Logfile created on: 01/05/2007 3:53:02 PM
WinPFind2 by OldTimer - Version 1.0.15 Folder = C:\Documents and Settings\paul piccirillo\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)
< Processes (Non-Microsoft Only) >
c:\progra~1\common~1\aol\acs\acsd.exe - (America Online, Inc. )
c:\program files\yahoo!\antivirus\cavrid.exe - (Computer Associates International, Inc. )
c:\program files\yahoo!\antivirus\cavtray.exe - (Computer Associates International, Inc. )
c:\program files\dell aio printer a940\dlbabmgr.exe - (Dell Computer Corporation )
c:\program files\dell aio printer a940\dlbabmon.exe - (Dell Computer Corporation )
c:\windows\system32\hkcmd.exe - (Intel Corporation )
c:\program files\ipod\bin\ipodservice.exe - (Apple Computer, Inc. )
c:\program files\yahoo!\antivirus\isafe.exe - (Computer Associates International, Inc. )
c:\program files\itunes\ituneshelper.exe - (Apple Computer, Inc. )
c:\program files\java\jre1.5.0_10\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\windows\system32\lexbces.exe - (Lexmark International, Inc. )
c:\windows\system32\lexpps.exe - (Lexmark International, Inc. )
c:\program files\quicktime\qttask.exe - (Apple Computer, Inc. )
c:\program files\spyware doctor\sdhelp.exe - (PC Tools Research Pty Ltd )
c:\program files\spyware doctor\swdoctor.exe - (PC Tools Research Pty Ltd )
c:\program files\yahoo!\antivirus\vetmsg.exe - (Computer Associates International, Inc. )
c:\documents and settings\paul piccirillo\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )
c:\program files\yahoo!\browser\ybrowser.exe - (Yahoo!, Inc. )
c:\progra~1\yahoo!\browser\ybrwicon.exe - (Yahoo! Inc. )
c:\progra~1\yahoo!\browser\ycommon.exe - (Yahoo!, Inc. )
c:\progra~1\yahoo!\yop\yop.exe - (Yahoo! Inc. )
< Services (Non-Microsoft Only) >
AOL Connectivity Service (AOL ACS) - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (America Online, Inc. ) [Automatic - Running - Win32, running in it's own process]
CAISafe (CAISafe) - C:\Program Files\Yahoo!\Antivirus\ISafe.exe (Computer Associates International, Inc. ) [Automatic - Running - Win32, running in it's own process]
iPod Service (iPod Service) - "C:\Program Files\iPod\bin\iPodService.exe" (Apple Computer, Inc. ) [On Demand - Running - Win32, running in it's own process]
LexBce Server (LexBceS) - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc. ) [Automatic - Running - Win32, running in it's own process]
PC Tools Spyware Doctor (SDhelper) - C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd ) [Automatic - Running - Win32, running in it's own process]
VET Message Service (VETMSGNT) - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe (Computer Associates International, Inc. ) [Automatic - Running - Win32, running in it's own process]
< Files >
%SystemDrive%
C:\Copy (2) of HijackThis.exe - UPX! (Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Date = 02/16/2005 11:06:16 AM | Attr = ])
C:\HijackThis.exe - UPX! (Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Date = 02/16/2005 11:06:16 AM | Attr = ])
%ProgramFilesDir%
C:\Program Files\Copy of HijackThis.exe - UPX! (Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Date = 02/16/2005 11:06:16 AM | Attr = ])
%WinDir%
C:\WINDOWS\lpt$vpn.873 - PECompact2 ( [Ver = | Size = 16007999 bytes | Date = 10/04/2005 1:35:24 PM | Attr = ])
C:\WINDOWS\lpt$vpn.873 - qoologic ( [Ver = | Size = 16007999 bytes | Date = 10/04/2005 1:35:24 PM | Attr = ])
C:\WINDOWS\lpt$vpn.873 - SAHAgent ( [Ver = | Size = 16007999 bytes | Date = 10/04/2005 1:35:24 PM | Attr = ])
