Free Malware Removal Forum

by **pcp3** » January 4th, 2007, 7:02 pm

Logfile of HijackThis v1.99.1
Scan saved at 6:01:32 PM, on 01/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/ ... bAgent.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/clas ... r=1,1,0,30
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8839111687
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Hope you can help

by **askey127** » January 4th, 2007, 8:37 pm

Hi pcp3,
-----------------------------------------------------------
You have two active AntiVirus programs running at once. This may be causing much of your problem.
UNINSTALL JUST ONE OF THESE using Add/remove Programs from the Control Panel.
Leave the other one alone!
Yahoo AntiVirus (Computer Associates)
AVG AntiVirus
Make sure you never allow yourself on the Internet with NONE installed
Reboot the machine.
-----------------------------------------------------------
Download and install CCleaner from here.
Set Options in CCleaner and run Cleaning Scan. Open the CCleaner program.
( Do not use the Issues block to clean anything with this program. It is for experts only and it is risky).

Select Cleaner Settings.
Check Internet Explorer, Windows Explorer, and System so that all items are checked. In the Advanced section, have a check only on Old PreFetch Data.
Set Cookie Retention.
Click on the Options block on the left, then choose Cookies.
Under the Cookies to delete pane, highlight any cookies you would like to retain permanently (those companies or sites with which you regularly visit or do business), and click the right arrow > to move them to the Cookies to keep pane.
Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.

-----------------------------------------------------------
Retrieve the Installed Programs List from CCleaner
Open CCleaner.
In the Left Pane, click Tools
Verify that Uninstall is highlighted in color, or click on it.
In the lower Right, click Save to Text File.
Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
You can leave the filename as install.txt
Click Save
-----------------------------------------------------------
Post a New HJT Log
Reboot your computer. Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply, along with the install.txt file from CCleaner.

askey127

by **pcp3** » January 4th, 2007, 9:20 pm

Thanks for helping me.My computer takes for ever to restart or shutdown.Actually i had to do it manually because i was tired of waiting for it to restart. Here are the logs.Logfile of HijackThis v1.99.1
Scan saved at 8:19:33 PM, on 01/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/ ... bAgent.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/clas ... r=1,1,0,30
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8839111687
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.8
AOL Instant Messenger
Apple Software Update
AutoUpdate
BACS
Britannica Ready Reference
Broadcom 440x 10/100 Integrated Controller
Broadcom Advanced Control Suite
Canon PowerShot A40 WIA Driver
CCleaner (remove only)
Conexant HSF V92 56K Data Fax PCI Modem
Customizable Alerts
Dell AIO Printer A940
Dell ResourceCD
Digital Line Detect
DVDSentry
Easy CD Creator 5 Platinum
FaxTools
Help and Support Customization
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB926239)
Intel Application Accelerator
Intel(R) Extreme Graphics Driver
ISScript
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Kaspersky On-line Scanner
Lavasoft VX2 Cleaner
Learn2 Player (Uninstall Only)
LimeWire 4.12.6
Macromedia Shockwave Player
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework (English)
Microsoft .NET Framework 1.0 Hotfix (KB886906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft IntelliPoint 4.1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
PowerDVD
Quicken 2002 New User Edition
QuickTime
Registry Mechanic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB921883)
SoundMAX
Spybot - Search & Destroy 1.3
Spyware Doctor 4.0
Update for Windows XP (KB898461)
Update for Windows XP (KB904942)
WebFldrs XP
Windows Defender Signatures
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinRAR archiver
WinZip
WordPerfect Office 2002

by **askey127** » January 5th, 2007, 7:11 am

pcp3,
-----------------------------------------------------------
Please note that as long as you're using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur. Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of malware infestation. Additional information on the safety of Peer to Peer programs themselves is here : http://p2p.malwareremoval.com/
-----------------------------------------------------------
Set Your Computer to Show All Files

Click Start.
Click My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck Hide protected operating system files (recommended).
Click Yes to confirm.
Uncheck the Hide file extensions for known file types.
Click OK.

In addition, go to Start, Search. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.
-----------------------------------------------------------
Disable Windows Defender
Go to Start > All Programs > Windows Defender.
Click on the Tools menu, click General Settings, Scroll down to Real-Time Protection Options section and Deactivate the Real-Time Protection system.

Then, in the toolbar across the top there is a little downpointing arrow next to the question mark icon.
Click on that, get a drop down list. One of the options is to exit Windows Defender.
Click on that, and there will be a pop up asking if you are sure you want to exit. Click Yes/OK.
-----------------------------------------------------------
Disable Spybot's TeaTimer. This is a two step process.
First:
- Right click Spybot in the System Tray (looks like a calendar with a padlock symbol)
- Choose Exit Spybot S&D Resident
Second:
- Open Spybot S&D
- Click Mode, check Advanced Mode
- Go To Left Panel, Click Tools, then also in left panel, click Resident
- If your firewall raises a question, say OK
- Uncheck the box labeled Resident Tea-Timer and OK any prompts.
- Use File, Exit to terminate Spybot
-----------------------------------------------------------
Disable Spyware Doctor's real-time protection
Open Spyware Doctor and click on the Onguard button to the left.
Remove the check from the Activate OnGuard option in the next window to disable all protections.
-----------------------------------------------------------
Sorry to say we have to Reboot here
-----------------------------------------------------------
Remove Program(s) with CCleaner
Open CCleaner.
In the Left Pane, click Tools.
Verify that Uninstall is highlighted in color, or click on it.
Click / Highlight J2SE Runtime Environment 5.0 Update 3
Click the Run Uninstaller button.
Wait until CCleaner shows task completion.
Repeat the Highlight > Run Uninstaller sequence for each additional program below.
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
-----------------------------------------------------------
Please download WinPFind2.

