irfan\Start Menu\Programs\Startup\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
D:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"C:\Program Files\Ares\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares lite]
"C:\Program Files\ARES\Ares.exe" -h

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avp]
C:\WINDOWS\o6b9y4jj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\f03468ad]
rundll32.exe "C:\WINDOWS\System32\whavltpu.dll",b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
"C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\WINDOWS\System32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"D:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\tsitra1000106.exe 61A847B5BBF72813329B385772FF01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\smgr]
mgrs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
C:\WINDOWS\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Program Files\Valve\Steam\Steam.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
"C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Recovery]
C:\Windows\Sonysys\VAIO Recovery\PartSeal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winshow]
"C:\WINDOWS\winshow.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xxy_Shell]
C:\Documents and Settings\Irfan\xxy_cuso.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZTgServerSwitch]
c:\program files\support.com\client\lserver\server.vbs

R2 PermissionTVDownloadManager;PermissionTV Download Manager Service;C:\PROGRA~1\PERMIS~1\bin\dm.exe
R3 m4301a;Linksys Wireless-B USB Network Adapter v4.0 Driver;C:\WINDOWS\System32\DRIVERS\m4301A.sys
R3 NaiFiltr;NaiFiltr;C:\WINDOWS\System32\DRIVERS\NaiFiltr.sys
S3 SONYWBMS;Sony Memory Stick controller(WB);C:\WINDOWS\System32\DRIVERS\SonyWBMS.SYS

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt hpqcxs08 hpqddsvc

.
Contents of the 'Scheduled Tasks' folder
"2007-10-30 20:06:26 C:\WINDOWS\Tasks\McAfee.com Update Check (I-General).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-10-30 20:09:43 C:\WINDOWS\Tasks\McAfee.com Update Check (I-Irfan).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-10-30 20:09:00 C:\WINDOWS\Tasks\McAfee.com Update Check (VALUED-ECECF7F4-General).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
"2007-10-30 20:03:00 C:\WINDOWS\Tasks\McAfee.com Update Check (VALUED-ECECF7F4-Irfan).job"
- C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
.
**************************************************************************

catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 15:09:55
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-30 15:10:59 - machine was rebooted
0

#4 User is offline   IrfanM 

  • Member
  • PipPip
  • Group: Member
  • Posts: 11
  • Joined: 01-August 07
  • Operating System:Windows XP

Posted 24 October 2007 - 02:44 PM

the WinPFind3U keeps freezing , i gave it many attemps, an ad keeps popping up ( apart of problem ) and oncea window comes infront of the way of the program its a goner. need help quick. thanks.
0

#5 User is offline   IrfanM 

  • Member
  • PipPip
  • Group: Member
  • Posts: 11
  • Joined: 01-August 07
  • Operating System:Windows XP

Posted 24 October 2007 - 02:55 PM

WinPFind3 logfile created on: 10/30/2007 4:52:00 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Irfan\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