C:\WINDOWS\RMAgentOutput.dll - UPX! ( [Ver = | Size = 25157 bytes | Date = 05/03/2005 11:44:44 AM | Attr = ])
C:\WINDOWS\tsc.exe - UPX! (Trend Micro Inc. [Ver = 3.9.0.1020 | Size = 170053 bytes | Date = 05/03/2005 8:12:06 AM | Attr = ])
C:\WINDOWS\VPTNFILE.873 - PECompact2 ( [Ver = | Size = 16007999 bytes | Date = 10/04/2005 1:35:24 PM | Attr = ])
C:\WINDOWS\VPTNFILE.873 - qoologic ( [Ver = | Size = 16007999 bytes | Date = 10/04/2005 1:35:24 PM | Attr = ])
C:\WINDOWS\VPTNFILE.873 - SAHAgent ( [Ver = | Size = 16007999 bytes | Date = 10/04/2005 1:35:24 PM | Attr = ])
C:\WINDOWS\vsapi32.dll - UPX! (Trend Micro Inc. [Ver = 7.510-1002 | Size = 1044560 bytes | Date = 05/03/2005 9:08:56 AM | Attr = ])
C:\WINDOWS\vsapi32.dll - aspack (Trend Micro Inc. [Ver = 7.510-1002 | Size = 1044560 bytes | Date = 05/03/2005 9:08:56 AM | Attr = ])
%System%
C:\WINDOWS\SYSTEM32\dfrg.msc - PEC2 ( [Ver = | Size = 41397 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DivX.dll - PEC2 (DivXNetworks, Inc. [Ver = 5.2.1.1338 | Size = 716800 bytes | Date = 10/26/2004 5:38:24 PM | Attr = ])
C:\WINDOWS\SYSTEM32\DivX.dll - PECompact2 (DivXNetworks, Inc. [Ver = 5.2.1.1338 | Size = 716800 bytes | Date = 10/26/2004 5:38:24 PM | Attr = ])
C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL - PTech (Microsoft Corporation [Ver = 1.5.0723.1 | Size = 1474864 bytes | Date = 12/12/2006 10:45:04 AM | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - PECompact2 (Microsoft Corporation [Ver = 1.23.1634.0 | Size = 10716584 bytes | Date = 12/07/2006 6:13:44 PM | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - aspack (Microsoft Corporation [Ver = 1.23.1634.0 | Size = 10716584 bytes | Date = 12/07/2006 6:13:44 PM | Attr = ])
C:\WINDOWS\SYSTEM32\ntdll.dll - aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - WSUD (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\rasdlg.dll - Umonitor (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\wbdbase.deu - winsync ( [Ver = | Size = 1309184 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\WgaTray.exe - PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Date = 06/19/2006 3:19:26 PM | Attr = ])
C:\WINDOWS\SYSTEM32\wmploc.dll - PEC2 (Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 8231936 bytes | Date = 10/18/2006 9:47:20 PM | Attr = ])
C:\WINDOWS\SYSTEM32\wmploc.dll - WSUD (Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 8231936 bytes | Date = 10/18/2006 9:47:20 PM | Attr = ])
%System%\Drivers folder and sub-folders
C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys - PTech (Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Date = 08/04/2004 12:41:38 AM | Attr = ])
%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINDOWS\BOOTSTAT.DAT - ( [Ver = | Size = 2048 bytes | Date = 01/05/2007 9:49:12 AM | Attr = S])
C:\WINDOWS\WindowsShell.Manifest - ( [Ver = | Size = 749 bytes | Date = 12/29/2006 11:26:46 AM | Attr = RH ])
C:\WINDOWS\Downloaded Program Files\DESKTOP.INI - ( [Ver = | Size = 65 bytes | Date = 12/29/2006 11:26:58 AM | Attr = H ])
C:\WINDOWS\Fonts\DESKTOP.INI - ( [Ver = | Size = 67 bytes | Date = 12/29/2006 11:27:58 AM | Attr = HS])
C:\WINDOWS\occache\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 12/29/2006 11:26:58 AM | Attr = H ])
C:\WINDOWS\Offline Web Pages\DESKTOP.INI - ( [Ver = | Size = 65 bytes | Date = 12/29/2006 11:26:58 AM | Attr = H ])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_61.cab - ( [Ver = | Size = 286777 bytes | Date = 12/27/2006 8:48:18 AM | Attr = RHS])