Double click WinPFind2.exe to start the program.
Click the Select All button in the File Options box of the Configuration tab(this is the tab the program opens up to by default).
Click the Run all Scans button.
When the scans are complete click the Simple Report button in the lower right-hand corner to create a report file. Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is, click on it to uncheck it and then please post that report into this topic. After posting please check if the whole report fit into the post. If it did fit, it should say <End of Report> at the end. If not, please post the section that was cut off in a second post.

-----------------------------------------------------------
Post a New HJT Log
Start HijackThis. Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl-A), copy and paste the log contents in a reply, along with the WinPFind log..

askey127

by **pcp3** » January 5th, 2007, 4:57 pm

Logfile created on: 01/05/2007 3:53:02 PM
WinPFind2 by OldTimer - Version 1.0.15 Folder = C:\Documents and Settings\paul piccirillo\Desktop\WinPFind2\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

< Processes (Non-Microsoft Only) >
c:\progra~1\common~1\aol\acs\acsd.exe - (America Online, Inc. )
c:\program files\yahoo!\antivirus\cavrid.exe - (Computer Associates International, Inc. )
c:\program files\yahoo!\antivirus\cavtray.exe - (Computer Associates International, Inc. )
c:\program files\dell aio printer a940\dlbabmgr.exe - (Dell Computer Corporation )
c:\program files\dell aio printer a940\dlbabmon.exe - (Dell Computer Corporation )
c:\windows\system32\hkcmd.exe - (Intel Corporation )
c:\program files\ipod\bin\ipodservice.exe - (Apple Computer, Inc. )
c:\program files\yahoo!\antivirus\isafe.exe - (Computer Associates International, Inc. )
c:\program files\itunes\ituneshelper.exe - (Apple Computer, Inc. )
c:\program files\java\jre1.5.0_10\bin\jusched.exe - (Sun Microsystems, Inc. )
c:\windows\system32\lexbces.exe - (Lexmark International, Inc. )
c:\windows\system32\lexpps.exe - (Lexmark International, Inc. )
c:\program files\quicktime\qttask.exe - (Apple Computer, Inc. )
c:\program files\spyware doctor\sdhelp.exe - (PC Tools Research Pty Ltd )
c:\program files\spyware doctor\swdoctor.exe - (PC Tools Research Pty Ltd )
c:\program files\yahoo!\antivirus\vetmsg.exe - (Computer Associates International, Inc. )
c:\documents and settings\paul piccirillo\desktop\winpfind2\winpfind2.exe - (OldTimer Tools )
c:\program files\yahoo!\browser\ybrowser.exe - (Yahoo!, Inc. )
c:\progra~1\yahoo!\browser\ybrwicon.exe - (Yahoo! Inc. )
c:\progra~1\yahoo!\browser\ycommon.exe - (Yahoo!, Inc. )
c:\progra~1\yahoo!\yop\yop.exe - (Yahoo! Inc. )

< Services (Non-Microsoft Only) >
AOL Connectivity Service (AOL ACS) - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (America Online, Inc. ) [Automatic - Running - Win32, running in it's own process]
CAISafe (CAISafe) - C:\Program Files\Yahoo!\Antivirus\ISafe.exe (Computer Associates International, Inc. ) [Automatic - Running - Win32, running in it's own process]
iPod Service (iPod Service) - "C:\Program Files\iPod\bin\iPodService.exe" (Apple Computer, Inc. ) [On Demand - Running - Win32, running in it's own process]
LexBce Server (LexBceS) - C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc. ) [Automatic - Running - Win32, running in it's own process]
PC Tools Spyware Doctor (SDhelper) - C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools Research Pty Ltd ) [Automatic - Running - Win32, running in it's own process]
VET Message Service (VETMSGNT) - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe (Computer Associates International, Inc. ) [Automatic - Running - Win32, running in it's own process]

< Files >

%SystemDrive%
C:\Copy (2) of HijackThis.exe - UPX! (Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Date = 02/16/2005 11:06:16 AM | Attr = ])
C:\HijackThis.exe - UPX! (Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Date = 02/16/2005 11:06:16 AM | Attr = ])

%ProgramFilesDir%
C:\Program Files\Copy of HijackThis.exe - UPX! (Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Date = 02/16/2005 11:06:16 AM | Attr = ])

%WinDir%
C:\WINDOWS\lpt$vpn.873 - PECompact2 ( [Ver = | Size = 16007999 bytes | Date = 10/04/2005 1:35:24 PM | Attr = ])
C:\WINDOWS\lpt$vpn.873 - qoologic ( [Ver = | Size = 16007999 bytes | Date = 10/04/2005 1:35:24 PM | Attr = ])
C:\WINDOWS\lpt$vpn.873 - SAHAgent ( [Ver = | Size = 16007999 bytes | Date = 10/04/2005 1:35:24 PM | Attr = ])
C:\WINDOWS\RMAgentOutput.dll - UPX! ( [Ver = | Size = 25157 bytes | Date = 05/03/2005 11:44:44 AM | Attr = ])
C:\WINDOWS\tsc.exe - UPX! (Trend Micro Inc. [Ver = 3.9.0.1020 | Size = 170053 bytes | Date = 05/03/2005 8:12:06 AM | Attr = ])
C:\WINDOWS\VPTNFILE.873 - PECompact2 ( [Ver = | Size = 16007999 bytes | Date = 10/04/2005 1:35:24 PM | Attr = ])
C:\WINDOWS\VPTNFILE.873 - qoologic ( [Ver = | Size = 16007999 bytes | Date = 10/04/2005 1:35:24 PM | Attr = ])
C:\WINDOWS\VPTNFILE.873 - SAHAgent ( [Ver = | Size = 16007999 bytes | Date = 10/04/2005 1:35:24 PM | Attr = ])
C:\WINDOWS\vsapi32.dll - UPX! (Trend Micro Inc. [Ver = 7.510-1002 | Size = 1044560 bytes | Date = 05/03/2005 9:08:56 AM | Attr = ])
C:\WINDOWS\vsapi32.dll - aspack (Trend Micro Inc. [Ver = 7.510-1002 | Size = 1044560 bytes | Date = 05/03/2005 9:08:56 AM | Attr = ])