503.36 Mb Total Physical Memory | 273.16 Mb Available Physical Memory | 54.27% Memory free
1.20 Gb Paging File | 1.05 Gb Available in Paging File | 87.47% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 5.93 Gb Free Space | 42.44% Space Free
Drive D: | 92.81 Gb Total Space | 38.19 Gb Free Space | 41.15% Space Free
Drive E: | 369.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: I
Current User Name: Irfan
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
ezsp_px.exe -> %System32%\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 12:29:26 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2082 | Size = 114688 bytes | Modified Date = 3/11/2003 1:11:56 PM | Attr = ]
lookwin.exe -> %LocalSettings%\Temp\lookwin.exe -> NoName Corp. [Ver = 1, 0, 0, 1 | Size = 9728 bytes | Modified Date = 10/30/2007 4:36:32 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> [Ver = | Size = 225375 bytes | Modified Date = 9/8/2001 6:00:00 AM | Attr = ]
mgrs.exe -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Modified Date = 10/30/2007 3:10:52 PM | Attr = ]
photoappsrv.exe -> %ProgramFiles%\Sony\Photo Server\appsrv\PhotoAppSrv.exe -> Sony Corporation [Ver = 2, 5, 0,15250 | Size = 262144 bytes | Modified Date = 3/25/2003 7:39:02 PM | Attr = ]
qttask.exe -> D:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 3:57:48 PM | Attr = ]
sv_httpd.exe -> %CommonProgramFiles%\Sony Shared\VAIO Media Platform\sv_httpd.exe -> Sony Corporation [Ver = 2.5.00.14070 | Size = 57344 bytes | Modified Date = 2/10/2003 3:11:12 PM | Attr = ]
svhost.exe -> %LocalSettings%\Temp\svhost.exe -> NoName Corp. [Ver = 1, 0, 0, 1 | Size = 9728 bytes | Modified Date = 10/30/2007 4:37:02 PM | Attr = ]
svserver.exe -> %LocalSettings%\Temp\svserver.exe -> NoName Corp. [Ver = 1, 0, 0, 1 | Size = 9728 bytes | Modified Date = 10/30/2007 4:44:58 PM | Attr = ]
svwin.exe -> %LocalSettings%\Temp\svwin.exe -> NoName Corp. [Ver = 1, 0, 0, 1 | Size = 9728 bytes | Modified Date = 10/30/2007 4:43:44 PM | Attr = ]
synsv.exe -> %LocalSettings%\Temp\synsv.exe -> NoName Corp. [Ver = 1, 0, 0, 1 | Size = 9728 bytes | Modified Date = 10/30/2007 4:43:20 PM | Attr = ]
upnpframework.exe -> %CommonProgramFiles%\Sony Shared\VAIO Media Platform\UPnPFramework.exe -> Sony Corporation [Ver = 3.0.00.15190 | Size = 675840 bytes | Modified Date = 3/19/2003 11:02:38 PM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 10:47:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Stopped] -> D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 6 | Size = 557056 bytes | Modified Date = 7/20/2007 2:21:34 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 1/3/2007 8:40:22 PM | Attr = ]
(McShield) McAfee.com McShield [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> [Ver = | Size = 225375 bytes | Modified Date = 9/8/2001 6:00:00 AM | Attr = ]
(MCVSRte) McAfee.com VirusScan Online Realtime Engine [Win32_Own | Auto | Stopped] -> %ProgramFiles%\McAfee.com\VSO\mcvsrte.exe -> Mcafee.com Corporation [Ver = 4, 4, 0, 10 | Size = 94208 bytes | Modified Date = 10/4/2002 3:09:20 PM | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4303 | Size = 65536 bytes | Modified Date = 3/3/2003 9:44:00 PM | Attr = ]
(PermissionTVDownloadManager) PermissionTV Download Manager Service [Win32_Own | Auto | Stopped] -> %ProgramFiles%\PermissionTV\bin\dm.exe -> PermissionTV [Ver = 3, 14, 0, 3 | Size = 213053 bytes | Modified Date = 9/7/2007 6:37:40 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/8/2003 11:31:02 PM | Attr = R ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 3.2.00.12242 | Size = 65536 bytes | Modified Date = 12/24/2002 1:01:22 PM | Attr = ]
(VAIOMediaPlatform-MusicServer-AppServer) VAIO Media Music Server [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Sony\VAIO Media Music Server\SSSvr.exe -> Sony Corporation [Ver = 2.5.00.15184 | Size = 536648 bytes | Modified Date = 3/18/2003 7:03:24 PM | Attr = ]
(VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP) [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Sony Shared\VAIO Media Platform\sv_httpd.exe -> Sony Corporation [Ver = 2.5.00.14070 | Size = 57344 bytes | Modified Date = 2/10/2003 3:11:12 PM | Attr = ]
(VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP) [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Sony Shared\VAIO Media Platform\UPnPFramework.exe -> Sony Corporation [Ver = 3.0.00.15190 | Size = 675840 bytes | Modified Date = 3/19/2003 11:02:38 PM | Attr = ]
(VAIOMediaPlatform-PhotoServer-AppServer) VAIO Media Photo Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Sony\Photo Server\appsrv\PhotoAppSrv.exe -> Sony Corporation [Ver = 2, 5, 0,15250 | Size = 262144 bytes | Modified Date = 3/25/2003 7:39:02 PM | Attr = ]
(VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP) [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Media Platform\sv_httpd.exe -> Sony Corporation [Ver = 2.5.00.14070 | Size = 57344 bytes | Modified Date = 2/10/2003 3:11:12 PM | Attr = ]
(VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP) [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Media Platform\UPnPFramework.exe -> Sony Corporation [Ver = 3.0.00.15190 | Size = 675840 bytes | Modified Date = 3/19/2003 11:02:38 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
ArtChk -> %System32%\artchker.exe -> File not found
avp -> %SystemRoot%\y3jfr9hz.exe -> MskSoftStudy Corp. [Ver = 1, 0, 0, 1 | Size = 20992 bytes | Modified Date = 10/24/2007 1:28:08 PM | Attr = ]
ezShieldProtector for Px -> %System32%\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 12:29:26 PM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2082 | Size = 114688 bytes | Modified Date = 3/11/2003 1:11:56 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,2082 | Size = 155648 bytes | Modified Date = 3/11/2003 1:24:08 PM | Attr = ]
MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe -> McAfee.com Corporation [Ver = 4, 0, 0, 27 | Size = 151552 bytes | Modified Date = 9/4/2002 10:28:56 AM | Attr = ]
QuickTime Task -> D:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 3:57:48 PM | Attr = ]
smgr -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Modified Date = 10/30/2007 3:10:52 PM | Attr = ]
< RunOnce [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
-265000958 -> %LocalSettings%\Temp\f08c9c7e.exe -> [Ver = | Size = 18432 bytes | Modified Date = 10/30/2007 4:36:36 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AIM -> D:\Program Files\AIM\aim.exe -cnetwait.odl -> File not found
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
{F0346803-5A9E-C2A9-408F-5876C1B036D3} [HKLM] -> %System32%\wccb.dll [OPZRnCURJiexZTOIZ] -> [Ver = | Size = 25088 bytes | Modified Date = 10/24/2006 1:14:56 PM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2082 | Size = 315392 bytes | Modified Date = 3/11/2003 1:11:06 PM | Attr = ]
ygprlxgi -> %System32%\ygprlxgi.dll -> [Ver = | Size = 340032 bytes | Modified Date = 10/23/2007 5:48:14 AM | Attr = ]
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< HOSTS File > (27 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.sony.com/vaiopeople ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 4/16/2001 6:39:02 PM | Attr = ]
{18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} [HKLM] -> %ProgramFiles%\Adsense Helper Object\aho.v5.dll [Adsense Helper Class] -> [Ver = 1, 0, 0, 1 | Size = 26112 bytes | Modified Date = 10/23/2007 5:11:56 PM | Attr = ]
{A95B2816-1D7E-4561-A202-68C0DE02353A} [HKLM] -> %System32%\ygprlxgi.dll [Reg Data - Value does not exist] -> [Ver = | Size = 340032 bytes | Modified Date = 10/23/2007 5:48:14 AM | Attr = ]
{AE84A6AA-A333-4B92-B276-C11E2212E4FE} [HKLM] -> %ProgramFiles%\Hewlett-Packard\Smart Web Printing\SmartWebPrinting.dll [CPrintEnhancer Object] -> Hewlett-Packard Co. [Ver = 1.5.48 | Size = 599472 bytes | Modified Date = 12/15/2006 5:34:28 PM | Attr = ]
{EA5159DF-E413-4878-8AE2-D921D41BB942} [HKLM] -> %System32%\bkinwykm.dll [IKatzu Class] -> [Ver = 3, 17, 0, 0 | Size = 421888 bytes | Modified Date = 10/22/2007 1:09:02 PM | Attr = ]
{F10587E9-0E47-4CBE-84AE-7DD20B8684BB} [HKLM] -> %ProgramFiles%\E404 Helper\e404.v1.dll [e404mgr Class] -> [Ver = 1, 0, 0, 1 | Size = 15872 bytes | Modified Date = 10/24/2007 10:07:38 AM | Attr = ]
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [HKLM] -> Reg Data - Value does not exist [Reg Data - Value does not exist] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{11A69AE4-FBED-4832-A2BF-45AF82825583} [HKLM] -> %System32%\ygprlxgi.dll [Security Toolbar] -> [Ver = | Size = 340032 bytes | Modified Date = 10/23/2007 5:48:14 AM | Attr = ]
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\{11A69AE4-FBED-4832-A2BF-45AF82825583} [HKLM] -> %System32%\ygprlxgi.dll [Security Toolbar] -> [Ver = | Size = 340032 bytes | Modified Date = 10/23/2007 5:48:14 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> D:\Program Files\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ]
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} -> Reg Data - Value does not exist [ButtonText: MoneySide] -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0C361B4F-D74D-4D52-B9CC-B026B340E4DB} -> () ->
{72BA4704-A0BF-4012-B936-AA1E83410B13} -> (Intel® PRO/100 VE Network Connection) ->
{7A084841-1B0C-464D-B5A8-529C2E0A4A26} -> (D-Link DFE-538TX 10/100 Adapter) ->
{8E1CDBDC-78D4-40C3-860B-B91B93242642} -> (D-Link DFE-538TX 10/100 Adapter) ->
{943AE45F-5226-4A54-A69B-B22990DC9CF9} -> () ->
{EF9E5E4F-3CCD-45CB-87A4-C7A441F151D8} -> (1394 Net Adapter) ->
{FAC3E950-8E00-4CEB-8532-DBEB9B0D2A29} -> () ->
< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 26, 0 | Size = 1783384 bytes | Modified Date = 11/1/2006 3:21:20 PM | Attr = R ]
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{1663ed61-23eb-11d2-b92f-008048fdd814} -> MeadCo ScriptX - CodeBase = http://reports.longa...ptX/ScriptX.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab ->
{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.0_03 - CodeBase = http://java.sun.com/products/plugin/autodl..._4_0_03-win.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
{E008A543-CEFB-4559-912F-C27C2B89F13B} -> Domino Web Access 7 Control - CodeBase = http://vram3.vcu.edu/dwa7W.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->
Yahoo! Spades -> - CodeBase = http://download2.gam...nts/y/st3_x.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk -> %ProgramFiles%\Quicken\billmind.exe -> Intuit [Ver = 008.000.000.000 | Size = 36864 bytes | Modified Date = 9/20/2002 2:19:46 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 82.0.188.000 | Size = 210520 bytes | Modified Date = 1/2/2007 8:40:10 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 53248 bytes | Modified Date = 9/20/2002 2:20:02 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk -> %ProgramFiles%\Quicken\QWDLLS.EXE -> Intuit [Ver = 001.000.000.000 | Size = 36864 bytes | Modified Date = 9/20/2002 2:20:06 PM | Attr = ]
C:^Documents and Settings^Irfan^Start Menu^Programs^Startup^LimeWire On Startup.lnk -> D:\Program Files\LimeWire\LimeWire.exe -> [Ver = | Size = 159744 bytes | Modified Date = 8/16/2006 2:16:26 PM | Attr = ]
C:^Documents and Settings^Irfan^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk -> %ProgramFiles%\OpenOffice.org 2.1\program\quickstart.exe -> [Ver = | Size = 393216 bytes | Modified Date = 11/27/2006 4:45:48 PM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.25 2.1.25 02/14/2003 11:58:58 | Size = 88107 bytes | Modified Date = 2/14/2003 2:59:00 PM | Attr = ]
AIM -> D:\Program Files\AIM\aim.exe -cnetwait.odl -> File not found
ares -> %ProgramFiles%\Ares\Ares.exe -> File not found
ares lite -> %ProgramFiles%\ARES\Ares.exe -> File not found
ATIModeChange -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 4.13.3 | Size = 28672 bytes | Modified Date = 9/4/2001 4:24:00 PM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.4029 | Size = 315392 bytes | Modified Date = 2/28/2003 11:00:00 PM | Attr = ]
avp -> %SystemRoot%\o6b9y4jj.exe -> MskSoftStudy Corp. [Ver = 1, 0, 0, 1 | Size = 20992 bytes | Modified Date = 10/23/2007 6:15:18 AM | Attr = ]
f03468ad -> %System32%\whavltpu.dll -> [Ver = | Size = 84544 bytes | Modified Date = 10/23/2007 6:08:04 PM | Attr = ]
HP Software Update -> %ProgramFiles%\Hewlett-Packard\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 82.0.173.000 | Size = 49152 bytes | Modified Date = 12/10/2006 8:52:38 PM | Attr = ]
LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 196608 bytes | Modified Date = 1/18/2005 5:07:54 PM | Attr = ]
LogitechVideoRepair -> %ProgramFiles%\Logitech\Video\ISStart.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 458752 bytes | Modified Date = 1/18/2005 5:47:30 PM | Attr = ]
LogitechVideoTray -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 217088 bytes | Modified Date = 1/18/2005 5:37:30 PM | Attr = ]
LVCOMSX -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.1.1092 | Size = 221184 bytes | Modified Date = 10/8/2004 11:52:32 AM | Attr = ]
MCAgentExe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee.com Corporation [Ver = 4, 0, 0, 26 | Size = 192512 bytes | Modified Date = 9/6/2002 6:15:48 PM | Attr = ]
MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe -> McAfee.com Corporation [Ver = 4, 0, 0, 27 | Size = 151552 bytes | Modified Date = 9/4/2002 10:28:56 AM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.01.4303 | Size = 4595712 bytes | Modified Date = 3/3/2003 9:44:00 PM | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.01.4303 | Size = 323584 bytes | Modified Date = 3/3/2003 9:44:00 PM | Attr = ]
QuickTime Task -> D:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 3:57:48 PM | Attr = ]
runner1 -> %SystemRoot%\tsitra1000106.exe -> File not found
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.0.0.198 | Size = 25365032 bytes | Modified Date = 12/18/2006 5:32:52 PM | Attr = ]
smgr -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Modified Date = 10/30/2007 3:10:52 PM | Attr = ]
snpstd3 -> %SystemRoot%\vsnpstd3.exe -> File not found
Steam -> D:\Program Files\Valve\Steam\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1259000 bytes | Modified Date = 6/12/2007 1:22:12 PM | Attr = ]
StorageGuard -> %ProgramFiles%\VERITAS Software\Update Manager\sgtray.exe -> VERITAS Software, Inc. [Ver = 1.01.02a | Size = 155648 bytes | Modified Date = 6/17/2002 11:01:00 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 36975 bytes | Modified Date = 4/13/2005 2:48:52 AM | Attr = ]
VAIO Recovery -> %SystemRoot%\SONYSYS\VAIO Recovery\PartSeal.exe -> Sony Electronics Inc [Ver = 1.0.2 | Size = 28672 bytes | Modified Date = 4/20/2003 12:08:44 AM | Attr = ]
ViewMgr -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> File not found
VirusScan Online -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe -> Mcafee.com Corporation [Ver = 4, 4, 0, 10 | Size = 139264 bytes | Modified Date = 10/4/2002 3:09:40 PM | Attr = ]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 35328 bytes | Modified Date = 6/21/2006 12:14:50 PM | Attr = ]
winshow -> %SystemRoot%\winshow.exe -> File not found
xxy_Shell -> %SystemDrive%\Documents and Settings\Irfan\xxy_cuso.exe -> File not found
Yahoo! Pager -> D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 9:49:04 PM | Attr = ]
ZTgServerSwitch -> %ProgramFiles%\support.com\client\lserver\Server.vbs -> [Ver = | Size = 11406 bytes | Modified Date = 7/14/2002 2:50:14 PM | Attr = ]