C:\WINDOWS\REPAIR\NTUSER.DAT - ( [Ver = | Size = 385024 bytes | Date = 12/29/2006 11:29:08 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\cdplayer.exe.manifest - ( [Ver = | Size = 749 bytes | Date = 12/29/2006 11:26:46 AM | Attr = RH ])
C:\WINDOWS\SYSTEM32\logonui.exe.manifest - ( [Ver = | Size = 488 bytes | Date = 12/29/2006 11:26:58 AM | Attr = RH ])
C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest - ( [Ver = | Size = 749 bytes | Date = 12/29/2006 11:26:46 AM | Attr = RH ])
C:\WINDOWS\SYSTEM32\nwc.cpl.manifest - ( [Ver = | Size = 749 bytes | Date = 12/29/2006 11:26:46 AM | Attr = RH ])
C:\WINDOWS\SYSTEM32\sapi.cpl.manifest - ( [Ver = | Size = 749 bytes | Date = 12/29/2006 11:26:46 AM | Attr = RH ])
C:\WINDOWS\SYSTEM32\WindowsLogon.manifest - ( [Ver = | Size = 488 bytes | Date = 12/29/2006 11:26:58 AM | Attr = RH ])
C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest - ( [Ver = | Size = 749 bytes | Date = 12/29/2006 11:26:46 AM | Attr = RH ])
C:\WINDOWS\SYSTEM32\CONFIG\DEF$$$$$.$$$.LOG - ( [Ver = | Size = 0 bytes | Date = 12/29/2006 11:35:36 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG - ( [Ver = | Size = 1024 bytes | Date = 01/05/2007 9:50:20 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\default.tmp.LOG - ( [Ver = | Size = 0 bytes | Date = 12/29/2006 5:10:48 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG - ( [Ver = | Size = 1024 bytes | Date = 01/05/2007 9:49:18 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG - ( [Ver = | Size = 1024 bytes | Date = 01/05/2007 9:50:20 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\SOF$$$$$.$$$.LOG - ( [Ver = | Size = 0 bytes | Date = 12/29/2006 11:35:36 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG - ( [Ver = | Size = 1024 bytes | Date = 01/05/2007 3:40:18 PM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\software.tmp.LOG - ( [Ver = | Size = 0 bytes | Date = 12/29/2006 5:10:48 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\SYS$$$$$.$$$.LOG - ( [Ver = | Size = 0 bytes | Date = 12/29/2006 11:34:52 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG - ( [Ver = | Size = 1024 bytes | Date = 01/05/2007 3:32:56 PM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\system.tmp.LOG - ( [Ver = | Size = 0 bytes | Date = 12/29/2006 5:10:02 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\TempKey.LOG - ( [Ver = | Size = 1024 bytes | Date = 12/29/2006 6:09:06 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\USERDIFF.LOG - ( [Ver = | Size = 1024 bytes | Date = 12/29/2006 11:29:10 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\userdifr.LOG - ( [Ver = | Size = 1024 bytes | Date = 12/29/2006 11:29:10 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG - ( [Ver = | Size = 1024 bytes | Date = 12/16/2006 3:02:24 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 - ( [Ver = | Size = 341 bytes | Date = 12/06/2006 5:10:46 PM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 - ( [Ver = | Size = 413 bytes | Date = 12/06/2006 5:10:46 PM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 - ( [Ver = | Size = 574 bytes | Date = 12/06/2006 5:10:46 PM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 - ( [Ver = | Size = 1039 bytes | Date = 12/07/2006 2:06:02 AM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 - ( [Ver = | Size = 558 bytes | Date = 01/03/2007 4:41:18 PM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 - ( [Ver = | Size = 126 bytes | Date = 12/06/2006 5:10:46 PM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 - ( [Ver = | Size = 98 bytes | Date = 12/06/2006 5:10:46 PM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 - ( [Ver = | Size = 136 bytes | Date = 12/06/2006 5:10:46 PM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 - ( [Ver = | Size = 126 bytes | Date = 12/07/2006 2:06:02 AM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 - ( [Ver = | Size = 144 bytes | Date = 01/03/2007 4:41:18 PM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - ( [Ver = | Size = 1024 bytes | Date = 01/05/2007 9:25:54 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\DRIVERS\UMDF\MsftWdf_user_01_00_00.Wdf - ( [Ver = | Size = 0 bytes | Date = 12/30/2006 2:18:02 PM | Attr = H ])
C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\35a5a5f8-b87c-4159-ac40-f84ab0342284 - ( [Ver = | Size = 388 bytes | Date = 11/26/2006 10:46:24 AM | Attr = HS])
C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\Preferred - ( [Ver = | Size = 24 bytes | Date = 11/26/2006 10:46:24 AM | Attr = HS])
C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\1e511cf3-b53d-4b41-bd2e-f6581f548301 - ( [Ver = | Size = 388 bytes | Date = 12/02/2006 9:14:48 AM | Attr = HS])
C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred - ( [Ver = | Size = 24 bytes | Date = 12/02/2006 9:14:48 AM | Attr = HS])
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dlbama.GID - ( [Ver = | Size = 35461 bytes | Date = 01/02/2007 8:28:20 PM | Attr = H ])
C:\WINDOWS\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 01/05/2007 9:49:18 AM | Attr = H ])
CPL files
C:\WINDOWS\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 2:56:58 AM | Attr = ])
C:\WINDOWS\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\B57exp.cpl - (Broadcom Corporation [Ver = 3, 0, 3, 0 | Size = 716800 bytes | Date = 09/10/2002 5:07:54 PM | Attr = ])
C:\WINDOWS\SYSTEM32\bdeadmin.cpl - ( [Ver = | Size = 183808 bytes | Date = 11/12/1999 1:11:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\bthprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\igfxcpl.cpl - (Intel Corporation [Ver = 3.0.0.4342 | Size = 94208 bytes | Date = 10/19/2005 8:59:12 AM | Attr = ])
C:\WINDOWS\SYSTEM32\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\irprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\jpicpl32.cpl - (Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49265 bytes | Date = 11/09/2006 3:07:28 PM | Attr = ])
C:\WINDOWS\SYSTEM32\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\PPPoEService.cpl - ( [Ver = 1, 0, 0, 1 | Size = 155648 bytes | Date = 11/19/1999 1:54:12 PM | Attr = ])
C:\WINDOWS\SYSTEM32\QTW32.CPL - (Apple Computer, Inc. [Ver = 2.1.2.59 | Size = 341504 bytes | Date = 08/26/1996 2:12:00 AM | Attr = R ])
C:\WINDOWS\SYSTEM32\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 162304 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 2:56:58 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\sapi.cpl - (Microsoft Corporation [Ver = 5.1.4111.00 (xpsp_sp2_rtm.040803-2158) | Size = 155648 bytes | Date = 08/04/2004 2:56:58 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 162304 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
Auto-Start Folders
HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI - ( [Ver = | Size = 84 bytes | Date = 12/29/2006 11:28:54 AM | Attr = HS])
HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup
HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\paul piccirillo\Start Menu\Programs\Startup
C:\Documents and Settings\paul piccirillo\Start Menu\Programs\Startup\DESKTOP.INI - ( [Ver = | Size = 84 bytes | Date = 09/03/2002 10:00:00 AM | Attr = HS])
HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup
Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe
Wininit.ini: Line 1 - [Rename]
Wininit.ini: Line 2 - NUL=C:\DOCUME~1\PAULPI~1\LOCALS~1\TEMPOR~1\Content.IE5\index.dat
Wininit.ini: Line 4 - NU=C:\DOCUME~1\PAULPI~1\LOCALS~1\Temp\xpsp2fix.exe
WinStart.bat: Line 1 - @C:\WINDOWS\tmpcpyis.bat
Config.nt: Line 54 - dos=high, umb
Config.nt: Line 55 - device=%SystemRoot%\system32\himem.sys
Config.nt: Line 56 - files=40
AutoExec.nt: Line 1 - @echo off
AutoExec.nt: Line 8 - lh %SystemRoot%\system32\mscdexnt.exe
AutoExec.nt: Line 11 - lh %SystemRoot%\system32\redir
AutoExec.nt: Line 14 - lh %SystemRoot%\system32\dosx
AutoExec.nt: Line 36 - SET BLASTER=A220 I5 D1 P330 T3
Miscellaneous Folders
AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\DESKTOP.INI - ( [Ver = | Size = 62 bytes | Date = 12/29/2006 11:12:36 AM | Attr = HS])
C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt - ( [Ver = | Size = 16 bytes | Date = 04/24/2006 2:40:00 PM | Attr = ])
C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache - ( [Ver = | Size = 2913 bytes | Date = 12/29/2006 10:12:44 PM | Attr = ])
C:\Documents and Settings\All Users\Application Data\ypinfo.bin - ( [Ver = | Size = 6064 bytes | Date = 12/26/2006 8:38:54 PM | Attr = ])
CurrentUser ApplicationData Folder
C:\Documents and Settings\paul piccirillo\Application Data\DESKTOP.INI - ( [Ver = | Size = 62 bytes | Date = 09/03/2002 9:50:46 AM | Attr = HS])
C:\Documents and Settings\paul piccirillo\Application Data\dm.ini - ( [Ver = | Size = 0 bytes | Date = 01/11/2003 3:33:46 PM | Attr = ])
C:\Documents and Settings\paul piccirillo\Application Data\PFP100JCM.{PB - ( [Ver = | Size = 12358 bytes | Date = 12/22/2002 1:50:40 PM | Attr = ])
C:\Documents and Settings\paul piccirillo\Application Data\PFP100JPR.{PB - ( [Ver = | Size = 61678 bytes | Date = 12/22/2002 1:50:40 PM | Attr = ])
Program Files Folder
C:\Program Files\addchips.wav - ( [Ver = | Size = 7362 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\ASYCFILT.DLL - (Microsoft Corporation [Ver = 2.40.4277 | Size = 147728 bytes | Date = 05/23/2002 6:25:32 AM | Attr = ])
C:\Program Files\cards_dealing.wav - ( [Ver = | Size = 2561 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\cards_sliding.wav - ( [Ver = | Size = 869 bytes | Date = 05/24/2002 1:49:50 AM | Attr = ])
C:\Program Files\chimes.wav - ( [Ver = | Size = 11062 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\chips_sliding.wav - ( [Ver = | Size = 1687 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\client.ini - ( [Ver = | Size = 6960 bytes | Date = 12/16/2004 6:22:34 PM | Attr = ])
C:\Program Files\Copy of HijackThis.exe - (Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Date = 02/16/2005 11:06:16 AM | Attr = ])
C:\Program Files\ding.wav - ( [Ver = | Size = 80856 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\firework3.wav - ( [Ver = | Size = 59716 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\GLdisplay1.html - ( [Ver = | Size = 2567 bytes | Date = 12/16/2004 6:35:22 PM | Attr = ])
C:\Program Files\GLdisplay2.html - ( [Ver = | Size = 840 bytes | Date = 12/16/2004 6:35:22 PM | Attr = ])
C:\Program Files\hijackthis.log - ( [Ver = | Size = 7097 bytes | Date = 04/29/2006 5:50:46 PM | Attr = ])
C:\Program Files\IEExtension.dll - ( [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Date = 03/02/2004 3:11:42 PM | Attr = ])
C:\Program Files\INSTALL.LOG - ( [Ver = | Size = 14582 bytes | Date = 12/16/2004 6:20:00 PM | Attr = ])
C:\Program Files\libeay32.dll - ( [Ver = | Size = 679936 bytes | Date = 05/24/2002 1:49:50 AM | Attr = ])