%System%
C:\WINDOWS\SYSTEM32\dfrg.msc - PEC2 ( [Ver = | Size = 41397 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DivX.dll - PEC2 (DivXNetworks, Inc. [Ver = 5.2.1.1338 | Size = 716800 bytes | Date = 10/26/2004 5:38:24 PM | Attr = ])
C:\WINDOWS\SYSTEM32\DivX.dll - PECompact2 (DivXNetworks, Inc. [Ver = 5.2.1.1338 | Size = 716800 bytes | Date = 10/26/2004 5:38:24 PM | Attr = ])
C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL - PTech (Microsoft Corporation [Ver = 1.5.0723.1 | Size = 1474864 bytes | Date = 12/12/2006 10:45:04 AM | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - PECompact2 (Microsoft Corporation [Ver = 1.23.1634.0 | Size = 10716584 bytes | Date = 12/07/2006 6:13:44 PM | Attr = ])
C:\WINDOWS\SYSTEM32\MRT.exe - aspack (Microsoft Corporation [Ver = 1.23.1634.0 | Size = 10716584 bytes | Date = 12/07/2006 6:13:44 PM | Attr = ])
C:\WINDOWS\SYSTEM32\ntdll.dll - aspack (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 708096 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - WSUD (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\rasdlg.dll - Umonitor (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 657920 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\wbdbase.deu - winsync ( [Ver = | Size = 1309184 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\WgaTray.exe - PTech (Microsoft Corporation [Ver = 1.5.0540.0 | Size = 304944 bytes | Date = 06/19/2006 3:19:26 PM | Attr = ])
C:\WINDOWS\SYSTEM32\wmploc.dll - PEC2 (Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 8231936 bytes | Date = 10/18/2006 9:47:20 PM | Attr = ])
C:\WINDOWS\SYSTEM32\wmploc.dll - WSUD (Microsoft Corporation [Ver = 11.0.5721.5145 (WMP_11.061018-2006) | Size = 8231936 bytes | Date = 10/18/2006 9:47:20 PM | Attr = ])

%System%\Drivers folder and sub-folders
C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys - PTech (Smart Link [Ver = 3.80.01MC15 | Size = 1309184 bytes | Date = 08/04/2004 12:41:38 AM | Attr = ])