[Files/Folders - Created Within 30 days]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 10/24/2007 1:59:49 PM | Attr = ]
Casino.ico -> %SystemRoot%\Casino.ico -> [Ver = | Size = 2238 bytes | Created Date = 10/30/2007 4:45:03 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Created Date = 10/24/2007 1:58:35 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 10/30/2007 3:06:34 PM | Attr = ]
Free Online Dating.ico -> %SystemRoot%\Free Online Dating.ico -> [Ver = | Size = 1150 bytes | Created Date = 10/30/2007 4:45:03 PM | Attr = ]
mgrs.exe -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Created Date = 10/30/2007 3:10:51 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 10/24/2007 1:58:35 PM | Attr = ]
o6b9y4jj.exe -> %SystemRoot%\o6b9y4jj.exe -> MskSoftStudy Corp. [Ver = 1, 0, 0, 1 | Size = 20992 bytes | Created Date = 10/23/2007 6:15:16 AM | Attr = ]
Spyware Remover.ico -> %SystemRoot%\Spyware Remover.ico -> [Ver = | Size = 4846 bytes | Created Date = 10/30/2007 4:45:03 PM | Attr = ]
SXJmYW4 -> %SystemRoot%\SXJmYW4 -> [Folder | Created Date = 10/22/2007 1:08:57 PM | Attr = HS]
y3jfr9hz.exe -> %SystemRoot%\y3jfr9hz.exe -> MskSoftStudy Corp. [Ver = 1, 0, 0, 1 | Size = 20992 bytes | Created Date = 10/24/2007 1:28:07 PM | Attr = ]
yprrpjct.exe -> %SystemRoot%\yprrpjct.exe -> MskSoftStudy Corp. [Ver = 1, 0, 0, 1 | Size = 20992 bytes | Created Date = 10/24/2007 1:12:43 PM | Attr = ]
bit2 -> %System32%\bit2 -> [Folder | Created Date = 10/22/2007 1:08:49 PM | Attr = ]
bkinwykm.dll -> %System32%\bkinwykm.dll -> [Ver = 3, 17, 0, 0 | Size = 421888 bytes | Created Date = 10/22/2007 1:09:01 PM | Attr = ]
caches2 -> %System32%\caches2 -> [Folder | Created Date = 10/22/2007 1:08:49 PM | Attr = ]
ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Created Date = 10/22/2007 1:51:17 PM | Attr = ]
cwpumpnk.ini -> %System32%\cwpumpnk.ini -> [Ver = | Size = 693478 bytes | Created Date = 10/23/2007 8:50:26 PM | Attr = HS]
fixtmp -> %System32%\fixtmp -> [Folder | Created Date = 10/22/2007 1:08:49 PM | Attr = ]
fqlimgyg.exe -> %System32%\fqlimgyg.exe -> [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Created Date = 10/30/2007 3:02:40 PM | Attr = ]
IKatzuUninstall.exe -> %System32%\IKatzuUninstall.exe -> [Ver = | Size = 44922 bytes | Created Date = 10/22/2007 1:09:05 PM | Attr = ]
katzpoyoq.exe -> %System32%\katzpoyoq.exe -> Upads.Biz [Ver = 1, 5, 0, 0 | Size = 45056 bytes | Created Date = 10/22/2007 1:09:03 PM | Attr = ]
katzppd.exe -> %System32%\katzppd.exe -> Upads.Biz [Ver = 1, 5, 0, 0 | Size = 45056 bytes | Created Date = 10/22/2007 1:09:03 PM | Attr = ]
knpmupwc.dll -> %System32%\knpmupwc.dll -> [Ver = | Size = 84544 bytes | Created Date = 10/23/2007 5:53:11 PM | Attr = ]
MobileSidewalk.ico -> %System32%\MobileSidewalk.ico -> [Ver = | Size = 4286 bytes | Created Date = 10/24/2007 10:19:18 AM | Attr = ]
ozde -> %System32%\ozde -> [Folder | Created Date = 10/22/2007 1:08:49 PM | Attr = ]
sjswunxj.ini -> %System32%\sjswunxj.ini -> [Ver = | Size = 693586 bytes | Created Date = 10/23/2007 5:57:00 AM | Attr = HS]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 139776 bytes | Created Date = 10/24/2007 1:58:35 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 10/24/2007 1:58:35 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 10/24/2007 1:58:35 PM | Attr = ]
temp2 -> %System32%\temp2 -> [Folder | Created Date = 10/22/2007 1:08:49 PM | Attr = ]
uptlvahw.ini -> %System32%\uptlvahw.ini -> [Ver = | Size = 693481 bytes | Created Date = 10/23/2007 6:08:04 PM | Attr = HS]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 10/24/2007 1:58:35 PM | Attr = ]
vtiavfdd.dll -> %System32%\vtiavfdd.dll -> [Ver = | Size = 340032 bytes | Created Date = 10/23/2007 5:47:46 AM | Attr = ]
whavltpu.dll -> %System32%\whavltpu.dll -> [Ver = | Size = 84544 bytes | Created Date = 10/23/2007 6:08:02 PM | Attr = ]
xirdrvr -> %System32%\xirdrvr -> [Folder | Created Date = 10/22/2007 1:08:49 PM | Attr = ]
ygprlxgi.dll -> %System32%\ygprlxgi.dll -> [Ver = | Size = 340032 bytes | Created Date = 10/23/2007 5:48:13 AM | Attr = ]
ygprlxgi.dllbox -> %System32%\ygprlxgi.dllbox -> [Ver = | Size = 20244 bytes | Created Date = 10/23/2007 5:48:13 AM | Attr = HS]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 194 bytes | Modified Date = 10/23/2007 9:22:16 PM | Attr = HS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 10/24/2007 10:07:30 AM | Attr = H ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 10/30/2007 4:45:02 PM | Attr = R ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 10/30/2007 3:11:00 PM | Attr = ]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 10/30/2007 3:04:30 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 10/30/2007 4:45:04 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 10/30/2007 3:08:24 PM | Attr = S]
Casino.ico -> %SystemRoot%\Casino.ico -> [Ver = | Size = 2238 bytes | Modified Date = 10/30/2007 4:50:30 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Modified Date = 10/20/2007 5:03:32 AM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 10/30/2007 3:06:36 PM | Attr = ]
Free Online Dating.ico -> %SystemRoot%\Free Online Dating.ico -> [Ver = | Size = 1150 bytes | Modified Date = 10/30/2007 4:50:30 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 10/8/2007 9:56:50 PM | Attr = ]
HOSTK100.DAT -> %SystemRoot%\HOSTK100.DAT -> [Ver = | Size = 114 bytes | Modified Date = 10/30/2007 3:01:24 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 10/22/2007 10:35:18 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 10/24/2007 10:07:32 AM | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 10/22/2007 10:35:20 PM | Attr = ]
mgrs.exe -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Modified Date = 10/30/2007 3:10:52 PM | Attr = ]
o6b9y4jj.exe -> %SystemRoot%\o6b9y4jj.exe -> MskSoftStudy Corp. [Ver = 1, 0, 0, 1 | Size = 20992 bytes | Modified Date = 10/23/2007 6:15:18 AM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 10/24/2007 1:58:46 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 10/24/2007 10:42:56 AM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 10/22/2007 1:05:06 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 10/23/2007 5:44:46 AM | Attr = ]
Spyware Remover.ico -> %SystemRoot%\Spyware Remover.ico -> [Ver = | Size = 4846 bytes | Modified Date = 10/30/2007 4:50:30 PM | Attr = ]
SXJmYW4 -> %SystemRoot%\SXJmYW4 -> [Folder | Modified Date = 10/30/2007 3:04:16 PM | Attr = HS]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 10/23/2007 9:22:16 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 10/30/2007 3:12:36 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 10/30/2007 3:09:44 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 10/30/2007 3:12:36 PM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 10/22/2007 10:35:22 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 687 bytes | Modified Date = 10/23/2007 9:22:16 PM | Attr = ]
y3jfr9hz.exe -> %SystemRoot%\y3jfr9hz.exe -> MskSoftStudy Corp. [Ver = 1, 0, 0, 1 | Size = 20992 bytes | Modified Date = 10/24/2007 1:28:08 PM | Attr = ]
yprrpjct.exe -> %SystemRoot%\yprrpjct.exe -> MskSoftStudy Corp. [Ver = 1, 0, 0, 1 | Size = 20992 bytes | Modified Date = 10/24/2007 1:12:44 PM | Attr = ]
McAfee.com Update Check (I-General).job -> %SystemRoot%\tasks\McAfee.com Update Check (I-General).job -> [Ver = | Size = 496 bytes | Modified Date = 10/30/2007 3:06:28 PM | Attr = ]
McAfee.com Update Check (I-Irfan).job -> %SystemRoot%\tasks\McAfee.com Update Check (I-Irfan).job -> [Ver = | Size = 492 bytes | Modified Date = 10/30/2007 3:09:44 PM | Attr = ]
McAfee.com Update Check (VALUED-ECECF7F4-General).job -> %SystemRoot%\tasks\McAfee.com Update Check (VALUED-ECECF7F4-General).job -> [Ver = | Size = 496 bytes | Modified Date = 10/30/2007 4:49:02 PM | Attr = ]
McAfee.com Update Check (VALUED-ECECF7F4-Irfan).job -> %SystemRoot%\tasks\McAfee.com Update Check (VALUED-ECECF7F4-Irfan).job -> [Ver = | Size = 492 bytes | Modified Date = 10/30/2007 4:48:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/30/2007 3:08:26 PM | Attr = H ]
bit2 -> %System32%\bit2 -> [Folder | Modified Date = 10/22/2007 1:08:50 PM | Attr = ]
bkinwykm.dll -> %System32%\bkinwykm.dll -> [Ver = 3, 17, 0, 0 | Size = 421888 bytes | Modified Date = 10/22/2007 1:09:02 PM | Attr = ]
caches2 -> %System32%\caches2 -> [Folder | Modified Date = 10/22/2007 1:08:50 PM | Attr = ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 10/30/2007 4:50:38 PM | Attr = ]
ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico -> [Ver = | Size = 2238 bytes | Modified Date = 10/22/2007 1:51:18 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 10/30/2007 3:06:54 PM | Attr = ]
cwpumpnk.ini -> %System32%\cwpumpnk.ini -> [Ver = | Size = 693478 bytes | Modified Date = 10/23/2007 8:56:52 PM | Attr = HS]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/22/2007 10:35:26 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 10/30/2007 3:09:30 PM | Attr = ]
fixtmp -> %System32%\fixtmp -> [Folder | Modified Date = 10/22/2007 7:36:22 PM | Attr = ]
fqlimgyg.exe -> %System32%\fqlimgyg.exe -> [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/30/2007 3:02:42 PM | Attr = ]
IKatzuUninstall.exe -> %System32%\IKatzuUninstall.exe -> [Ver = | Size = 44922 bytes | Modified Date = 10/22/2007 1:09:06 PM | Attr = ]
katzpoyoq.exe -> %System32%\katzpoyoq.exe -> Upads.Biz [Ver = 1, 5, 0, 0 | Size = 45056 bytes | Modified Date = 10/22/2007 1:09:04 PM | Attr = ]
katzppd.exe -> %System32%\katzppd.exe -> Upads.Biz [Ver = 1, 5, 0, 0 | Size = 45056 bytes | Modified Date = 10/22/2007 1:09:04 PM | Attr = ]
knpmupwc.dll -> %System32%\knpmupwc.dll -> [Ver = | Size = 84544 bytes | Modified Date = 10/23/2007 5:53:14 PM | Attr = ]
MobileSidewalk.ico -> %System32%\MobileSidewalk.ico -> [Ver = | Size = 4286 bytes | Modified Date = 10/24/2007 10:19:20 AM | Attr = ]
ozde -> %System32%\ozde -> [Folder | Modified Date = 10/22/2007 1:08:50 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 39992 bytes | Modified Date = 10/30/2007 3:12:36 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 311604 bytes | Modified Date = 10/30/2007 3:12:36 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356126 bytes | Modified Date = 10/30/2007 3:12:36 PM | Attr = ]
sjswunxj.ini -> %System32%\sjswunxj.ini -> [Ver = | Size = 693586 bytes | Modified Date = 10/23/2007 6:06:04 PM | Attr = HS]
temp2 -> %System32%\temp2 -> [Folder | Modified Date = 10/22/2007 1:08:50 PM | Attr = ]
uptlvahw.ini -> %System32%\uptlvahw.ini -> [Ver = | Size = 693481 bytes | Modified Date = 10/30/2007 3:01:38 PM | Attr = HS]
vtiavfdd.dll -> %System32%\vtiavfdd.dll -> [Ver = | Size = 340032 bytes | Modified Date = 10/23/2007 5:47:54 AM | Attr = ]
whavltpu.dll -> %System32%\whavltpu.dll -> [Ver = | Size = 84544 bytes | Modified Date = 10/23/2007 6:08:04 PM | Attr = ]
xirdrvr -> %System32%\xirdrvr -> [Folder | Modified Date = 10/22/2007 1:08:50 PM | Attr = ]
ygprlxgi.dll -> %System32%\ygprlxgi.dll -> [Ver = | Size = 340032 bytes | Modified Date = 10/23/2007 5:48:14 AM | Attr = ]
ygprlxgi.dllbox -> %System32%\ygprlxgi.dllbox -> [Ver = | Size = 20244 bytes | Modified Date = 10/30/2007 4:52:00 PM | Attr = HS]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 10/30/2007 3:09:30 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , PECompact2 , -> %SystemRoot%\mgrs.exe -> [Ver = | Size = 11776 bytes | Modified Date = 10/30/2007 3:10:52 PM | Attr = ]
PEC2 , PECompact2 , -> %SystemRoot%\o6b9y4jj.exe -> MskSoftStudy Corp. [Ver = 1, 0, 0, 1 | Size = 20992 bytes | Modified Date = 10/23/2007 6:15:18 AM | Attr = ]
PEC2 , PECompact2 , -> %SystemRoot%\y3jfr9hz.exe -> MskSoftStudy Corp. [Ver = 1, 0, 0, 1 | Size = 20992 bytes | Modified Date = 10/24/2007 1:28:08 PM | Attr = ]
PEC2 , PECompact2 , -> %SystemRoot%\yprrpjct.exe -> MskSoftStudy Corp. [Ver = 1, 0, 0, 1 | Size = 20992 bytes | Modified Date = 10/24/2007 1:12:44 PM | Attr = ]
UPX! , UPX0 , -> %System32%\AVEQ.dll -> [Ver = | Size = 28672 bytes | Modified Date = 9/26/2006 1:57:40 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Modified Date = 7/3/2006 4:40:50 PM | Attr = ]
PEC2 , PECompact2 , -> %System32%\fqlimgyg.exe -> [Ver = 1, 0, 0, 1 | Size = 75328 bytes | Modified Date = 10/30/2007 3:02:42 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 139776 bytes | Modified Date = 4/2/2007 1:21:28 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 7:00:00 AM | Attr = ]