C:\Program Files\llh.dll - ( [Ver = | Size = 28672 bytes | Date = 08/13/2004 5:30:26 PM | Attr = ])
C:\Program Files\mouse_move.wav - ( [Ver = | Size = 9946 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\Notes.txt - ( [Ver = | Size = 0 bytes | Date = 12/16/2004 6:37:36 PM | Attr = ])
C:\Program Files\PartyPoker.exe - (iGlobalMedia.com [Ver = 1, 0, 0, 1 | Size = 2486272 bytes | Date = 09/10/2004 2:08:18 AM | Attr = ])
C:\Program Files\poker.bin - ( [Ver = | Size = 29208 bytes | Date = 08/17/2004 4:55:26 PM | Attr = ])
C:\Program Files\pp_server_status.html - ( [Ver = | Size = 950 bytes | Date = 06/03/2004 4:11:06 PM | Attr = ])
C:\Program Files\reminder.wav - ( [Ver = | Size = 16544 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\ring.wav - ( [Ver = | Size = 15724 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\ssleay32.dll - ( [Ver = | Size = 147456 bytes | Date = 05/24/2002 1:49:50 AM | Attr = ])
C:\Program Files\TabConfig.txt - ( [Ver = | Size = 3156 bytes | Date = 12/16/2004 6:32:46 PM | Attr = ])
C:\Program Files\tap.wav - ( [Ver = | Size = 5004 bytes | Date = 05/24/2002 1:49:50 AM | Attr = ])
C:\Program Files\UnGins.exe - ( [Ver = | Size = 96256 bytes | Date = 06/14/2002 12:33:16 PM | Attr = ])
C:\Program Files\UserAgreement.txt - ( [Ver = | Size = 35231 bytes | Date = 08/19/2004 6:06:24 PM | Attr = ])
C:\Program Files\Zlib.dll - ( [Ver = | Size = 57344 bytes | Date = 06/22/1999 12:45:16 AM | Attr = ])
Common Files Folder
DPF files
{00000055-9980-0010-8000-00AA00389B71} - - CodeBase =
http://codecs.microsoft.com/codecs/i386/fhg.CAB
{01A88BB1-1174-41EC-ACCB-963509EAE56B} - SysProWmi Class - CodeBase =
http://support.dell.com/systemprofiler/SysPro.CAB
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase =
http://www.apple.com/qtactivex/qtplugin.cab
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - HouseCall Control - CodeBase =
http://housecall60.trendmicro.com/housecall/xscan60.cab
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase =
http://www.kaspersky.com/kos/english/ka ... nicode.cab
{13EC55CF-D993-475B-9ACA-F4A384957956} - Controller Class - CodeBase =
https://www.windowsonecare.com/install/ ... bAgent.CAB
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase =
http://active.macromedia.com/director/cabs/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase =
http://download.microsoft.com/download/ ... ontrol.cab
{193C772A-87BE-4B19-A7BB-445B226FE9A1} - ewidoOnlineScan Control - CodeBase =
http://downloads.ewido.net/ewidoOnlineScan.cab
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - MSSecurityAdvisor Class - CodeBase =
http://download.microsoft.com/download/ ... 8479316153
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} - LSSupCtl Class - CodeBase =
https://www-secure.symantec.com/techsup ... SupCtl.cab
{231B1C6E-F934-42A2-92B6-C2FEFEC24276} - yucsetreg Class - CodeBase = C:\Program Files\Yahoo!\common\yucconfig.dll
{238F6F83-B8B4-11CF-8771-00A024541EE3} - Citrix ICA Client - CodeBase =
http://www.runaware.com/dolphin/wficat.cab
{2FC9A21E-2069-4E47-8235-36318989DB13} - PPSDKActiveXScanner.MainScreen - CodeBase =
http://www.pestscan.com/scanner/axscanner.cab
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\common\yinsthelper.dll
{31E68DE2-5548-4B23-88F0-C51E6A0F695E} - Microsoft PID Sniffer - CodeBase =
https://support.microsoft.com/OAS/ActiveX/odc.cab
{33564D57-9980-0010-8000-00AA00389B71} - - CodeBase =
http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase =
http://office.microsoft.com/officeupdat ... /opuc3.cab