%windir% + sub-dirs for System or Hidden files less than 60 days old
C:\WINDOWS\BOOTSTAT.DAT - ( [Ver = | Size = 2048 bytes | Date = 01/05/2007 9:49:12 AM | Attr = S])
C:\WINDOWS\WindowsShell.Manifest - ( [Ver = | Size = 749 bytes | Date = 12/29/2006 11:26:46 AM | Attr = RH ])
C:\WINDOWS\Downloaded Program Files\DESKTOP.INI - ( [Ver = | Size = 65 bytes | Date = 12/29/2006 11:26:58 AM | Attr = H ])
C:\WINDOWS\Fonts\DESKTOP.INI - ( [Ver = | Size = 67 bytes | Date = 12/29/2006 11:27:58 AM | Attr = HS])
C:\WINDOWS\occache\desktop.ini - ( [Ver = | Size = 65 bytes | Date = 12/29/2006 11:26:58 AM | Attr = H ])
C:\WINDOWS\Offline Web Pages\DESKTOP.INI - ( [Ver = | Size = 65 bytes | Date = 12/29/2006 11:26:58 AM | Attr = H ])
C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_61.cab - ( [Ver = | Size = 286777 bytes | Date = 12/27/2006 8:48:18 AM | Attr = RHS])
C:\WINDOWS\REPAIR\NTUSER.DAT - ( [Ver = | Size = 385024 bytes | Date = 12/29/2006 11:29:08 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\cdplayer.exe.manifest - ( [Ver = | Size = 749 bytes | Date = 12/29/2006 11:26:46 AM | Attr = RH ])
C:\WINDOWS\SYSTEM32\logonui.exe.manifest - ( [Ver = | Size = 488 bytes | Date = 12/29/2006 11:26:58 AM | Attr = RH ])
C:\WINDOWS\SYSTEM32\ncpa.cpl.manifest - ( [Ver = | Size = 749 bytes | Date = 12/29/2006 11:26:46 AM | Attr = RH ])
C:\WINDOWS\SYSTEM32\nwc.cpl.manifest - ( [Ver = | Size = 749 bytes | Date = 12/29/2006 11:26:46 AM | Attr = RH ])
C:\WINDOWS\SYSTEM32\sapi.cpl.manifest - ( [Ver = | Size = 749 bytes | Date = 12/29/2006 11:26:46 AM | Attr = RH ])
C:\WINDOWS\SYSTEM32\WindowsLogon.manifest - ( [Ver = | Size = 488 bytes | Date = 12/29/2006 11:26:58 AM | Attr = RH ])
C:\WINDOWS\SYSTEM32\wuaucpl.cpl.manifest - ( [Ver = | Size = 749 bytes | Date = 12/29/2006 11:26:46 AM | Attr = RH ])
C:\WINDOWS\SYSTEM32\CONFIG\DEF$$$$$.$$$.LOG - ( [Ver = | Size = 0 bytes | Date = 12/29/2006 11:35:36 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG - ( [Ver = | Size = 1024 bytes | Date = 01/05/2007 9:50:20 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\default.tmp.LOG - ( [Ver = | Size = 0 bytes | Date = 12/29/2006 5:10:48 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG - ( [Ver = | Size = 1024 bytes | Date = 01/05/2007 9:49:18 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG - ( [Ver = | Size = 1024 bytes | Date = 01/05/2007 9:50:20 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\SOF$$$$$.$$$.LOG - ( [Ver = | Size = 0 bytes | Date = 12/29/2006 11:35:36 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG - ( [Ver = | Size = 1024 bytes | Date = 01/05/2007 3:40:18 PM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\software.tmp.LOG - ( [Ver = | Size = 0 bytes | Date = 12/29/2006 5:10:48 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\SYS$$$$$.$$$.LOG - ( [Ver = | Size = 0 bytes | Date = 12/29/2006 11:34:52 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG - ( [Ver = | Size = 1024 bytes | Date = 01/05/2007 3:32:56 PM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\system.tmp.LOG - ( [Ver = | Size = 0 bytes | Date = 12/29/2006 5:10:02 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\TempKey.LOG - ( [Ver = | Size = 1024 bytes | Date = 12/29/2006 6:09:06 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\USERDIFF.LOG - ( [Ver = | Size = 1024 bytes | Date = 12/29/2006 11:29:10 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\userdifr.LOG - ( [Ver = | Size = 1024 bytes | Date = 12/29/2006 11:29:10 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG - ( [Ver = | Size = 1024 bytes | Date = 12/16/2006 3:02:24 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\303572DF538EDD8B1D606185F1D559B8 - ( [Ver = | Size = 341 bytes | Date = 12/06/2006 5:10:46 PM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\79841F8EF00FBA86D33CC5A47696F165 - ( [Ver = | Size = 413 bytes | Date = 12/06/2006 5:10:46 PM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5 - ( [Ver = | Size = 574 bytes | Date = 12/06/2006 5:10:46 PM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\CFC456E7E410D69E2C6F3E2DB75C7DB3 - ( [Ver = | Size = 1039 bytes | Date = 12/07/2006 2:06:02 AM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E6024EAC88E6B6165D49FE3C95ADD735 - ( [Ver = | Size = 558 bytes | Date = 01/03/2007 4:41:18 PM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\303572DF538EDD8B1D606185F1D559B8 - ( [Ver = | Size = 126 bytes | Date = 12/06/2006 5:10:46 PM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\79841F8EF00FBA86D33CC5A47696F165 - ( [Ver = | Size = 98 bytes | Date = 12/06/2006 5:10:46 PM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5 - ( [Ver = | Size = 136 bytes | Date = 12/06/2006 5:10:46 PM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\CFC456E7E410D69E2C6F3E2DB75C7DB3 - ( [Ver = | Size = 126 bytes | Date = 12/07/2006 2:06:02 AM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E6024EAC88E6B6165D49FE3C95ADD735 - ( [Ver = | Size = 144 bytes | Date = 01/03/2007 4:41:18 PM | Attr = S])
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - ( [Ver = | Size = 1024 bytes | Date = 01/05/2007 9:25:54 AM | Attr = H ])
C:\WINDOWS\SYSTEM32\DRIVERS\UMDF\MsftWdf_user_01_00_00.Wdf - ( [Ver = | Size = 0 bytes | Date = 12/30/2006 2:18:02 PM | Attr = H ])
C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\35a5a5f8-b87c-4159-ac40-f84ab0342284 - ( [Ver = | Size = 388 bytes | Date = 11/26/2006 10:46:24 AM | Attr = HS])
C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\Preferred - ( [Ver = | Size = 24 bytes | Date = 11/26/2006 10:46:24 AM | Attr = HS])
C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\1e511cf3-b53d-4b41-bd2e-f6581f548301 - ( [Ver = | Size = 388 bytes | Date = 12/02/2006 9:14:48 AM | Attr = HS])
C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred - ( [Ver = | Size = 24 bytes | Date = 12/02/2006 9:14:48 AM | Attr = HS])
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dlbama.GID - ( [Ver = | Size = 35461 bytes | Date = 01/02/2007 8:28:20 PM | Attr = H ])
C:\WINDOWS\Tasks\SA.DAT - ( [Ver = | Size = 6 bytes | Date = 01/05/2007 9:49:18 AM | Attr = H ])

CPL files
C:\WINDOWS\SYSTEM32\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 2:56:58 AM | Attr = ])
C:\WINDOWS\SYSTEM32\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\B57exp.cpl - (Broadcom Corporation [Ver = 3, 0, 3, 0 | Size = 716800 bytes | Date = 09/10/2002 5:07:54 PM | Attr = ])
C:\WINDOWS\SYSTEM32\bdeadmin.cpl - ( [Ver = | Size = 183808 bytes | Date = 11/12/1999 1:11:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\bthprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 110592 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\igfxcpl.cpl - (Intel Corporation [Ver = 3.0.0.4342 | Size = 94208 bytes | Date = 10/19/2005 8:59:12 AM | Attr = ])
C:\WINDOWS\SYSTEM32\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\irprops.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 380416 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\jpicpl32.cpl - (Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49265 bytes | Date = 11/09/2006 3:07:28 PM | Attr = ])
C:\WINDOWS\SYSTEM32\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\PPPoEService.cpl - ( [Ver = 1, 0, 0, 1 | Size = 155648 bytes | Date = 11/19/1999 1:54:12 PM | Attr = ])
C:\WINDOWS\SYSTEM32\QTW32.CPL - (Apple Computer, Inc. [Ver = 2.1.2.59 | Size = 341504 bytes | Date = 08/26/1996 2:12:00 AM | Attr = R ])
C:\WINDOWS\SYSTEM32\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 162304 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\access.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 2:56:58 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\appwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 549888 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\desk.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 135168 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\firewall.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 80384 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\hdwwiz.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 155136 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\inetcpl.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 358400 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\intl.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 129536 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\joy.cpl - (Microsoft Corporation [Ver = 5.03.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 68608 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\main.cpl - (Microsoft Corporation [Ver = 5.1.2403.1 | Size = 187904 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\mmsys.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 618496 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\ncpa.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 35840 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\netsetup.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 25600 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\nusrmgr.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 257024 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\odbccp32.cpl - (Microsoft Corporation [Ver = 3.525.1117.0 (xpsp_sp2_rtm.040803-2158) | Size = 32768 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\powercfg.cpl - (Microsoft Corporation [Ver = 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Size = 114688 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\sapi.cpl - (Microsoft Corporation [Ver = 5.1.4111.00 (xpsp_sp2_rtm.040803-2158) | Size = 155648 bytes | Date = 08/04/2004 2:56:58 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\sysdm.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 298496 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\telephon.cpl - (Microsoft Corporation [Ver = 5.1.2600.0 (xpclient.010817-1148) | Size = 28160 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\timedate.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 94208 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\wscui.cpl - (Microsoft Corporation [Ver = 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Size = 148480 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])
C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl - (Microsoft Corporation [Ver = 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158) | Size = 162304 bytes | Date = 08/04/2004 7:00:00 AM | Attr = ])

Auto-Start Folders

HKLM->Explorer\Shell Folders\\Common Startup = C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI - ( [Ver = | Size = 84 bytes | Date = 12/29/2006 11:28:54 AM | Attr = HS])

HKLM->Explorer\User Shell Folders\\Common Startup = %ALLUSERSPROFILE%\Start Menu\Programs\Startup

HKLM->Explorer\Shell Folders\\Startup = C:\Documents and Settings\paul piccirillo\Start Menu\Programs\Startup
C:\Documents and Settings\paul piccirillo\Start Menu\Programs\Startup\DESKTOP.INI - ( [Ver = | Size = 84 bytes | Date = 09/03/2002 10:00:00 AM | Attr = HS])

HKCU->Explorer\User Shell Folders\\Startup = %USERPROFILE%\Start Menu\Programs\Startup

Miscellaneous Auto-Start Files
System.ini->[Boot]\\Shell - Explorer.exe
Wininit.ini: Line 1 - [Rename]
Wininit.ini: Line 2 - NUL=C:\DOCUME~1\PAULPI~1\LOCALS~1\TEMPOR~1\Content.IE5\index.dat
Wininit.ini: Line 4 - NU=C:\DOCUME~1\PAULPI~1\LOCALS~1\Temp\xpsp2fix.exe
WinStart.bat: Line 1 - @C:\WINDOWS\tmpcpyis.bat
Config.nt: Line 54 - dos=high, umb
Config.nt: Line 55 - device=%SystemRoot%\system32\himem.sys
Config.nt: Line 56 - files=40
AutoExec.nt: Line 1 - @echo off
AutoExec.nt: Line 8 - lh %SystemRoot%\system32\mscdexnt.exe
AutoExec.nt: Line 11 - lh %SystemRoot%\system32\redir
AutoExec.nt: Line 14 - lh %SystemRoot%\system32\dosx
AutoExec.nt: Line 36 - SET BLASTER=A220 I5 D1 P330 T3

Miscellaneous Folders

AllUsers ApplicationData Folder
C:\Documents and Settings\All Users\Application Data\DESKTOP.INI - ( [Ver = | Size = 62 bytes | Date = 12/29/2006 11:12:36 AM | Attr = HS])
C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt - ( [Ver = | Size = 16 bytes | Date = 04/24/2006 2:40:00 PM | Attr = ])
C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache - ( [Ver = | Size = 2913 bytes | Date = 12/29/2006 10:12:44 PM | Attr = ])
C:\Documents and Settings\All Users\Application Data\ypinfo.bin - ( [Ver = | Size = 6064 bytes | Date = 12/26/2006 8:38:54 PM | Attr = ])

CurrentUser ApplicationData Folder
C:\Documents and Settings\paul piccirillo\Application Data\DESKTOP.INI - ( [Ver = | Size = 62 bytes | Date = 09/03/2002 9:50:46 AM | Attr = HS])
C:\Documents and Settings\paul piccirillo\Application Data\dm.ini - ( [Ver = | Size = 0 bytes | Date = 01/11/2003 3:33:46 PM | Attr = ])
C:\Documents and Settings\paul piccirillo\Application Data\PFP100JCM.{PB - ( [Ver = | Size = 12358 bytes | Date = 12/22/2002 1:50:40 PM | Attr = ])
C:\Documents and Settings\paul piccirillo\Application Data\PFP100JPR.{PB - ( [Ver = | Size = 61678 bytes | Date = 12/22/2002 1:50:40 PM | Attr = ])

Program Files Folder
C:\Program Files\addchips.wav - ( [Ver = | Size = 7362 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\ASYCFILT.DLL - (Microsoft Corporation [Ver = 2.40.4277 | Size = 147728 bytes | Date = 05/23/2002 6:25:32 AM | Attr = ])
C:\Program Files\cards_dealing.wav - ( [Ver = | Size = 2561 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\cards_sliding.wav - ( [Ver = | Size = 869 bytes | Date = 05/24/2002 1:49:50 AM | Attr = ])
C:\Program Files\chimes.wav - ( [Ver = | Size = 11062 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\chips_sliding.wav - ( [Ver = | Size = 1687 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\client.ini - ( [Ver = | Size = 6960 bytes | Date = 12/16/2004 6:22:34 PM | Attr = ])
C:\Program Files\Copy of HijackThis.exe - (Soeperman Enterprises Ltd. [Ver = 1.99.0001 | Size = 218112 bytes | Date = 02/16/2005 11:06:16 AM | Attr = ])
C:\Program Files\ding.wav - ( [Ver = | Size = 80856 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\firework3.wav - ( [Ver = | Size = 59716 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\GLdisplay1.html - ( [Ver = | Size = 2567 bytes | Date = 12/16/2004 6:35:22 PM | Attr = ])
C:\Program Files\GLdisplay2.html - ( [Ver = | Size = 840 bytes | Date = 12/16/2004 6:35:22 PM | Attr = ])
C:\Program Files\hijackthis.log - ( [Ver = | Size = 7097 bytes | Date = 04/29/2006 5:50:46 PM | Attr = ])
C:\Program Files\IEExtension.dll - ( [Ver = 1, 0, 0, 1 | Size = 28672 bytes | Date = 03/02/2004 3:11:42 PM | Attr = ])
C:\Program Files\INSTALL.LOG - ( [Ver = | Size = 14582 bytes | Date = 12/16/2004 6:20:00 PM | Attr = ])
C:\Program Files\libeay32.dll - ( [Ver = | Size = 679936 bytes | Date = 05/24/2002 1:49:50 AM | Attr = ])
C:\Program Files\llh.dll - ( [Ver = | Size = 28672 bytes | Date = 08/13/2004 5:30:26 PM | Attr = ])
C:\Program Files\mouse_move.wav - ( [Ver = | Size = 9946 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\Notes.txt - ( [Ver = | Size = 0 bytes | Date = 12/16/2004 6:37:36 PM | Attr = ])
C:\Program Files\PartyPoker.exe - (iGlobalMedia.com [Ver = 1, 0, 0, 1 | Size = 2486272 bytes | Date = 09/10/2004 2:08:18 AM | Attr = ])
C:\Program Files\poker.bin - ( [Ver = | Size = 29208 bytes | Date = 08/17/2004 4:55:26 PM | Attr = ])
C:\Program Files\pp_server_status.html - ( [Ver = | Size = 950 bytes | Date = 06/03/2004 4:11:06 PM | Attr = ])
C:\Program Files\reminder.wav - ( [Ver = | Size = 16544 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\ring.wav - ( [Ver = | Size = 15724 bytes | Date = 05/17/2002 10:45:30 PM | Attr = ])
C:\Program Files\ssleay32.dll - ( [Ver = | Size = 147456 bytes | Date = 05/24/2002 1:49:50 AM | Attr = ])
C:\Program Files\TabConfig.txt - ( [Ver = | Size = 3156 bytes | Date = 12/16/2004 6:32:46 PM | Attr = ])
C:\Program Files\tap.wav - ( [Ver = | Size = 5004 bytes | Date = 05/24/2002 1:49:50 AM | Attr = ])
C:\Program Files\UnGins.exe - ( [Ver = | Size = 96256 bytes | Date = 06/14/2002 12:33:16 PM | Attr = ])
C:\Program Files\UserAgreement.txt - ( [Ver = | Size = 35231 bytes | Date = 08/19/2004 6:06:24 PM | Attr = ])
C:\Program Files\Zlib.dll - ( [Ver = | Size = 57344 bytes | Date = 06/22/1999 12:45:16 AM | Attr = ])

Common Files Folder

DPF files
{00000055-9980-0010-8000-00AA00389B71} - - CodeBase = http://codecs.microsoft.com/codecs/i386/fhg.CAB
{01A88BB1-1174-41EC-ACCB-963509EAE56B} - SysProWmi Class - CodeBase = http://support.dell.com/systemprofiler/SysPro.CAB
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - HouseCall Control - CodeBase = http://housecall60.trendmicro.com/housecall/xscan60.cab
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/english/ka ... nicode.cab
{13EC55CF-D993-475B-9ACA-F4A384957956} - Controller Class - CodeBase = https://www.windowsonecare.com/install/ ... bAgent.CAB
{166B1BCA-3F9C-11CF-8075-444553540000} - Shockwave ActiveX Control - CodeBase = http://active.macromedia.com/director/cabs/sw.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://download.microsoft.com/download/ ... ontrol.cab
{193C772A-87BE-4B19-A7BB-445B226FE9A1} - ewidoOnlineScan Control - CodeBase = http://downloads.ewido.net/ewidoOnlineScan.cab
{19E28AFC-EAE3-4CE5-AC83-2407B42F57C9} - MSSecurityAdvisor Class - CodeBase = http://download.microsoft.com/download/ ... 8479316153
{1F2F4C9E-6F09-47BC-970D-3C54734667FE} - LSSupCtl Class - CodeBase = https://www-secure.symantec.com/techsup ... SupCtl.cab
{231B1C6E-F934-42A2-92B6-C2FEFEC24276} - yucsetreg Class - CodeBase = C:\Program Files\Yahoo!\common\yucconfig.dll
{238F6F83-B8B4-11CF-8771-00A024541EE3} - Citrix ICA Client - CodeBase = http://www.runaware.com/dolphin/wficat.cab
{2FC9A21E-2069-4E47-8235-36318989DB13} - PPSDKActiveXScanner.MainScreen - CodeBase = http://www.pestscan.com/scanner/axscanner.cab
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - YInstStarter Class - CodeBase = C:\Program Files\Yahoo!\common\yinsthelper.dll
{31E68DE2-5548-4B23-88F0-C51E6A0F695E} - Microsoft PID Sniffer - CodeBase = https://support.microsoft.com/OAS/ActiveX/odc.cab
{33564D57-9980-0010-8000-00AA00389B71} - - CodeBase = http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - Office Update Installation Engine - CodeBase = http://office.microsoft.com/officeupdat ... /opuc3.cab
{427273CC-764E-11D3-823D-006097F90453} - Pixami Image Editor Control - CodeBase = http://www.imagestation.com/common/clas ... r=1,1,0,30
{4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - QDiagAOLCCUpdateObj Class - CodeBase = http://aolcc.aol.com/computercheckup/qdiagcc.cab
{4C39376E-FA9D-4349-BACC-D305C1750EF3} - EPUImageControl Class - CodeBase = http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} - Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/Shar ... /cabsa.cab
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - MUWebControl Class - CodeBase = http://update.microsoft.com/microsoftup ... 8839111687
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} - WScanCtl Class - CodeBase = http://www3.ca.com/securityadvisor/viru ... ebscan.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{924C1588-90C3-4910-B6CA-D57A1C0418FE} - YbUploadFavsCtl Class - CodeBase = http://download.yahoo.com/dl/bookmarks/ ... 030408.cab
{9CF28A69-7659-4C51-BFD5-9ADE19E19EC3} - RegConfig Class - CodeBase = http://download.yahoo.com/dl/installs/b ... regcfg.cab
{9F1C11AA-197B-4942-BA54-47A8489BB47F} - - CodeBase = http://v4.windowsupdate.microsoft.com/C ... 2366203704
{A17E30C4-A9BA-11D4-8673-60DB54C10000} - YahooYMailTo Class - CodeBase =
{A90A5822-F108-45AD-8482-9BC8B12DD539} - Crucial cpcScan - CodeBase = http://www.crucial.com/controls/cpcScanner.cab
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
{CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - ActiveDataInfo Class - CodeBase = https://www-secure.symantec.com/techsup ... mAData.cab
{D18F962A-3722-4B59-B08D-28BB9EB2281E} - PhotosCtrl Class - CodeBase = http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/get/fl ... wflash.cab
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - iTunesDetector Class - CodeBase = http://ax.phobos.apple.com.edgesuite.ne ... tector.cab
{E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - ActiveDataObj Class - CodeBase = https://www-secure.symantec.com/techsup ... veData.cab
{E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - - CodeBase = http://download.abacast.com/download/files/abasetup.cab
{FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - IWinAmpActiveX Class - CodeBase = http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
DirectAnimation Java Classes - - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

Hosts file = 736 bytes. Reading all entries. C:\WINDOWS\System32\drivers\etc\Hosts
# Copyright (c) 1993-1999 Microsoft Corp. -
# -
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. -
# -
# This file contains the mappings of IP addresses to host names. Each -
# entry should be kept on an individual line. The IP address should -
# be placed in the first column followed by the corresponding host name. -
# The IP address and the host name should be separated by at least one -
# space. -
# -
# Additionally, comments (such as these) may be inserted on individual -
# lines or following the machine name denoted by a '#' symbol. -
# -
# For example: -
# -
# 102.54.94.97 rhino.acme.com # source server -
# 38.25.63.10 x.acme.com # x client host -
-
127.0.0.1 localhost -
-

< End of report >
Logfile of HijackThis v1.99.1
Scan saved at 3:55:50 PM, on 01/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;127.0.0.1;<local>
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\PROGRA~1\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/ ... bAgent.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.runaware.com/dolphin/wficat.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {427273CC-764E-11D3-823D-006097F90453} (Pixami Image Editor Control) - http://www.imagestation.com/common/clas ... r=1,1,0,30
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-36.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8839111687
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsup ... veData.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

by **askey127** » January 5th, 2007, 7:41 pm

pcp3,
You may want to print this out, or save it as a Notepad document on your Desktop, since you won't have Internet access in Safe Mode.
------------------------------------------------
Download, Update, and Initiialize AVG AntiSpyware
You can download it from here : http://www.ewido.net/en/download/
1. After download, double click on the file to launch the install process.
2. Choose a language, click OK and then click Next.
3. Read the License Agreement and click I Agree.
4. Accept the default installation path: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5, click Next, then click Install.
5. After setup completes, click Finish to start the program automatically,
or launch AVG Anti-Spyware by double-clicking its icon on your desktop or in the system tray.
6. The main Status Menu will appear. Select Change state to inactivate Resident Shield and Automatic Updates.
7. Then right click on the AVG Anti-Spyware icon in the system tray and uncheck "Start with Windows".
8. Go to your Windows Start button, choose Run and then type: services.msc
This will bring up the services console.

At the bottom of the Services Window, select the Extended tab and scroll down the list to find AVG Anti-Spyware guard.
When you find the guard service, double-click on it.
In the Properties Window > General Tab that opens, click the Stop button.
From the drop-down menu next to "Startup Type", click on Manual.
Now click Apply, then OK and close the Services window.

Back in the AVG Anti-Spyware Status Menu. Select the Update button and click Start update. Wait until you see the "Update succesfull" message. Exit AVG Anti-Spyware when done - DO NOT perform a scan yet.
-----------------------------------------------------------
Reboot your computer in SAFE MODE using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".
-----------------------------------------------------------
File and Folder Deletion.
In Windows Explorer (My Computer), select View, Details. Then navigate to this file and delete if present.
C:\Windows\RMAgentOutput.dll
If you have any problem deleting a file, right click the file and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete. Note if you cannot delete.
-----------------------------------------------------------
Scan with AVG Anti-Spyware as follows:

Launch AVG Anti-Spyware, click on the "Scanner" button and choose the "Settings" tab.
- Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
- Under "How to Scan?" check all (default).
- Under "Possibly unwanted software" check all (default).
- Under "What to Scan?" make sure "Scan every file" is selected (default).
- Under "Reports" select "Automatically generate report after every scan" and UNcheck "Only if threats were found".
Click the "Scan" tab to return to scanning options.
Click "Complete System Scan" to start.
Note: Close all open windows, programs, and DO NOT USE the computer while AVG Anti-Spyware is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper AVG Anti-Spyware's ability to clean properly and may result in reinfection.
When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.
IMPORTANT! Do not save the report before you have clicked the "Apply all actions" button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button.
Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20061031-090001.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports\
Exit AVG Anti-Spyware when done and Reboot your machine.

Open the report in Notepad and paste the contents in your next reply.

askey127

by **pcp3** » January 6th, 2007, 1:10 pm

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:57:55 AM 1/6/2007

+ Scan result:

C:\Documents and Settings\Monica\Cookies\monica@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\paul piccirillo\Cookies\paul piccirillo@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\pauly piccirillo\Cookies\pauly_piccirillo@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\pauly piccirillo\Cookies\pauly piccirillo@admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\pauly piccirillo\Cookies\pauly piccirillo@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\kathy piccirillo\Cookies\kathy piccirillo@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\pauly piccirillo\Cookies\pauly piccirillo@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\kathy piccirillo\Cookies\kathy piccirillo@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\kathy piccirillo\Cookies\kathy piccirillo@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\kathy piccirillo\Cookies\kathy piccirillo@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\pauly piccirillo\Cookies\pauly piccirillo@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\pauly piccirillo\Cookies\pauly piccirillo@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\pauly piccirillo\Cookies\pauly piccirillo@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\paul piccirillo\Cookies\paul piccirillo@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\pauly piccirillo\Cookies\pauly piccirillo@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\pauly piccirillo\Cookies\pauly piccirillo@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\kathy piccirillo\Cookies\kathy piccirillo@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\pauly piccirillo\Cookies\pauly piccirillo@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\pauly piccirillo\Cookies\pauly piccirillo@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\pauly piccirillo\Cookies\pauly piccirillo@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\paul piccirillo\Cookies\paul piccirillo@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\kathy piccirillo\Cookies\kathy piccirillo@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\pauly piccirillo\Cookies\pauly piccirillo@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\pauly piccirillo\Cookies\pauly piccirillo@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\pauly piccirillo\Cookies\pauly piccirillo@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@yadro[2].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Monica\Cookies\monica@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\kathy piccirillo\Cookies\kathy piccirillo@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\paul piccirillo\Cookies\paul piccirillo@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\pauly piccirillo\Cookies\pauly piccirillo@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\pauly piccirillo\Local Settings\Temp\Cookies\pauly piccirillo@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.

::Report end

Also on restart checking for file system NTFS and correcting error in index I30 came up on the screen All the errors were fixed.

by **askey127** » January 6th, 2007, 3:00 pm

pcp3,
Read this entire instruction before you start.
For your information, PokerStars.net seems to be OK so far, but most Poker sites are conduits for adware and/or spyware, not necessarily installed with your permission.
-----------------------------------------------------------
File and Folder Deletion.
In Windows Explorer (My Computer), select View, Details. Then navigate to these files and folders. Find and Delete these, if present.
You may have to delete all the underlying files and folders before an entire folder can be deleted.
These Folders:
C:\Program Files\PartyPoker\
C:\Program Files\AceClub Casino\

These files:
C:\Program Files\reminder.wav
C:\Program Files\pp_server_status.html
C:\Program Files\poker.bin
C:\Program Files\IEExtension.dll
C:\Program Files\PartyPoker.exe
C:\Program Files\UnGins.exe
If you have any problem deleting a file, right click the file and check Properties to see if it's read-only. Uncheck the read-only box, click Apply and OK. Then retry Delete. If a message pops up saying "File in use", or something like that, hit Ctrl-Alt-Delete and look under the Processes tab. If the filename is in there, highlight it and click End Process, then retry Delete.
Note the name and location of any items you cannot delete.

Navigate to C:\Windows\ and Verify that file RMAgentOutput.dll is missing.
-----------------------------------------------------------
Remove Program with CCleaner
Missed this one.... Open CCleaner.
In the Left Pane, click Tools.
Verify that Uninstall is highlighted in color, or click on it.
Click / Highlight J2SE Runtime Environment 5.0 Update 10
Click the Run Uninstaller button.
Wait until CCleaner shows task completion.

Run Cleaning Scan. Click on the Cleaner block on the left. Choose the Windows tab.
Click the Run Cleaner button. This process could take a while. When CCleaner shows how much has been removed, cleaning is finished.

Then download the latest version of Java Runtime Environment, and install it to your computer.
-----------------------------------------------------------
Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites to your Internet Explorer settings that will protect you from accidentally running or downloading known malicious programs. Available from http://www.javacoolsoftware.com/spywareblaster.html
After the installation, click Download Latest Protection Updates. When it finishes, click Enable All Protection.
-----------------------------------------------------------
Download and Install a HOSTS File
A Hosts file is a plain text file which prevents your computer from inadvertently connecting to malware, spyware and adware sites by redirecting the connection request back to your own machine address (127.0.0.1).
If you use a proxy server, or if you are on AOL, or if you use Norton to scan e-mail, be sure to read the special instructions.

Be sure to disable the service "DNS Client" when using large HOSTS files, to avoid slowdowns.
This is how to do it:

Stop and Disable the DNS Client Service
Go to Start, Run OR Start, Programs, Accessories, Command Prompt and type Services.msc and click OK.
Under the Extended Tab, Scroll down and find this service.
DNS Client
Click once on the service to highlight it. Click Stop
Right-Click on the service. Click onProperties
Select the General tab. Click the Arrow-down tab on the right-hand side at the Start-up Type box.
From the drop-down menu, click on Manual
Click the Apply tab, then click OK

BlueTack's HOSTS Manager is here:
http://www.bluetack.co.uk/forums/index.php?act=dscript&CODE=showdetails&f_id=5
If you download and install it first, you can use it to handle your HOSTS file download, edits, and most any other HOSTS issue.

Download and Read an excellent instruction about HOSTS files (the Bluetack version) here:
http://www.bluetack.co.uk/forums/index.php?showtopic=8406

If you have a firewall, you may have to give permission to Unlock the present default HOSTS file before you copy / install the new one.
You may also have to give additional permission during installation of the new one.
-------------------------------------------------------------
Tell me what you see for your PC's behavior.
askey127

by **pcp3** » January 7th, 2007, 9:12 pm

everything seems to be working better.Thanks so much for your help.

by **askey127** » January 8th, 2007, 7:05 am

Glad we could be of service.

askey127

by **NonSuch** » January 13th, 2007, 5:16 am

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Free Malware Removal Forum

Very Slow computer.Too many proceess running.Here is my log

Very Slow computer.Too many proceess running.Here is my log

Who is online