< End of report >
0

#6 User is offline   Rorschach112 

  • Ralphie
  • Group: Geek U Moderator
  • Posts: 47,301
  • Joined: 23-March 07
  • Location:Dublin
  • Operating System:XP

Posted 24 October 2007 - 03:49 PM

Hello

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum




Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Quote

[Kill Explorer]
[Processes - Non-Microsoft Only]
YY -> lookwin.exe -> %LocalSettings%\Temp\lookwin.exe
YY -> mgrs.exe -> %SystemRoot%\mgrs.exe
YY -> svhost.exe -> %LocalSettings%\Temp\svhost.exe
YY -> svserver.exe -> %LocalSettings%\Temp\svserver.exe
YY -> svwin.exe -> %LocalSettings%\Temp\svwin.exe
YY -> synsv.exe -> %LocalSettings%\Temp\synsv.exe
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> ArtChk -> %System32%\artchker.exe
YY -> avp -> %SystemRoot%\y3jfr9hz.exe
YY -> smgr -> %SystemRoot%\mgrs.exe
< RunOnce [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
YY -> -265000958 -> %LocalSettings%\Temp\f08c9c7e.exe
< SSODL [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
YY -> {F0346803-5A9E-C2A9-408F-5876C1B036D3} [HKLM] -> %System32%\wccb.dll [OPZRnCURJiexZTOIZ]
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YY -> ygprlxgi -> %System32%\ygprlxgi.dll
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YY -> {A95B2816-1D7E-4561-A202-68C0DE02353A} [HKLM] -> %System32%\ygprlxgi.dll [Reg Data - Value does not exist]
YY -> {EA5159DF-E413-4878-8AE2-D921D41BB942} [HKLM] -> %System32%\bkinwykm.dll [IKatzu Class]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> {11A69AE4-FBED-4832-A2BF-45AF82825583} [HKLM] -> %System32%\ygprlxgi.dll [Security Toolbar]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YY -> WebBrowser\\{11A69AE4-FBED-4832-A2BF-45AF82825583} [HKLM] -> %System32%\ygprlxgi.dll [Security Toolbar]
[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
YY -> avp -> %SystemRoot%\o6b9y4jj.exe
YY -> f03468ad -> %System32%\whavltpu.dll
YN -> runner1 -> %SystemRoot%\tsitra1000106.exe
YY -> smgr -> %SystemRoot%\mgrs.exe
YN -> snpstd3 -> %SystemRoot%\vsnpstd3.exe
YN -> winshow -> %SystemRoot%\winshow.exe
YN -> xxy_Shell -> %SystemDrive%\Documents and Settings\Irfan\xxy_cuso.exe
[Files/Folders - Created Within 30 days]
NY -> Casino.ico -> %SystemRoot%\Casino.ico
NY -> Free Online Dating.ico -> %SystemRoot%\Free Online Dating.ico
NY -> mgrs.exe -> %SystemRoot%\mgrs.exe
NY -> o6b9y4jj.exe -> %SystemRoot%\o6b9y4jj.exe
NY -> Spyware Remover.ico -> %SystemRoot%\Spyware Remover.ico
NY -> SXJmYW4 -> %SystemRoot%\SXJmYW4
NY -> y3jfr9hz.exe -> %SystemRoot%\y3jfr9hz.exe
NY -> yprrpjct.exe -> %SystemRoot%\yprrpjct.exe
NY -> bit2 -> %System32%\bit2
NY -> bkinwykm.dll -> %System32%\bkinwykm.dll
NY -> caches2 -> %System32%\caches2
NY -> ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico
NY -> cwpumpnk.ini -> %System32%\cwpumpnk.ini
NY -> fixtmp -> %System32%\fixtmp
NY -> fqlimgyg.exe -> %System32%\fqlimgyg.exe
NY -> IKatzuUninstall.exe -> %System32%\IKatzuUninstall.exe
NY -> katzpoyoq.exe -> %System32%\katzpoyoq.exe
NY -> katzppd.exe -> %System32%\katzppd.exe
NY -> knpmupwc.dll -> %System32%\knpmupwc.dll
NY -> ozde -> %System32%\ozde
NY -> sjswunxj.ini -> %System32%\sjswunxj.ini
NY -> temp2 -> %System32%\temp2
NY -> uptlvahw.ini -> %System32%\uptlvahw.ini
NY -> vtiavfdd.dll -> %System32%\vtiavfdd.dll
NY -> whavltpu.dll -> %System32%\whavltpu.dll
NY -> xirdrvr -> %System32%\xirdrvr
NY -> ygprlxgi.dll -> %System32%\ygprlxgi.dll
NY -> ygprlxgi.dllbox -> %System32%\ygprlxgi.dllbox
[Files/Folders - Modified Within 30 days]
NY -> Casino.ico -> %SystemRoot%\Casino.ico
NY -> Free Online Dating.ico -> %SystemRoot%\Free Online Dating.ico
NY -> mgrs.exe -> %SystemRoot%\mgrs.exe
NY -> o6b9y4jj.exe -> %SystemRoot%\o6b9y4jj.exe
NY -> y3jfr9hz.exe -> %SystemRoot%\y3jfr9hz.exe
NY -> yprrpjct.exe -> %SystemRoot%\yprrpjct.exe
NY -> bit2 -> %System32%\bit2
NY -> bkinwykm.dll -> %System32%\bkinwykm.dll
NY -> caches2 -> %System32%\caches2
NY -> ClickToFindandFixErrors_US.ico -> %System32%\ClickToFindandFixErrors_US.ico
NY -> cwpumpnk.ini -> %System32%\cwpumpnk.ini
NY -> fqlimgyg.exe -> %System32%\fqlimgyg.exe
NY -> IKatzuUninstall.exe -> %System32%\IKatzuUninstall.exe
NY -> katzpoyoq.exe -> %System32%\katzpoyoq.exe
NY -> katzppd.exe -> %System32%\katzppd.exe
NY -> knpmupwc.dll -> %System32%\knpmupwc.dll
NY -> ozde -> %System32%\ozde
NY -> sjswunxj.ini -> %System32%\sjswunxj.ini
NY -> uptlvahw.ini -> %System32%\uptlvahw.ini
NY -> vtiavfdd.dll -> %System32%\vtiavfdd.dll
NY -> whavltpu.dll -> %System32%\whavltpu.dll
NY -> xirdrvr -> %System32%\xirdrvr
NY -> ygprlxgi.dll -> %System32%\ygprlxgi.dll
NY -> ygprlxgi.dllbox -> %System32%\ygprlxgi.dllbox
[File String Scan - Non-Microsoft Only]
NY -> PEC2 , PECompact2 , -> %SystemRoot%\mgrs.exe
NY -> PEC2 , PECompact2 , -> %SystemRoot%\o6b9y4jj.exe
NY -> PEC2 , PECompact2 , -> %SystemRoot%\y3jfr9hz.exe
NY -> PEC2 , PECompact2 , -> %SystemRoot%\yprrpjct.exe
NY -> PEC2 , PECompact2 , -> %System32%\fqlimgyg.exe
[Empty Temp Folders]
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.




Then post a new HijackThis log and tell me how your PC is running now.
0

#7 User is offline   IrfanM 

  • Member
  • PipPip
  • Group: Member
  • Posts: 11
  • Joined: 01-August 07
  • Operating System:Windows XP

Posted 24 October 2007 - 08:54 PM

SDFix: Version 1.111

Run by Irfan on Wed 10/24/2007 at 10:47 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Irfan\Desktop\SDFix

Safe Mode:
Checking Services:

Name:
xpdx

ImagePath:
\??\C:\WINDOWS\System32\xpdx.sys

xpdx - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\mgrs.exe - Deleted
C:\WINDOWS\system32\xpdx.sys - Deleted



Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\Irfan\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes:

Wed 24 Oct 2007 20,244 ..SH. --- "C:\WINDOWS\system32\ygprlxgi.dllbox"
Mon 30 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 28 Apr 2007 95 A..H. --- "C:\Program Files\InterActual\InterActual Player\itiF4.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\ico86.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\ico87.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\ico88.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\ico89.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\Administrator\Local Settings\Temp\ico8A.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\General\Local Settings\temp\ico1.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\General\Local Settings\temp\ico2.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\General\Local Settings\temp\ico3.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\General\Local Settings\temp\ico4.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\General\Local Settings\temp\ico5.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\General\Local Settings\temp\ico6.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\General\Local Settings\temp\ico7.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\General\Local Settings\temp\ico8.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\General\Local Settings\temp\ico9.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\General\Local Settings\temp\icoA.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\Irfan\Local Settings\Temp\ico1.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\Irfan\Local Settings\Temp\ico2.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\Irfan\Local Settings\Temp\ico3.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\Irfan\Local Settings\Temp\ico4.tmp"
Wed 24 Oct 2007 4,286 A..H. --- "C:\Documents and Settings\Irfan\Local Settings\Temp\ico5.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\General\Application Data\U3\temp\Launchpad Removal.exe"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\Irfan\Application Data\U3\temp\Launchpad Removal.exe"
Fri 17 Nov 2006 4,606,376 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\e71bf1e24fe2c6e94f08da7e8353e0de\BIT690.tmp"

Finished!
0

#8 User is offline   IrfanM 

  • Member
  • PipPip
  • Group: Member
  • Posts: 11
  • Joined: 01-August 07
  • Operating System:Windows XP

Posted 24 October 2007 - 09:02 PM

My computer so far seems to be running great now ! Your help so far has been greatly appreciated!



Explorer killed successfully
[Processes - Non-Microsoft Only]
Unable to kill process lookwin.exe .
File C:\Documents and Settings\Irfan\Local Settings\Temp\lookwin.exe not found.
Process mgrs.exe killed successfully.
C:\WINDOWS\mgrs.exe moved successfully.
Unable to kill process svhost.exe .
File C:\Documents and Settings\Irfan\Local Settings\Temp\svhost.exe not found.
Unable to kill process svserver.exe .
File C:\Documents and Settings\Irfan\Local Settings\Temp\svserver.exe not found.
Unable to kill process svwin.exe .
File C:\Documents and Settings\Irfan\Local Settings\Temp\svwin.exe not found.
Unable to kill process synsv.exe .
File C:\Documents and Settings\Irfan\Local Settings\Temp\synsv.exe not found.
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ArtChk deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\avp deleted successfully.
C:\WINDOWS\y3jfr9hz.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\smgr deleted successfully.
File C:\WINDOWS\mgrs.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\\-265000958 not found.
File C:\Documents and Settings\Irfan\Local Settings\Temp\f08c9c7e.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\OPZRnCURJiexZTOIZ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0346803-5A9E-C2A9-408F-5876C1B036D3} deleted successfully.
C:\WINDOWS\SYSTEM32\wccb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ygprlxgi deleted successfully.
File move failed. C:\WINDOWS\SYSTEM32\ygprlxgi.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A95B2816-1D7E-4561-A202-68C0DE02353A} deleted successfully.
File move failed. C:\WINDOWS\SYSTEM32\ygprlxgi.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA5159DF-E413-4878-8AE2-D921D41BB942} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA5159DF-E413-4878-8AE2-D921D41BB942} deleted successfully.
C:\WINDOWS\SYSTEM32\bkinwykm.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar\\{11A69AE4-FBED-4832-A2BF-45AF82825583} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583} deleted successfully.
File move failed. C:\WINDOWS\SYSTEM32\ygprlxgi.dll scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{11A69AE4-FBED-4832-A2BF-45AF82825583} deleted successfully.
File move failed. C:\WINDOWS\SYSTEM32\ygprlxgi.dll scheduled to be moved on reboot.
[Registry - Additional Scans - Non-Microsoft Only]
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\avp deleted successfully.
File not found.
C:\WINDOWS\o6b9y4jj.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\f03468ad deleted successfully.
File not found.
C:\WINDOWS\SYSTEM32\whavltpu.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\runner1 deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\smgr deleted successfully.
File not found.
File C:\WINDOWS\mgrs.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\snpstd3 deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winshow deleted successfully.
File not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\xxy_Shell deleted successfully.
File not found.
[Files/Folders - Created Within 30 days]
C:\WINDOWS\Casino.ico moved successfully.
C:\WINDOWS\Free Online Dating.ico moved successfully.
File C:\WINDOWS\mgrs.exe not found!
File C:\WINDOWS\o6b9y4jj.exe not found!
C:\WINDOWS\Spyware Remover.ico moved successfully.
C:\WINDOWS\SXJmYW4 moved successfully.
File C:\WINDOWS\y3jfr9hz.exe not found!
C:\WINDOWS\yprrpjct.exe moved successfully.
C:\WINDOWS\SYSTEM32\bit2 moved successfully.
File C:\WINDOWS\SYSTEM32\bkinwykm.dll not found!
C:\WINDOWS\SYSTEM32\caches2 moved successfully.
C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_US.ico moved successfully.
C:\WINDOWS\SYSTEM32\cwpumpnk.ini moved successfully.
C:\WINDOWS\SYSTEM32\fixtmp moved successfully.
C:\WINDOWS\SYSTEM32\fqlimgyg.exe moved successfully.
C:\WINDOWS\SYSTEM32\IKatzuUninstall.exe moved successfully.
C:\WINDOWS\SYSTEM32\katzpoyoq.exe moved successfully.
C:\WINDOWS\SYSTEM32\katzppd.exe moved successfully.
C:\WINDOWS\SYSTEM32\knpmupwc.dll moved successfully.
C:\WINDOWS\SYSTEM32\ozde moved successfully.
C:\WINDOWS\SYSTEM32\sjswunxj.ini moved successfully.
C:\WINDOWS\SYSTEM32\temp2 moved successfully.
C:\WINDOWS\SYSTEM32\uptlvahw.ini moved successfully.
C:\WINDOWS\SYSTEM32\vtiavfdd.dll moved successfully.
File C:\WINDOWS\SYSTEM32\whavltpu.dll not found!
C:\WINDOWS\SYSTEM32\xirdrvr moved successfully.
File move failed. C:\WINDOWS\SYSTEM32\ygprlxgi.dll scheduled to be moved on reboot.
C:\WINDOWS\SYSTEM32\ygprlxgi.dllbox moved successfully.
[Files/Folders - Modified Within 30 days]
File C:\WINDOWS\Casino.ico not found!
File C:\WINDOWS\Free Online Dating.ico not found!
File C:\WINDOWS\mgrs.exe not found!
File C:\WINDOWS\o6b9y4jj.exe not found!
File C:\WINDOWS\y3jfr9hz.exe not found!
File C:\WINDOWS\yprrpjct.exe not found!
File C:\WINDOWS\SYSTEM32\bit2 not found!
File C:\WINDOWS\SYSTEM32\bkinwykm.dll not found!
File C:\WINDOWS\SYSTEM32\caches2 not found!
File C:\WINDOWS\SYSTEM32\ClickToFindandFixErrors_US.ico not found!
File C:\WINDOWS\SYSTEM32\cwpumpnk.ini not found!
File C:\WINDOWS\SYSTEM32\fqlimgyg.exe not found!
File C:\WINDOWS\SYSTEM32\IKatzuUninstall.exe not found!
File C:\WINDOWS\SYSTEM32\katzpoyoq.exe not found!
File C:\WINDOWS\SYSTEM32\katzppd.exe not found!
File C:\WINDOWS\SYSTEM32\knpmupwc.dll not found!
File C:\WINDOWS\SYSTEM32\ozde not found!
File C:\WINDOWS\SYSTEM32\sjswunxj.ini not found!
File C:\WINDOWS\SYSTEM32\uptlvahw.ini not found!
File C:\WINDOWS\SYSTEM32\vtiavfdd.dll not found!
File C:\WINDOWS\SYSTEM32\whavltpu.dll not found!
File C:\WINDOWS\SYSTEM32\xirdrvr not found!
File move failed. C:\WINDOWS\SYSTEM32\ygprlxgi.dll scheduled to be moved on reboot.
File C:\WINDOWS\SYSTEM32\ygprlxgi.dllbox not found!
[File String Scan - Non-Microsoft Only]
File C:\WINDOWS\mgrs.exe not found!
File C:\WINDOWS\o6b9y4jj.exe not found!
File C:\WINDOWS\y3jfr9hz.exe not found!
File C:\WINDOWS\yprrpjct.exe not found!
File C:\WINDOWS\SYSTEM32\fqlimgyg.exe not found!
[Empty Temp Folders]
C:\DOCUME~1\Irfan\LOCALS~1\Temp\ -> emptied.
C:\Documents and Settings\Irfan\Local Settings\Temporary Internet Files\Content.IE5\ -> emptied
RecycleBin -> emptied.
Explorer started successfully
< End of log >
Created on 10/24/2007 22:55:06





-------------------------------------------------------


WinPFind3 logfile created on: 10/24/2007 10:58:03 PM
WinPFind3U by OldTimer - Version 1.0.42 Folder = C:\Documents and Settings\Irfan\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

503.36 Mb Total Physical Memory | 257.64 Mb Available Physical Memory | 51.18% Memory free
1.20 Gb Paging File | 1.02 Gb Available in Paging File | 84.92% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 5.94 Gb Free Space | 42.48% Space Free
Drive D: | 92.81 Gb Total Space | 38.19 Gb Free Space | 41.15% Space Free
Drive E: | 369.20 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free
F: Drive not present or media not loaded

Computer Name: I
Current User Name: Irfan
Logged in as Administrator.
Current Boot Mode: Normal


[Processes - Non-Microsoft Only]
aawservice.exe -> D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 6 | Size = 557056 bytes | Modified Date = 7/20/2007 3:21:34 PM | Attr = ]
dm.exe -> %ProgramFiles%\PermissionTV\bin\dm.exe -> PermissionTV [Ver = 3, 14, 0, 3 | Size = 213053 bytes | Modified Date = 9/7/2007 7:37:40 PM | Attr = ]
ezsp_px.exe -> %System32%\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 1:29:26 PM | Attr = ]
firefox.exe -> %ProgramFiles%\Mozilla Firefox\firefox.exe -> Mozilla Corporation [Ver = 1.8.1.8: 2007100816 | Size = 7648616 bytes | Modified Date = 10/19/2007 4:04:48 PM | Attr = ]
hkcmd.exe -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2082 | Size = 114688 bytes | Modified Date = 3/11/2003 2:11:56 PM | Attr = ]
mcshield.exe -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> [Ver = | Size = 225375 bytes | Modified Date = 9/8/2001 7:00:00 AM | Attr = ]
mcvsrte.exe -> %ProgramFiles%\McAfee.com\VSO\mcvsrte.exe -> Mcafee.com Corporation [Ver = 4, 4, 0, 10 | Size = 94208 bytes | Modified Date = 10/4/2002 4:09:20 PM | Attr = ]
photoappsrv.exe -> %ProgramFiles%\Sony\Photo Server\appsrv\PhotoAppSrv.exe -> Sony Corporation [Ver = 2, 5, 0,15250 | Size = 262144 bytes | Modified Date = 3/25/2003 8:39:02 PM | Attr = ]
qttask.exe -> D:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 4:57:48 PM | Attr = ]
sv_httpd.exe -> %CommonProgramFiles%\Sony Shared\VAIO Media Platform\sv_httpd.exe -> Sony Corporation [Ver = 2.5.00.14070 | Size = 57344 bytes | Modified Date = 2/10/2003 4:11:12 PM | Attr = ]
upnpframework.exe -> %CommonProgramFiles%\Sony Shared\VAIO Media Platform\UPnPFramework.exe -> Sony Corporation [Ver = 3.0.00.15190 | Size = 675840 bytes | Modified Date = 3/20/2003 12:02:38 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> OldTimer Tools [Ver = 1.0.42.0 | Size = 322560 bytes | Modified Date = 9/4/2007 11:47:26 AM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aawservice) Ad-Aware 2007 Service [Win32_Own | Auto | Running] -> D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -> Lavasoft AB [Ver = 7, 0, 1, 6 | Size = 557056 bytes | Modified Date = 7/20/2007 3:21:34 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ]
(gusvc) Google Updater Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> Google [Ver = 2.0.711.37800.beta | Size = 136120 bytes | Modified Date = 1/3/2007 9:40:22 PM | Attr = ]
(McShield) McAfee.com McShield [Win32_Own | On_Demand | Running] -> %ProgramFiles%\McAfee.com\VSO\McShield.exe -> [Ver = | Size = 225375 bytes | Modified Date = 9/8/2001 7:00:00 AM | Attr = ]
(MCVSRte) McAfee.com VirusScan Online Realtime Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\McAfee.com\VSO\mcvsrte.exe -> Mcafee.com Corporation [Ver = 4, 4, 0, 10 | Size = 94208 bytes | Modified Date = 10/4/2002 4:09:20 PM | Attr = ]
(NVSvc) NVIDIA Driver Helper Service [Win32_Own | Auto | Stopped] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.01.4303 | Size = 65536 bytes | Modified Date = 3/3/2003 10:44:00 PM | Attr = ]
(PermissionTVDownloadManager) PermissionTV Download Manager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\PermissionTV\bin\dm.exe -> PermissionTV [Ver = 3, 14, 0, 3 | Size = 213053 bytes | Modified Date = 9/7/2007 7:37:40 PM | Attr = ]
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | On_Demand | Stopped] -> %System32%\HPZipm12.exe -> HP [Ver = 6, 0, 0, 0 | Size = 65795 bytes | Modified Date = 3/9/2003 12:31:02 AM | Attr = R ]
(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Sony Shared\AVLib\SPTISRV.exe -> Sony Corporation [Ver = 3.2.00.12242 | Size = 65536 bytes | Modified Date = 12/24/2002 2:01:22 PM | Attr = ]
(VAIOMediaPlatform-MusicServer-AppServer) VAIO Media Music Server [Win32_Own | Auto | Stopped] -> %ProgramFiles%\Sony\VAIO Media Music Server\SSSvr.exe -> Sony Corporation [Ver = 2.5.00.15184 | Size = 536648 bytes | Modified Date = 3/18/2003 8:03:24 PM | Attr = ]
(VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP) [Win32_Shared | Auto | Stopped] -> %CommonProgramFiles%\Sony Shared\VAIO Media Platform\sv_httpd.exe -> Sony Corporation [Ver = 2.5.00.14070 | Size = 57344 bytes | Modified Date = 2/10/2003 4:11:12 PM | Attr = ]
(VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP) [Win32_Own | Auto | Stopped] -> %CommonProgramFiles%\Sony Shared\VAIO Media Platform\UPnPFramework.exe -> Sony Corporation [Ver = 3.0.00.15190 | Size = 675840 bytes | Modified Date = 3/20/2003 12:02:38 AM | Attr = ]
(VAIOMediaPlatform-PhotoServer-AppServer) VAIO Media Photo Server [Win32_Own | Auto | Running] -> %ProgramFiles%\Sony\Photo Server\appsrv\PhotoAppSrv.exe -> Sony Corporation [Ver = 2, 5, 0,15250 | Size = 262144 bytes | Modified Date = 3/25/2003 8:39:02 PM | Attr = ]
(VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP) [Win32_Shared | Auto | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Media Platform\sv_httpd.exe -> Sony Corporation [Ver = 2.5.00.14070 | Size = 57344 bytes | Modified Date = 2/10/2003 4:11:12 PM | Attr = ]
(VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP) [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Sony Shared\VAIO Media Platform\UPnPFramework.exe -> Sony Corporation [Ver = 3.0.00.15190 | Size = 675840 bytes | Modified Date = 3/20/2003 12:02:38 AM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
avp -> %SystemRoot%\y3jfr9hz.exe -> File not found
ezShieldProtector for Px -> %System32%\ezSP_Px.exe -> Easy Systems Japan Ltd. [Ver = 1, 0, 0, 0 | Size = 40960 bytes | Modified Date = 8/20/2002 1:29:26 PM | Attr = ]
HotKeysCmds -> %System32%\hkcmd.exe -> Intel Corporation [Ver = 3,0,0,2082 | Size = 114688 bytes | Modified Date = 3/11/2003 2:11:56 PM | Attr = ]
IgfxTray -> %System32%\igfxtray.exe -> Intel Corporation [Ver = 3,0,0,2082 | Size = 155648 bytes | Modified Date = 3/11/2003 2:24:08 PM | Attr = ]
MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe -> McAfee.com Corporation [Ver = 4, 0, 0, 27 | Size = 151552 bytes | Modified Date = 9/4/2002 11:28:56 AM | Attr = ]
QuickTime Task -> D:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 4:57:48 PM | Attr = ]
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
AIM -> D:\Program Files\AIM\aim.exe -cnetwait.odl -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders ->
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
igfxcui -> %System32%\igfxsrvc.dll -> Intel Corporation [Ver = 3,0,0,2082 | Size = 315392 bytes | Modified Date = 3/11/2003 2:11:06 PM | Attr = ]
ygprlxgi -> ygprlxgi.dll -> File not found
< CurrentVersion Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun -> 67108863 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 255 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\undockwithoutlogon -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall\ -> ->
< CurrentVersion Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
< HOSTS File > (686 bytes) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
127.0.0.1 localhost -> ->
< Internet Explorer Settings > -> ->
HKLM: Default_Page_URL -> http://www.sony.com/vaiopeople ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn...st/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn...st/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\System32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.google.com/ ->
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [AcroIEHlprObj Class] -> [Ver = 1, 0, 0, 1 | Size = 37808 bytes | Modified Date = 4/16/2001 7:39:02 PM | Attr = ]
{18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} [HKLM] -> %ProgramFiles%\Adsense Helper Object\aho.v5.dll [Adsense Helper Class] -> [Ver = 1, 0, 0, 1 | Size = 26112 bytes | Modified Date = 10/23/2007 6:11:56 PM | Attr = ]
{A95B2816-1D7E-4561-A202-68C0DE02353A} [HKLM] -> %System32%\ygprlxgi.dll [Reg Data - Value does not exist] -> File not found
{AE84A6AA-A333-4B92-B276-C11E2212E4FE} [HKLM] -> %ProgramFiles%\Hewlett-Packard\Smart Web Printing\SmartWebPrinting.dll [CPrintEnhancer Object] -> Hewlett-Packard Co. [Ver = 1.5.48 | Size = 599472 bytes | Modified Date = 12/15/2006 6:34:28 PM | Attr = ]
{F10587E9-0E47-4CBE-84AE-7DD20B8684BB} [HKLM] -> %ProgramFiles%\E404 Helper\e404.v1.dll [e404mgr Class] -> [Ver = 1, 0, 0, 1 | Size = 15872 bytes | Modified Date = 10/24/2007 11:07:38 AM | Attr = ]
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} [HKLM] -> Reg Data - Value does not exist [Reg Data - Value does not exist] -> File not found
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
{11A69AE4-FBED-4832-A2BF-45AF82825583} [HKLM] -> %System32%\ygprlxgi.dll [Security Toolbar] -> File not found
{8E718888-423F-11D2-876E-00A0C9082467} [HKLM] -> %System32%\msdxm.ocx [&Radio] -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ]
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> D:\Program Files\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 4:35:36 PM | Attr = ]
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} -> Reg Data - Value does not exist [ButtonText: MoneySide] -> File not found
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0C361B4F-D74D-4D52-B9CC-B026B340E4DB} -> () ->
{72BA4704-A0BF-4012-B936-AA1E83410B13} -> (Intel® PRO/100 VE Network Connection) ->
{7A084841-1B0C-464D-B5A8-529C2E0A4A26} -> (D-Link DFE-538TX 10/100 Adapter) ->
{8E1CDBDC-78D4-40C3-860B-B91B93242642} -> (D-Link DFE-538TX 10/100 Adapter) ->
{943AE45F-5226-4A54-A69B-B22990DC9CF9} -> () ->
{EF9E5E4F-3CCD-45CB-87A4-C7A441F151D8} -> (1394 Net Adapter) ->
{FAC3E950-8E00-4CEB-8532-DBEB9B0D2A29} -> () ->
< Default Protocols [HKLM] - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Default Protocols [HKCU] - Select to Repair > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults ->
shell -> shell protocol not assigned ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
skype4com -> %CommonProgramFiles%\Skype\Skype4COM.dll -> Skype Technologies [Ver = 1, 0, 26, 0 | Size = 1783384 bytes | Modified Date = 11/1/2006 4:21:20 PM | Attr = R ]
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 842268 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{1663ed61-23eb-11d2-b92f-008048fdd814} -> MeadCo ScriptX - CodeBase = http://reports.longa...ptX/ScriptX.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoft...free/asinst.cab ->
{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.4.0_03 - CodeBase = http://java.sun.com/products/plugin/autodl..._4_0_03-win.cab ->
{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_03 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
{E008A543-CEFB-4559-912F-C27C2B89F13B} -> Domino Web Access 7 Control - CodeBase = http://vram3.vcu.edu/dwa7W.cab ->
DirectAnimation Java Classes -> - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab ->
Microsoft XML Parser for Java -> - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab ->


[Registry - Additional Scans - Non-Microsoft Only]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\ ->
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk -> %ProgramFiles%\Quicken\billmind.exe -> Intuit [Ver = 008.000.000.000 | Size = 36864 bytes | Modified Date = 9/20/2002 3:19:46 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe -> Hewlett-Packard Co. [Ver = 82.0.188.000 | Size = 210520 bytes | Modified Date = 1/2/2007 9:40:10 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk -> %ProgramFiles%\Quicken\bagent.exe -> Intuit Inc. [Ver = 008.000.000.000 | Size = 53248 bytes | Modified Date = 9/20/2002 3:20:02 PM | Attr = ]
C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk -> %ProgramFiles%\Quicken\QWDLLS.EXE -> Intuit [Ver = 001.000.000.000 | Size = 36864 bytes | Modified Date = 9/20/2002 3:20:06 PM | Attr = ]
C:^Documents and Settings^Irfan^Start Menu^Programs^Startup^LimeWire On Startup.lnk -> D:\Program Files\LimeWire\LimeWire.exe -> [Ver = | Size = 159744 bytes | Modified Date = 8/16/2006 3:16:26 PM | Attr = ]
C:^Documents and Settings^Irfan^Start Menu^Programs^Startup^OpenOffice.org 2.1.lnk -> %ProgramFiles%\OpenOffice.org 2.1\program\quickstart.exe -> [Ver = | Size = 393216 bytes | Modified Date = 11/27/2006 5:45:48 PM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
AGRSMMSG -> %SystemRoot%\AGRSMMSG.exe -> Agere Systems [Ver = 2.1.25 2.1.25 02/14/2003 11:58:58 | Size = 88107 bytes | Modified Date = 2/14/2003 3:59:00 PM | Attr = ]
AIM -> D:\Program Files\AIM\aim.exe -cnetwait.odl -> File not found
ares -> %ProgramFiles%\Ares\Ares.exe -> File not found
ares lite -> %ProgramFiles%\ARES\Ares.exe -> File not found
ATIModeChange -> %System32%\Ati2mdxx.exe -> ATI Technologies, Inc. [Ver = 4.13.3 | Size = 28672 bytes | Modified Date = 9/4/2001 5:24:00 PM | Attr = ]
ATIPTA -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> ATI Technologies, Inc. [Ver = 6.14.10.4029 | Size = 315392 bytes | Modified Date = 3/1/2003 | Attr = ]
HP Software Update -> %ProgramFiles%\Hewlett-Packard\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 82.0.173.000 | Size = 49152 bytes | Modified Date = 12/10/2006 9:52:38 PM | Attr = ]
LogitechSoftwareUpdate -> %ProgramFiles%\Logitech\Video\ManifestEngine.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 196608 bytes | Modified Date = 1/18/2005 6:07:54 PM | Attr = ]
LogitechVideoRepair -> %ProgramFiles%\Logitech\Video\ISStart.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 458752 bytes | Modified Date = 1/18/2005 6:47:30 PM | Attr = ]
LogitechVideoTray -> %ProgramFiles%\Logitech\Video\LogiTray.exe -> Logitech Inc. [Ver = 8.4.6.1012 | Size = 217088 bytes | Modified Date = 1/18/2005 6:37:30 PM | Attr = ]
LVCOMSX -> %System32%\LVCOMSX.EXE -> Logitech Inc. [Ver = 8.4.1.1092 | Size = 221184 bytes | Modified Date = 10/8/2004 12:52:32 PM | Attr = ]
MCAgentExe -> %ProgramFiles%\McAfee.com\Agent\mcagent.exe -> McAfee.com Corporation [Ver = 4, 0, 0, 26 | Size = 192512 bytes | Modified Date = 9/6/2002 7:15:48 PM | Attr = ]
MCUpdateExe -> %ProgramFiles%\McAfee.com\Agent\mcupdate.exe -> McAfee.com Corporation [Ver = 4, 0, 0, 27 | Size = 151552 bytes | Modified Date = 9/4/2002 11:28:56 AM | Attr = ]
NvCplDaemon -> %System32%\nvcpl.dll -> NVIDIA Corporation [Ver = 6.14.01.4303 | Size = 4595712 bytes | Modified Date = 3/3/2003 10:44:00 PM | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.01.4303 | Size = 323584 bytes | Modified Date = 3/3/2003 10:44:00 PM | Attr = ]
QuickTime Task -> D:\Program Files\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.3 | Size = 282624 bytes | Modified Date = 9/1/2006 4:57:48 PM | Attr = ]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> Skype Technologies S.A. [Ver = 3.0.0.198 | Size = 25365032 bytes | Modified Date = 12/18/2006 6:32:52 PM | Attr = ]
Steam -> D:\Program Files\Valve\Steam\Steam.exe -> Valve Corporation [Ver = 1.0.0.0 | Size = 1259000 bytes | Modified Date = 6/12/2007 2:22:12 PM | Attr = ]
StorageGuard -> %ProgramFiles%\VERITAS Software\Update Manager\sgtray.exe -> VERITAS Software, Inc. [Ver = 1.01.02a | Size = 155648 bytes | Modified Date = 6/18/2002 12:01:00 AM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_03\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.30.7 | Size = 36975 bytes | Modified Date = 4/13/2005 3:48:52 AM | Attr = ]
VAIO Recovery -> %SystemRoot%\SONYSYS\VAIO Recovery\PartSeal.exe -> Sony Electronics Inc [Ver = 1.0.2 | Size = 28672 bytes | Modified Date = 4/20/2003 1:08:44 AM | Attr = ]
ViewMgr -> %ProgramFiles%\Viewpoint\Viewpoint Manager\ViewMgr.exe -> File not found
VirusScan Online -> %ProgramFiles%\McAfee.com\VSO\mcvsshld.exe -> Mcafee.com Corporation [Ver = 4, 4, 0, 10 | Size = 139264 bytes | Modified Date = 10/4/2002 4:09:40 PM | Attr = ]
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 35328 bytes | Modified Date = 6/21/2006 1:14:50 PM | Attr = ]
Yahoo! Pager -> D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -> Yahoo! Inc. [Ver = 8,1,0,209 | Size = 4662776 bytes | Modified Date = 11/30/2006 10:49:04 PM | Attr = ]
ZTgServerSwitch -> %ProgramFiles%\support.com\client\lserver\Server.vbs -> [Ver = | Size = 11406 bytes | Modified Date = 7/14/2002 3:50:14 PM | Attr = ]


[Files/Folders - Created Within 30 days]
qoobox -> %SystemDrive%\qoobox -> [Folder | Created Date = 10/24/2007 1:59:49 PM | Attr = ]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Created Date = 10/24/2007 1:58:35 PM | Attr = ]
erdnt -> %SystemRoot%\erdnt -> [Folder | Created Date = 10/30/2007 3:06:34 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Created Date = 10/24/2007 9:38:16 PM | Attr = ]
mgrs.exe~ -> %SystemRoot%\mgrs.exe~ -> [Ver = | Size = 11776 bytes | Created Date = 10/30/2007 3:10:51 PM | Attr = ]
NirCmd.exe -> %SystemRoot%\NirCmd.exe -> NirSoft [Ver = 2.00 | Size = 51200 bytes | Created Date = 10/24/2007 1:58:35 PM | Attr = ]
MobileSidewalk.ico -> %System32%\MobileSidewalk.ico -> [Ver = | Size = 4286 bytes | Created Date = 10/24/2007 10:19:18 AM | Attr = ]
swreg.exe -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 139776 bytes | Created Date = 10/24/2007 1:58:35 PM | Attr = ]
swsc.exe -> %System32%\swsc.exe -> SteelWerX [Ver = 2.0.0.0 | Size = 370688 bytes | Created Date = 10/24/2007 1:58:35 PM | Attr = ]
swxcacls.exe -> %System32%\swxcacls.exe -> SteelWerX [Ver = 1.0.1.1 | Size = 212480 bytes | Created Date = 10/24/2007 1:58:35 PM | Attr = ]
VFind.exe -> %System32%\VFind.exe -> [Ver = | Size = 49152 bytes | Created Date = 10/24/2007 1:58:35 PM | Attr = ]
ygprlxgi.dllbox -> %System32%\ygprlxgi.dllbox -> [Ver = | Size = 20640 bytes | Created Date = 10/23/2007 5:48:13 AM | Attr = HS]

[Files/Folders - Modified Within 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 194 bytes | Modified Date = 10/24/2007 10:46:36 PM | Attr = HS]
Config.Msi -> %SystemDrive%\Config.Msi -> [Folder | Modified Date = 10/24/2007 11:07:30 AM | Attr = H ]
Documents and Settings -> %SystemDrive%\Documents and Settings -> [Folder | Modified Date = 10/24/2007 10:37:00 PM | Attr = ]
Program Files -> %ProgramFiles% -> [Folder | Modified Date = 10/24/2007 10:56:32 PM | Attr = R ]
qoobox -> %SystemDrive%\qoobox -> [Folder | Modified Date = 10/30/2007 4:11:00 PM | Attr = ]
temp -> %SystemDrive%\temp -> [Folder | Modified Date = 10/30/2007 4:04:30 PM | Attr = ]
WINDOWS -> %SystemRoot% -> [Folder | Modified Date = 10/24/2007 10:55:04 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 10/24/2007 10:56:32 PM | Attr = S]
catchme.exe -> %SystemRoot%\catchme.exe -> [Ver = | Size = 136192 bytes | Modified Date = 10/20/2007 6:03:32 AM | Attr = ]
Downloaded Program Files -> %SystemRoot%\Downloaded Program Files -> [Folder | Modified Date = 10/24/2007 8:45:22 PM | Attr = S]
erdnt -> %SystemRoot%\erdnt -> [Folder | Modified Date = 10/30/2007 4:06:36 PM | Attr = ]
ERUNT -> %SystemRoot%\ERUNT -> [Folder | Modified Date = 10/24/2007 10:38:28 PM | Attr = ]
Help -> %SystemRoot%\Help -> [Folder | Modified Date = 10/8/2007 10:56:50 PM | Attr = ]
HOSTK100.DAT -> %SystemRoot%\HOSTK100.DAT -> [Ver = | Size = 114 bytes | Modified Date = 10/24/2007 6:44:34 PM | Attr = ]
inf -> %SystemRoot%\inf -> [Folder | Modified Date = 10/22/2007 11:35:18 PM | Attr = H ]
Installer -> %SystemRoot%\Installer -> [Folder | Modified Date = 10/24/2007 11:07:32 AM | Attr = HS]
LastGood -> %SystemRoot%\LastGood -> [Folder | Modified Date = 10/22/2007 11:35:20 PM | Attr = ]
mgrs.exe~ -> %SystemRoot%\mgrs.exe~ -> [Ver = | Size = 11776 bytes | Modified Date = 10/30/2007 4:10:52 PM | Attr = ]
PCHealth -> %SystemRoot%\PCHealth -> [Folder | Modified Date = 10/24/2007 10:02:10 PM | Attr = ]
Prefetch -> %SystemRoot%\Prefetch -> [Folder | Modified Date = 10/24/2007 10:54:40 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 10/24/2007 7:52:50 PM | Attr = H ]
Registration -> %SystemRoot%\Registration -> [Folder | Modified Date = 10/22/2007 2:05:06 PM | Attr = ]
security -> %SystemRoot%\security -> [Folder | Modified Date = 10/23/2007 6:44:46 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 227 bytes | Modified Date = 10/24/2007 10:46:36 PM | Attr = ]
system32 -> %System32% -> [Folder | Modified Date = 10/24/2007 10:56:32 PM | Attr = ]
Tasks -> %SystemRoot%\Tasks -> [Folder | Modified Date = 10/30/2007 4:09:44 PM | Attr = S]
Temp -> %SystemRoot%\Temp -> [Folder | Modified Date = 10/24/2007 10:56:36 PM | Attr = ]
twain_32 -> %SystemRoot%\twain_32 -> [Folder | Modified Date = 10/22/2007 11:35:22 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 687 bytes | Modified Date = 10/24/2007 10:46:36 PM | Attr = ]
McAfee.com Update Check (I-General).job -> %SystemRoot%\tasks\McAfee.com Update Check (I-General).job -> [Ver = | Size = 496 bytes | Modified Date = 10/30/2007 4:06:28 PM | Attr = ]
McAfee.com Update Check (I-Irfan).job -> %SystemRoot%\tasks\McAfee.com Update Check (I-Irfan).job -> [Ver = | Size = 492 bytes | Modified Date = 10/30/2007 4:09:44 PM | Attr = ]
McAfee.com Update Check (VALUED-ECECF7F4-General).job -> %SystemRoot%\tasks\McAfee.com Update Check (VALUED-ECECF7F4-General).job -> [Ver = | Size = 496 bytes | Modified Date = 10/24/2007 10:54:00 PM | Attr = ]
McAfee.com Update Check (VALUED-ECECF7F4-Irfan).job -> %SystemRoot%\tasks\McAfee.com Update Check (VALUED-ECECF7F4-Irfan).job -> [Ver = | Size = 492 bytes | Modified Date = 10/24/2007 10:58:02 PM | Attr = ]
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [Ver = | Size = 6 bytes | Modified Date = 10/24/2007 10:56:34 PM | Attr = H ]
CatRoot2 -> %System32%\CatRoot2 -> [Folder | Modified Date = 10/30/2007 5:56:30 PM | Attr = ]
config -> %System32%\config -> [Folder | Modified Date = 10/30/2007 4:06:54 PM | Attr = ]
dllcache -> %System32%\dllcache -> [Folder | Modified Date = 10/22/2007 11:35:26 PM | Attr = ]
drivers -> %System32%\drivers -> [Folder | Modified Date = 10/30/2007 4:09:30 PM | Attr = ]
MobileSidewalk.ico -> %System32%\MobileSidewalk.ico -> [Ver = | Size = 4286 bytes | Modified Date = 10/24/2007 11:19:20 AM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 39992 bytes | Modified Date = 10/24/2007 10:25:20 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 311604 bytes | Modified Date = 10/24/2007 10:25:20 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 356126 bytes | Modified Date = 10/24/2007 10:25:20 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 1158 bytes | Modified Date = 10/24/2007 10:02:04 PM | Attr = ]
ygprlxgi.dllbox -> %System32%\ygprlxgi.dllbox -> [Ver = | Size = 20640 bytes | Modified Date = 10/24/2007 10:55:22 PM | Attr = HS]
etc -> %System32%\drivers\etc -> [Folder | Modified Date = 10/24/2007 10:48:28 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
PEC2 , PECompact2 , -> %SystemRoot%\mgrs.exe~ -> [Ver = | Size = 11776 bytes | Modified Date = 10/30/2007 4:10:52 PM | Attr = ]
UPX! , UPX0 , -> %System32%\AVEQ.dll -> [Ver = | Size = 28672 bytes | Modified Date = 9/26/2006 2:57:40 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ]
PEC2 , PECompact2 , -> %System32%\DivX.dll -> DivX, Inc. [Ver = 6.2.5.34 | Size = 620180 bytes | Modified Date = 7/3/2006 5:40:50 PM | Attr = ]
UPX! , UPX0 , -> %System32%\swreg.exe -> SteelWerX [Ver = 2.0.1.6 | Size = 139776 bytes | Modified Date = 4/2/2007 2:21:28 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/29/2002 8:00:00 AM | Attr = ]

< End of report >





--------------------------------------------------------------------------------------




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:05 PM, on 10/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\PERMIS~1\bin\dm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\ezSP_Px.exe
D:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Irfan\Desktop\WinPFind3u\WinPFind3U.exe
C:\Documents and Settings\Irfan\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sony.com/vaiopeople
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Adsense Helper Object - {18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} - C:\Program Files\Adsense Helper Object\aho.v5.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\ygprlxgi.dll (file missing)
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\Hewlett-Packard\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684BB} - C:\Program Files\E404 Helper\e404.v1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\ygprlxgi.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avp] C:\WINDOWS\y3jfr9hz.exe
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX 5.5 Basic) - http://reports.longa...ptX/ScriptX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - http://vram3.vcu.edu/dwa7W.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ygprlxgi - ygprlxgi.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PermissionTV Download Manager Service (PermissionTVDownloadManager) - PermissionTV - C:\PROGRA~1\PERMIS~1\bin\dm.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\Photo Server\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

--
End of file - 5836 bytes









So how does everything look?
0

#9 User is offline   Rorschach112 

  • Ralphie
  • Group: Geek U Moderator
  • Posts: 47,301
  • Joined: 23-March 07
  • Location:Dublin
  • Operating System:XP

Posted 25 October 2007 - 09:57 AM

Looking good, we are nearly done now.

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.




Start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Quote

[Kill Explorer]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> avp -> %SystemRoot%\y3jfr9hz.exe
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
YN -> ygprlxgi -> ygprlxgi.dll
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {A95B2816-1D7E-4561-A202-68C0DE02353A} [HKLM] -> %System32%\ygprlxgi.dll [Reg Data - Value does not exist]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YN -> {11A69AE4-FBED-4832-A2BF-45AF82825583} [HKLM] -> %System32%\ygprlxgi.dll [Security Toolbar]
[Files/Folders - Created Within 30 days]
NY -> mgrs.exe~ -> %SystemRoot%\mgrs.exe~
NY -> MobileSidewalk.ico -> %System32%\MobileSidewalk.ico
NY -> ygprlxgi.dllbox -> %System32%\ygprlxgi.dllbox
[Files/Folders - Modified Within 30 days]
NY -> ygprlxgi.dllbox -> %System32%\ygprlxgi.dllbox
[File String Scan - Non-Microsoft Only]
NY -> PEC2 , PECompact2 , -> %SystemRoot%\mgrs.exe~
[Start Explorer]
[Reboot]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new WinPFind3u scan.

I will review the information when it comes back in.



Also post a new HijackThis log and tell me if you are having any problems.
0

#10 User is offline   Rorschach112 

  • Ralphie
  • Group: Geek U Moderator
  • Posts: 47,301
  • Joined: 23-March 07
  • Location:Dublin
  • Operating System:XP

Posted 01 November 2007 - 12:38 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
0

Share this topic:


Page 1 of 1

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users


Advertisements do not imply our endorsement of that product or service. Join to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks mentioned on this page are the property of their respective owners.

© Geeks to Go, Inc. | All Rights Reserved | Privacy Policy | Advertising | Contact | Link to us