{427273CC-764E-11D3-823D-006097F90453} - Pixami Image Editor Control - CodeBase =
http://www.imagestation.com/common/clas ... r=1,1,0,30
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - QDiagAOLCCUpdateObj Class - CodeBase =
http://aolcc.aol.com/computercheckup/qdiagcc.cab
{4C39376E-FA9D-4349-BACC-D305C1750EF3} - EPUImageControl Class - CodeBase =
http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} - Symantec RuFSI Utility Class - CodeBase =
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase =
http://update.microsoft.com/microsoftup ... 8839111687
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} - WScanCtl Class - CodeBase =
http://www3.ca.com/securityadvisor/viru ... ebscan.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase =
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{924C1588-90C3-4910-B6CA-D57A1C0418FE} - YbUploadFavsCtl Class - CodeBase =
http://download.yahoo.com/dl/bookmarks/ ... 030408.cab
{9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} - RegConfig Class - CodeBase =
http://download.yahoo.com/dl/installs/b ... regcfg.cab
{9F1C11AA-197B-4942-BA54-47A8489BB47F} - - CodeBase =
http://v4.windowsupdate.microsoft.com/C ... 2366203704
{A17E30C4-A9BA-11D4-8673-60DB54C10000} - YahooYMailTo Class - CodeBase =
{A90A5822-F108-45AD-8482-9BC8B12DD539} - Crucial cpcScan - CodeBase =
http://www.crucial.com/controls/cpcScanner.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase =
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase =
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - ActiveDataInfo Class - CodeBase =
https://www-secure.symantec.com/techsup ... mAData.cab
{D18F962A-3722-4B59-B08D-28BB9EB2281E} - PhotosCtrl Class - CodeBase =
http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase =
http://fpdownload.macromedia.com/get/fl ... wflash.cab
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - iTunesDetector Class - CodeBase =
http://ax.phobos.apple.com.edgesuite.ne ... tector.cab
{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - ActiveDataObj Class - CodeBase =
https://www-secure.symantec.com/techsup ... veData.cab
{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - - CodeBase =
http://download.abacast.com/download/files/abasetup.cab
{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - IWinAmpActiveX Class - CodeBase =
http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
DirectAnimation Java Classes - - CodeBase =
file://C:\WINDOWS\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase =
file://C:\WINDOWS\Java\classes\xmldso.cab
Hosts file = 736 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright (c) 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -
-
< End of report >
Logfile of HijackThis v1.99.1
Scan saved at 3:55:50 PM, on 01/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://dsl.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) -
https://www.windowsonecare.com/install/ ... bAgent.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) -
http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) -
http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) -
http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) -
https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) -
http://www.imagestation.com/common/clas ... r=1,1,0,30
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) -
http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 8839111687
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.apple.com.edgesuite.ne ... tector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE