Author Topic: Win32.Trojan.Mirc and Win32.P2P-Worm.Alcan.a removal please (Read 908 times)

ivy90 · « **on:** January 05, 2007, 01:30:36 AM »

helpppppppppp. i do not know how to remove Win32.Trojan.Mirc and Win32.P2P-Worm.Alcan.a, i used Ad-aware to find it

guestolo · « **Reply #1 on:** January 05, 2007, 10:54:09 AM »

Download Hijackthis 1.99.1 from my signature below
SAVE it to your desktop

Double click on hijackthis_sfx.exe on desktop
Click the UNZIP button>>OK the prompt
This will self extract to C:\Program Files\HijackThis
Delete hijackthis_sfx.exe from desktop

Go to START>>RUN
Copy>>paste the following to the open field, then hit OK
%systemdrive%\Program Files\HijackThis
This will open the Hijackthis folder
RIGHT CLICK on Hijackthis.exe and select SEND TO>>Desktop (create shortcut)
You can now run Hijackthis.exe from the new shortcut placed on your desktop

Double click to run Hijackthis.exe
Do a "SCAN and Save a Log file"
A log will open in Notepad
Copy and paste the WHOLE contents of the log here

ivy90 · « **Reply #2 on:** January 05, 2007, 04:31:19 PM »

thank you for helping

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' /> k here it is

Logfile of HijackThis v1.99.1
Scan saved at 4:30:29 PM, on 1/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRserv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\program files\aim6\anotify.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6447
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6447
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6447
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LXCRCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCRserv.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

ivy90 · « **Reply #3 on:** January 05, 2007, 04:32:26 PM »

i have internet explorer? i thought i deleted that and that bearflix crap

guestolo · « **Reply #4 on:** January 05, 2007, 04:35:01 PM »

Download this file - Combofix.exe and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from Combofix

NOTE: Did you post the whole hijackthis log?
I want to ensure you didn't miss any entries near the bottom of the log

ivy90 · « **Reply #5 on:** January 05, 2007, 04:51:49 PM »

i believe i did copy and paste all
ctrl A then ctrl C then paste

here is from combofix

Owner - 07-01-05 16:49:39.56 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Owner.LAPPY\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\outlook

((((((((((((((((((((((((((((((( Files Created from 2006-12-05 to 2007-01-05 ))))))))))))))))))))))))))))))))))

2007-01-05   16:29   <DIR>   d--------   C:\Program Files\HijackThis
2007-01-04   03:01   <DIR>   d--------   C:\Program Files\Uniblue
2007-01-04   02:41   <DIR>   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\Uniblue
2007-01-04   01:39   <DIR>   d--------   C:\Program Files\Lavasoft
2007-01-04   01:39   <DIR>   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\Lavasoft
2007-01-03   16:05   <DIR>   d-a------   C:\Documents and Settings\All Users\Application Data\TEMP
2007-01-03   02:38   <DIR>   d--------   C:\WINDOWS\system32\appmgmt
2007-01-02   02:57   <DIR>   d--------   C:\Program Files\XviD
2007-01-02   02:51   <DIR>   d--------   C:\Program Files\AC3Filter
2007-01-02   02:40   <DIR>   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\Azureus
2007-01-02   02:39   <DIR>   d--------   C:\Program Files\Azureus
2007-01-01   20:33   <DIR>   d--------   C:\Program Files\Ares
2007-01-01   01:19   147,456   --a------   C:\WINDOWS\system32\vbzip10.dll
2007-01-01   00:40   109,568   ---------   C:\WINDOWS\system32\pxinsi64.exe
2007-01-01   00:40   108,544   ---------   C:\WINDOWS\system32\pxcpyi64.exe
2007-01-01   00:40   <DIR>   d--------   C:\Program Files\DivX
2007-01-01   00:40   <DIR>   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\DivX
2006-12-31   23:47   <DIR>   d--------   C:\My Downloads
2006-12-31   23:17   0   --a------   C:\WINDOWS\b.exe
2006-12-31   22:44   <DIR>   d--------   C:\Documents and Settings\Owner.LAPPY\Incomplete
2006-12-31   22:43   <DIR>   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\LimeWire
2006-12-31   20:42   <DIR>   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\BitTorrent
2006-12-24   15:47   692,224   --a------   C:\WINDOWS\system32\lxcrdrs.dll
2006-12-24   15:47   65,536   --a------   C:\WINDOWS\system32\lxcrcaps.dll
2006-12-24   15:47   61,440   --a------   C:\WINDOWS\system32\lxcrcnv4.dll
2006-12-24   15:47   409,600   --a------   C:\WINDOWS\system32\lxcrinpa.dll
2006-12-24   15:47   40,960   --a------   C:\WINDOWS\system32\lxcrvs.dll
2006-12-24   15:47   393,216   --a------   C:\WINDOWS\system32\lxcriesc.dll
2006-12-24   15:47   303,104   --a------   C:\WINDOWS\system32\lxcrcoin.dll
2006-12-24   15:46   <DIR>   d--------   C:\Program Files\Lexmark 2400 Series
2006-12-24   15:45   995,328   --a------   C:\WINDOWS\system32\lxcrusb1.dll
2006-12-24   15:45   983,107   --a------   C:\WINDOWS\system32\lxcrgf.dll
2006-12-24   15:45   86,016   --a------   C:\WINDOWS\system32\lxcrcub.dll
2006-12-24   15:45   73,728   --a------   C:\WINDOWS\system32\lxcrcu.dll
2006-12-24   15:45   73,728   --a------   C:\WINDOWS\system32\LXCRcfg.dll
2006-12-24   15:45   667,648   --a------   C:\WINDOWS\system32\lxcrpmui.dll
2006-12-24   15:45   610,304   --a------   C:\WINDOWS\system32\lxcrcomc.dll
2006-12-24   15:45   536,576   --a------   C:\WINDOWS\system32\lxcrlmpm.dll
2006-12-24   15:45   495,616   --a------   C:\WINDOWS\system32\lxcrcoms.exe
2006-12-24   15:45   446,464   --a------   C:\WINDOWS\system32\lxcrutil.dll
2006-12-24   15:45   421,888   --a------   C:\WINDOWS\system32\lxcrcomm.dll
2006-12-24   15:45   380,928   --a------   C:\WINDOWS\system32\lxcrih.exe
2006-12-24   15:45   36,864   --a------   C:\WINDOWS\system32\lxcrcur.dll
2006-12-24   15:45   233,472   --a------   C:\WINDOWS\system32\LXCRinst.dll
2006-12-24   15:45   200,704   --a------   C:\WINDOWS\system32\lxcrinsb.dll
2006-12-24   15:45   163,840   --a------   C:\WINDOWS\system32\lxcrprox.dll
2006-12-24   15:45   155,648   --a------   C:\WINDOWS\system32\lxcrins.dll
2006-12-24   15:45   139,264   --a------   C:\WINDOWS\system32\lxcrjswr.dll
2006-12-24   15:45   114,688   --a------   C:\WINDOWS\system32\lxcrpplc.dll
2006-12-24   15:45   106,496   --a------   C:\WINDOWS\system32\lxcrinsr.dll
2006-12-24   15:45   1,183,744   --a------   C:\WINDOWS\system32\lxcrserv.dll
2006-12-23   01:06   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\HipSoft
2006-12-21   00:30   <DIR>   d--------   C:\Program Files\Common Files\Sandlot Shared
2006-12-21   00:30   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Sandlot Games
2006-12-20   03:46   <DIR>   d--hs----   C:\WINDOWS\ftpcache
2006-12-19   18:01   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\PlayFirst
2006-12-19   00:03   <DIR>   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\PlayFirst
2006-12-17   15:42   <DIR>   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\MSNInstaller
2006-12-17   14:17   <DIR>   d--------   C:\WINDOWS\pss
2006-12-17   12:46   <DIR>   d--------   C:\Config.Msi
2006-12-17   01:04   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Adobe
2006-12-17   00:59   90,112   --a------   C:\WINDOWS\system32\mcrtl32.dll
2006-12-17   00:59   32,768   --a------   C:\WINDOWS\system32\instlsp.exe
2006-12-17   00:59   131,072   --a------   C:\WINDOWS\system32\mclsp.dll
2006-12-17   00:59   11,264   --a------   C:\WINDOWS\system32\sporder.dll
2006-12-17   00:59   <DIR>   d--------   C:\WINDOWS\system32\mclsphlr
2006-12-13   19:46   <DIR>   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\AdobeUM
2006-12-12   11:30   520,192   --a------   C:\WINDOWS\system32\DivXsm.exe
2006-12-12   11:30   3,596,288   --a------   C:\WINDOWS\system32\qt-dx331.dll
2006-12-12   11:30   200,704   --a------   C:\WINDOWS\system32\ssldivx.dll
2006-12-12   11:30   1,044,480   --a------   C:\WINDOWS\system32\libdivx.dll
2006-12-12   11:25   806,912   --a------   C:\WINDOWS\system32\divx_xx0c.dll
2006-12-12   11:25   806,912   --a------   C:\WINDOWS\system32\divx_xx07.dll
2006-12-12   11:25   790,528   --a------   C:\WINDOWS\system32\divx_xx11.dll
2006-12-12   11:25   73,728   --a------   C:\WINDOWS\system32\dpl100.dll
2006-12-12   11:25   635,486   --a------   C:\WINDOWS\system32\DivX.dll
2006-12-12   11:25   593,920   --a------   C:\WINDOWS\system32\dpuGUI11.dll
2006-12-12   11:25   57,344   --a------   C:\WINDOWS\system32\dpv11.dll
2006-12-12   11:25   53,248   --a------   C:\WINDOWS\system32\dpuGUI10.dll
2006-12-12   11:25   344,064   --a------   C:\WINDOWS\system32\dpus11.dll
2006-12-12   11:25   294,912   --a------   C:\WINDOWS\system32\dpu11.dll
2006-12-12   11:25   294,912   --a------   C:\WINDOWS\system32\dpu10.dll
2006-12-12   11:25   196,608   --a------   C:\WINDOWS\system32\dtu100.dll
2006-12-12   11:24   12,288   --a------   C:\WINDOWS\system32\DivXWMPExtType.dll
2006-12-12   11:24   118,784   --a------   C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2006-12-08   20:37   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\CyberLink
2006-12-07   23:12   <DIR>   d---s----   C:\Documents and Settings\Owner.LAPPY\UserData
2006-12-07   20:59   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-12-07   20:55   <DIR>   d--h-----   C:\WINDOWS\msdownld.tmp
2006-12-07   20:55   <DIR>   d--------   C:\Program Files\Yahoo!
2006-12-07   19:23   <DIR>   d--------   C:\WINDOWS\WBEM
2006-12-07   19:23   <DIR>   d--------   C:\WINDOWS\system32\en-US
2006-12-07   19:19   121,856   ---------   C:\WINDOWS\system32\xmllite.dll
2006-12-07   19:18   <DIR>   d--------   C:\WINDOWS\network diagnostic
2006-12-07   19:07   <DIR>   d--------   C:\WINDOWS\Downloaded Installations
2006-12-07   19:07   <DIR>   d--------   C:\Start Menu
2006-12-07   19:07   <DIR>   d--------   C:\Program Files\MTV Networks

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-05 16:19   --------   d--------   C:\Program Files\Mozilla Firefox
2007-01-04 02:24   2030   --a------   C:\Documents and Settings\Owner.LAPPY\Application Data\wklnhst.dat
2007-01-03 02:30   --------   d--------   C:\Program Files\Napster
2007-01-02 03:24   --------   d--------   C:\Program Files\Gateway Games
2006-12-28 19:35   --------   d--------   C:\Program Files\lx_cats
2006-12-26 14:35   --------   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\Adobe
2006-12-26 14:32   --------   d--------   C:\Program Files\Common Files\Adobe
2006-12-26 14:32   --------   d--------   C:\Program Files\Adobe
2006-12-25 04:55   --------   d--------   C:\Program Files\Lexmark Fax Solutions
2006-12-24 15:46   --------   d--------   C:\Program Files\Lexmark Toolbar
2006-12-21 00:30   --------   d--------   C:\Program Files\Common Files
2006-12-19 00:03   --------   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\Macromedia
2006-12-18 00:09   --------   d---s----   C:\Documents and Settings\Owner.LAPPY\Application Data\Microsoft
2006-12-17 15:42   --------   d--------   C:\Program Files\MSN
2006-12-17 15:24   --------   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\McAfee.com Personal Firewall
2006-12-17 00:59   --------   d--------   C:\Program Files\McAfee.com
2006-12-13 13:10   --------   d--------   C:\Program Files\Common Files\System
2006-12-13 13:03   --------   d--------   C:\Program Files\Internet Explorer
2006-12-13 13:01   --------   d--------   C:\Program Files\Outlook Express
2006-12-12 11:30   20640   ---------   C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-12-07 23:22   --------   d--------   C:\Program Files\QuickTime
2006-12-07 20:50   --------   d--------   C:\Program Files\Google
2006-12-07 19:26   --------   d--------   C:\Program Files\WinRAR
2006-12-05 19:58   --------   d--------   C:\Program Files\Common Files\AOL
2006-12-04 02:20   --------   d--------   C:\Program Files\AIM6
2006-12-04 02:20   --------   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\acccore
2006-12-04 02:18   --------   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla
2006-12-03 02:31   --------   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\Apple Computer
2006-11-30 16:51   --------   d--------   C:\Program Files\AIM
2006-11-29 23:44   --------   d--------   C:\Program Files\Java
2006-11-29 23:34   --------   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\FaxCtr
2006-11-29 23:31   --------   d--------   C:\Program Files\Windows Media Player
2006-11-29 23:12   --------   d--------   C:\Program Files\Windows Media Connect 2
2006-11-29 14:57   --------   d--------   C:\Program Files\iTunes
2006-11-29 14:57   --------   d--------   C:\Program Files\iPod
2006-11-29 14:55   --------   d--------   C:\Program Files\Apple Software Update
2006-11-29 13:26   --------   d--------   C:\Program Files\Abbyy FineReader 6.0 Sprint
2006-11-26 03:03   --------   d--------   C:\Program Files\MSXML 4.0
2006-11-26 01:43   --------   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\Real
2006-11-26 01:36   --------   d--------   C:\Program Files\Common Files\xing shared
2006-11-26 01:36   --------   d--------   C:\Program Files\Common Files\Real
2006-11-24 18:50   --------   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\Sun
2006-11-24 18:03   --------   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\Help
2006-11-24 15:47   --------   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\Google
2006-11-24 14:18   --------   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\WildTangent
2006-11-24 13:19   --------   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\Aim
2006-11-24 13:18   --------   d--------   C:\Program Files\AOD
2006-11-24 13:09   15781   --a------   C:\WINDOWS\system32\drivers\mdc8021x.sys
2006-11-24 13:09   --------   d--h-----   C:\Program Files\InstallShield Installation Information
2006-11-24 13:09   --------   d--------   C:\Program Files\Belkin
2006-11-24 10:29   --------   d--------   C:\Documents and Settings\Owner.LAPPY\Application Data\Template
2006-11-24 10:24   --------   d--------   C:\Program Files\Pure Networks
2006-11-08 00:06   679424   --a------   C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14   1245696   --a------   C:\WINDOWS\system32\msxml4.dll
2006-10-19 08:56   713216   --a------   C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58   8704   --a------   C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58   8704   --a------   C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47   99840   --a------   C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47   991744   --a------   C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47   937984   --a------   C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47   8231936   --a------   C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47   767488   ---------   C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47   757248   --a------   C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47   7168   --a------   C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47   656896   ---------   C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47   63488   --a------   C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47   629760   --a------   C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47   613376   ---------   C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47   603648   --a------   C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47   542720   --a------   C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47   535040   --a------   C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47   429056   ---------   C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47   414208   --a------   C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47   38400   ---------   C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47   37376   --a------   C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47   35840   --a------   C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47   356352   --a------   C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47   348672   --a------   C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47   33792   --a------   C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47   321536   --a------   C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47   317440   ---------   C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47   314880   --a------   C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47   295936   ---------   C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47   284160   ---------   C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47   276992   --a------   C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47   27136   --a------   C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47   2603008   ---------   C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47   259072   ---------   C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47   259072   ---------   C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47   2450944   --a------   C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47   242688   --a------   C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47   229376   --a------   C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47   227328   --a------   C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47   222208   --a------   C:\WINDOWS\system32\WMASF.dll
2006-10-18 21:47   212992   --a------   C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47   211456   --a------   C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47   204288   --a------   C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47   199168   ---------   C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47   179712   --a------   C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47   175616   --a------   C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47   166912   ---------   C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47   1661440   --a------   C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47   1574912   ---------   C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47   157184   --a------   C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47   154624   --a------   C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47   1543680   ---------   C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47   1382912   ---------   C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47   133632   ---------   C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47   1329152   --a------   C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47   132096   ---------   C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47   130048   ---------   C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47   11264   --a------   C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47   1117696   --a------   C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47   101888   ---------   C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03   100864   --a------   C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00   249856   --a------   C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00   17408   ---------   C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 13:01   13312   --a------   C:\WINDOWS\system32\ieudinit.exe
2006-10-13 07:35   65536   --a------   C:\WINDOWS\system32\nwwks.dll
2006-10-13 07:35   64000   --a------   C:\WINDOWS\system32\nwapi32.dll
2006-10-13 07:35   142336   --a------   C:\WINDOWS\system32\nwprovau.dll
2006-10-09 16:15   1669632   --a------   C:\WINDOWS\system32\msvidctl.dll
2006-10-09 16:12   456192   --a------   C:\WINDOWS\system32\encdec.dll
2006-10-09 16:12   291840   --a------   C:\WINDOWS\system32\sbe.dll
2006-10-09 16:12   235008   ---------   C:\WINDOWS\system32\psisdecd.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Aim6"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"MCUpdateExe"="C:\\PROGRA~1\\McAfee.com\\Agent\\McUpdate.exe"
"MCAgentExe"="C:\\PROGRA~1\\McAfee.com\\Agent\\McAgent.exe"
"MPFEXE"="\"C:\\Program Files\\McAfee.com\\Personal Firewall\\MPFTray.exe\""
"lxcrmon.exe"="\"C:\\Program Files\\Lexmark 2400 Series\\lxcrmon.exe\""
"EzPrint"="\"C:\\Program Files\\Lexmark 2400 Series\\ezprint.exe\""
"FaxCenterServer"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"LXCRCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCRtime.dll,_RunDLLEntry@16"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"MSKAGENTEXE"="C:\\PROGRA~1\\mcafee\\SPAMKI~1\\mskagent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,23,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin 802.11g Wireless Card Utility.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Belkin 802.11g Wireless Card Utility.lnk"
"backup"="C:\\WINDOWS\\pss\\Belkin 802.11g Wireless Card Utility.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Belkin\\BELKIN~1.11G\\utility.exe "
"item"="Belkin 802.11g Wireless Card Utility"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\BigFix.lnk"
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BigFix\\bigfix.exe /atstartup"
"item"="BigFix"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^REALTEK RTL8187 Wireless LAN Utility.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\REALTEK RTL8187 Wireless LAN Utility.lnk"
"backup"="C:\\WINDOWS\\pss\\REALTEK RTL8187 Wireless LAN Utility.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\REALTE~1\\RtWLan.exe /H"
"item"="REALTEK RTL8187 Wireless LAN Utility"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim6"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\AIM6\\aim6.exe\" /d locale=en-US ee://aol/imApp"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ares"
"hkey"="HKCU"
"command"="\"F:\\Program Files\\Ares Lite Edition\\Ares.exe\" -h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cli"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bittorrent"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\BitTorrent\\bittorrent.exe\" --force_start_minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WLTRAY"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\WLTRAY.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ehome\\ehtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ezprint"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark 2400 Series\\ezprint.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fm3032"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark Fax Solutions\\fm3032.exe\" /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleDesktop"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcrmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxcrmon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark 2400 Series\\lxcrmon.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McAgent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\McAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="McUpdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPFExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MpfTray"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee.com\\PERSON~1\\MpfTray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPSExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mscifapp"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\mps\\mscifapp.exe /embedding"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKAGENTEXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MskAgent"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MskAgent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSKDetct"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\McAfee\\SPAMKI~1\\MSKDetct.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="oasclnt"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NA"
"hkey"="HKCU"
"command"="NA"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Remind_XP"
"hkey"="HKLM"
"command"="%WINDIR%\\Creator\\Remind_XP.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="stsystra"
"hkey"="HKLM"
"command"="stsystra.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sm56hlpr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Motorola\\SMSERIAL\\sm56hlpr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.5008\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPLpr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusScan Online]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcvsshld"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VSOCheckTask]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcmnhdlr"
"hkey"="HKLM"
"command"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MskService"=dword:00000002
"MpfService"=dword:00000002
"mcupdmgr.exe"=dword:00000003
"McTskshd.exe"=dword:00000002
"McShield"=dword:00000002
"McDetect.exe"=dword:00000002
"lxcr_device"=dword:00000003
"Ati HotKey Poller"=dword:00000002
"ose"=dword:00000003
"PrismXL"=dword:00000002

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (LAPPY-Owner).job

Completion time: 07-01-05 16:50:21.22
C:\ComboFix.txt ... 07-01-05 16:50

guestolo · « **Reply #6 on:** January 05, 2007, 05:26:14 PM »

Use Windows Explorer and delete the next 2 files
C:\WINDOWS\system32\vbzip10.dll <-file
C:\WINDOWS\b.exe

Run a fresh updated scan with ad-Aware and let it remove all Critical objects

==Download AVG Anti-Spyware 7.5

Save the installer to desktop
Double click the installer, select your language, and then select "OK"
Click NEXT>>>Select I Agree>>>NEXT>>>INSTALL
AVG will now install and afterwards click FINISH
AVG Anti-Spyware 7.5 should now Load
Click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner tab at the top
Click the "Settings" tab and then change the recommended action under "How to Act" to Quarantine and ensure that Automatically generate report after every scan IS selected and
"Only if Threats are found" IS NOT selected
Click back to the "Scan" tab and then click on Complete System Scan.
This scan can take a while to run, let it run uninterrupted
When the scan is complete it will list any infections found on the left hand side.
Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file (like on the Desktop).
An AVG antispyware icon will be placed in your system tray next to your clock, you can right on it and uncheck

"Resident Shield" , "Automatic updates" and "Start with Windows"
[/list]Reboot the computer
Come back here and post a fresh hijackthis log and the Whole report from AVG please
also, let me know how things are running

ivy90 · « **Reply #7 on:** January 05, 2007, 07:19:33 PM »

when i was running the avg anti-virus program, a little screen popped up and it said it found a malware. WINDOWS\System32\java52e.dll

i didnt know what to do so it recommended that i ignored it, was that the right thing to do?

ivy90 · « **Reply #8 on:** January 05, 2007, 07:49:35 PM »

it found a couple more stuff, like... Worm.VB.dw, Backdoor.Rbot, Dropper.VB.lu

ivy90 · « **Reply #9 on:** January 05, 2007, 08:01:56 PM »

here is hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 7:58:27 PM, on 1/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRserv.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6447
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6447
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6447
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LXCRCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCRserv.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

here is avg anti virus:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:54:43 PM 1/5/2007

+ Scan result:

C:\WINDOWS\system32\java52e.dll -> Adware.BHO : Cleaned with backup (quarantined).
[240] C:\WINDOWS\System32\java52e.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msscsi.dll -> Adware.VB : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP62\A0029107.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP62\A0030191.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP62\A0030192.exe -> Dropper.VB.lu : Cleaned with backup (quarantined).
:mozilla.125:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.82:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner.LAPPY\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner.LAPPY\Cookies\owner@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.34:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.36:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.19:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Owner.LAPPY\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.152:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.85:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner.LAPPY\Cookies\[email protected][1].txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.90:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.100:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.139:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Owner.LAPPY\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.209:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.210:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.211:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.228:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.194:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.195:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.208:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Owner.LAPPY\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.86:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.81:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.107:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.181:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
C:\Documents and Settings\Owner.LAPPY\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.101:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.21:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.22:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.15:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.132:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.167:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.17:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.18:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner.LAPPY\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.91:C:\Documents and Settings\Owner.LAPPY\Application Data\Mozilla\Firefox\Profiles\c6x73bwi.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP62\A0029106.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E015214-6BB0-4181-B365-456CF1DEC069}\RP62\A0030194.exe -> Worm.VB.dw : Cleaned with backup (quarantined).

::Report end

guestolo · « **Reply #10 on:** January 06, 2007, 12:59:07 AM »

That's looking good, but I want to see everything running on startup please
Can you do the following
You can disable startup entries at a later time

Go to START>>RUN>>type in msconfig
Hit OK
Under the SERVICES tab>>Enable ALL>>Apply it
Under the STARTUP tab >>Enable All>>Apply it
Under the General tab >> Ensure Normal Startup is selected it>>APPLY it and CLOSE
Restart the computer

Come back here and post a fresh hijackthis log
Let's see what we're left with

ivy90 · « **Reply #11 on:** January 06, 2007, 02:12:54 AM »

Logfile of HijackThis v1.99.1
Scan saved at 2:09:42 AM, on 1/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRserv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\mcafee.com\agent\McAgent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\REALTEK RTL8187 Wireless LAN Driver and Utility\RtWLan.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6447
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6447
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6447
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MPFEXE] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [ares] "F:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: REALTEK RTL8187 Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LXCRCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCRserv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Piny Life.Wired · « **Reply #12 on:** January 06, 2007, 05:34:52 AM »

Glad to see Guestolo helped another

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\'

\' />

guestolo · « **Reply #13 on:** January 06, 2007, 12:49:32 PM »

Can I see another log please
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Quote

i have internet explorer? i thought i deleted that and that bearflix crap

I take it you don't want bearflix as your start page?

Also, can you do the following
In Firefox>>Click on TOOLS>>ADDONS
Under Extensions, do you have any installed
If so, which ones?

ivy90 · « **Reply #14 on:** January 06, 2007, 03:32:00 PM »

kk this is the unistall thing :

ABBYY FineReader 6.0 Sprint
AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0.8
Adobe Shockwave Player
AIM 6.0
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Instant Messenger
AOL You've Got Pictures Screensaver
Apple Software Update
Ares 1.9.6
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Anti-Spyware 7.5
Belkin 802.11g Wireless Card
BigFix
BitComet 0.81
Broadcom 802.11 Network Adapter
Browser Address Error Redirector
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DVD Solution
Final Drive Fury
Gateway Game Console
Google Desktop
gtw_logo
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB888795)
Hotfix for Windows XP (KB891593)
Hotfix for Windows XP (KB895961)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB899337)
Hotfix for Windows XP (KB899510)
Hotfix for Windows XP (KB902841)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912024)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB914906)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 9
Lexmark 2400 Series
Lexmark Fax Solutions
McAfee Uninstall Wizard
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Starter Edition 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2006
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Motorola SM56 Data Fax Modem
Mozilla Firefox (2.0.0.1)
MSXML 4.0 SP2 (KB927978)
Napster Burn Engine
Power2Go 4.0
PowerDVD
QuickTime
RealPlayer
REALTEK RTL8187 Wireless LAN Driver and Utility
Sandlot Games Client Services
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917537)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
SigmaTel Audio
Sonic Encoders
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update Rollup 2 for Windows XP Media Center Edition 2005
URGE
Viewpoint Media Player
WildTangent Web Driver
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB889673
Windows XP Media Center Edition 2005 KB925766
WinRAR archiver
XviD MPEG-4 Video Codec
Yahoo! Toolbar for Internet Explorer

and for addons..i have..:

mcafee siteadvisor 26.1 and talkback 2.0.0.1
i can't view window media clips or videos on mozilla, do you know the plug in for that?

ivy90 · « **Reply #15 on:** January 06, 2007, 03:33:30 PM »

i remember i deleted internet explorer cause im just using firefox..but i found a folder named internet explorer with bearflix stuff..and under internet options, it says that my homepage is google.com but associated with bearflix..but im kind of lost?

guestolo · « **Reply #16 on:** January 07, 2007, 05:47:04 PM »

Quote

i remember i deleted internet explorer cause im just using firefox

Don't try and delete the Internet Explorer folder
You probably just removed the IE icon from desktop

Can you do the following
Open the Java Icon in the Windows control panel
Under the General tab>>Delete files
Leave all 3 selections selected and click OK
Exit Java

Access your add/remove programs
Remove older updates of Java, this includes
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 9

Remove the next 2 also if you didn't intentionally install them, they could of got installed with AIM
and not needed
Viewpoint Media Player
WildTangent Web Driver

Could I have you run one more scanner please
Download and Install Spybot 1.4 from
HERE

After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and then download all updates
Ensure all updates are successful, a [color=\"#00FF00\"]GREEN[/color] check will indicate this
If you have an error updating, search for updates again and retry the download until all updates are successfully installed
After update is complete

Click the "Search & Destroy" button on the left
"Check for Problems"---When the Scan is complete
Can you do the following for me please
Right click in the Results pane and Save a full report
Save this too desktop
FIX all selected promblems in RED

Do a "System scan only" with Hijackthis and put a check next to these entries:
I've included some legit entries that don't need to be running on startup and you had disabled earlier

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.bearflix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6447
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6447
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6447

O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [ares] "F:\Program Files\Ares Lite Edition\Ares.exe" -h
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe

After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

RESTART the computer to finish any cleaning process

Delete this folder if found
C:\Program Files\BearFlix <-folder

Access "Internet Options" via Control Panel
Under the Program tab>>Reset Web Settings
Under the General tab>>Reset Home page to preferred

Come back here and post a fresh hijackthis log and the report from Spybot please

ivy90 · « **Reply #17 on:** January 12, 2007, 01:05:37 AM »

sorry for the late reply
it wasnt letting me post comments
because of a internel problem
did it happen to you?

ivy90 · « **Reply #18 on:** January 12, 2007, 01:09:53 AM »

this is the spybot:--- Search result list ---Bearshare: Class ID (Registry key, nothing done) HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}WildTangent: Program directory (Directory, nothing done) C:\WINDOWS\wt\WildTangent: Interface (Registry key, nothing done) HKEY_CLASSES_ROOT\Interface\{1FAD572E-1A3D-44D9-9C23-A87F922DA8C0}WildTangent: Type library (Registry key, nothing done) HKEY_CLASSES_ROOT\TypeLib\{7946205B-FEF7-494F-A64B-3E992A780866}WildTangent: Uninstall settings (Registry key, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WildTangent CDAWildTangent: Root class (Registry key, nothing done) HKEY_LOCAL_MACHINE\Software\Classes\Logger.LogSessionWildTangent: Root class (Registry key, nothing done) HKEY_LOCAL_MACHINE\Software\Classes\Logger.LogSession.1WildTangent: Class ID (Registry key, nothing done) HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{A62FA99E-922E-4ECA-A1D9-B54EF294A3CC}WildTangent: Library (File, nothing done) C:\WINDOWS\wt\webdriver.dllWildTangent: Program directory (Directory, nothing done) C:\WINDOWS\wt\wtupdates\WildTangent: Program directory (Directory, nothing done) C:\WINDOWS\wt\updater\WildTangent: Program directory (Directory, nothing done) C:\WINDOWS\wt\webdriver\Microsoft.WindowsSecurityCenter.AntiVirusDisableNotify: Settings (Registry change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0Microsoft.WindowsSecurityCenter.FirewallDisableNotify: Settings (Registry change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0Advertising.com: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done) Avenue A, Inc.: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done) DoubleClick: Tracking cookie (Internet Explorer: Owner) (Cookie, nothing done) --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---2005-05-31 blindman.exe (1.0.0.1)2005-05-31 SpybotSD.exe (1.4.0.3)2005-05-31 TeaTimer.exe (1.4.0.2)2007-01-07 unins000.exe (51.41.0.0)2005-05-31 Update.exe (1.4.0.0)2006-02-06 advcheck.dll (1.0.2.0)2005-05-31 aports.dll (2.1.0.0)2005-05-31 borlndmm.dll (7.0.4.453)2005-05-31 delphimm.dll (7.0.4.453)2005-05-31 SDHelper.dll (1.4.0.0)2006-02-20 Tools.dll (2.0.0.2)2005-05-31 UnzDll.dll (1.73.1.1)2005-05-31 ZipDll.dll (1.73.2.0)2007-01-05 Includes\Cookies.sbi (*)2006-12-08 Includes\Dialer.sbi (*)2007-01-05 Includes\DialerC.sbi (*)2006-11-24 Includes\Hijackers.sbi (*)2007-01-05 Includes\HijackersC.sbi (*)2006-10-27 Includes\Keyloggers.sbi (*)2007-01-05 Includes\KeyloggersC.sbi (*)2004-11-29 Includes\LSP.sbi (*)2006-12-22 Includes\Malware.sbi (*)2007-01-05 Includes\MalwareC.sbi (*)2006-10-20 Includes\PUPS.sbi (*)2007-01-05 Includes\PUPSC.sbi (*)2007-01-05 Includes\Revision.sbi (*)2006-12-08 Includes\Security.sbi (*)2007-01-05 Includes\SecurityC.sbi (*)2006-10-13 Includes\Spybots.sbi (*)2007-01-05 Includes\SpybotsC.sbi (*)2005-02-17 Includes\Tracks.uti2006-12-08 Includes\Trojans.sbi (*)2007-01-05 Includes\TrojansC.sbi (*)--- System information ---Windows XP (Build: 2600) Service Pack 2 / .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB886903) / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) / Media Center 2005 / SP4: Update Rollup 2 for Windows XP Media Center Edition 2005 / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \nIf you later install a more recent service pack, this Security Update will be uninstalled automatically. \nFor more information, visit http://support.microsoft.com/kb/917283 / Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \nIf you later install a more recent service pack, this Security Update will be uninstalled automatically. \nFor more information, visit http://support.microsoft.com/kb/922770 / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2 / Step By Step Interactive Training / SP2: Security Update for Step By Step Interactive Training (KB898458) / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs / Windows / SP1: Microsoft National Language Support Downlevel APIs / Windows Media Player 10: Security Update for Windows Media Player 10 (KB911565) / Windows Media Player 10: Update for Windows Media Player 10 (KB913800) / Windows Media Player 10: Security Update for Windows Media Player 10 (KB917734) / Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398) / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP / Windows XP / SP3: Windows XP Hotfix - KB834707 / Windows XP / SP3: Windows XP Hotfix - KB867282 / Windows XP / SP3: Windows XP Hotfix - KB873333 / Windows XP / SP3: Windows XP Hotfix - KB873339 / Windows XP / SP3: Security Update for Windows XP (KB883939) / Windows XP / SP3: Windows XP Hotfix - KB885250 / Windows XP / SP3: Windows XP Hotfix - KB885835 / Windows XP / SP3: Windows XP Hotfix - KB885836 / Windows XP / SP3: Windows XP Hotfix - KB886185 / Windows XP / SP3: Windows XP Hotfix - KB887472 / Windows XP / SP3: Microsoft .NET Framework 1.0 Hotfix (KB887998) / Windows XP / SP3: Windows XP Hotfix - KB888113 / Windows XP / SP3: Windows XP Hotfix - KB888239 / Windows XP / SP3: Windows XP Hotfix - KB888302 / Windows XP / SP3: Hotfix for Windows XP (KB888795) / Windows XP / SP3: Windows XP Hotfix - KB889673 / Windows XP / SP3: Security Update for Windows XP (KB890046) / Windows XP / SP3: Windows XP Hotfix - KB890047 / Windows XP / SP3: Windows XP Hotfix - KB890175 / Windows XP / SP3: Windows XP Hotfix - KB890859 / Windows XP / SP3: Windows XP Hotfix - KB890923 / Windows XP / SP3: Hotfix for Windows XP (KB891593) / Windows XP / SP3: Windows XP Hotfix - KB891781 / Windows XP / SP3: Security Update for Windows XP (KB893066) / Windows XP / SP3: Windows XP Hotfix - KB893086 / Windows XP / SP3: Hotfix for Windows XP (KB893357) / Windows XP / SP3: Security Update for Windows XP (KB893756) / Windows XP / SP3: Windows Installer 3.1 (KB893803) / Windows XP / SP3: Windows Installer 3.1 (KB893803) / Windows XP / SP3: Update for Windows XP (KB894391) / Windows XP / SP3: Hotfix for Windows XP (KB895953) / Windows XP / SP3: Hotfix for Windows XP (KB896256) / Windows XP / SP3: Hotfix for Windows XP (KB896344) / Windows XP / SP3: Security Update for Windows XP (KB896358) / Windows XP / SP3: Security Update for Windows XP (KB896422) / Windows XP / SP3: Security Update for Windows XP (KB896423) / Windows XP / SP3: Security Update for Windows XP (KB896424) / Windows XP / SP3: Security Update for Windows XP (KB896428) / Windows XP / SP3: Security Update for Windows XP (KB896688) / Windows XP / SP3: Update for Windows XP (KB896727) / Windows XP / SP3: Update for Windows XP (KB898461) / Windows XP / SP3: Hotfix for Windows XP (KB899337) / Windows XP / SP3: Hotfix for Windows XP (KB899510) / Windows XP / SP3: Security Update for Windows XP (KB899587) / Windows XP / SP3: Security Update for Windows XP (KB899588) / Windows XP / SP3: Security Update for Windows XP (KB899589) / Windows XP / SP3: Security Update for Windows XP (KB899591) / Windows XP / SP3: Update for Windows XP (KB900485) / Windows XP / SP3: Security Update for Windows XP (KB900725) / Windows XP / SP3: Security Update for Windows XP (KB901017) / Windows XP / SP3: Security Update for Windows XP (KB901214) / Windows XP / SP3: Security Update for Windows XP (KB902400) / Windows XP / SP3: Hotfix for Windows XP (KB902841) / Windows XP / SP3: Security Update for Windows XP (KB903235) / Windows XP / SP3: Security Update for Windows XP (KB904706) / Windows XP / SP3: Update for Windows XP (KB904942) / Windows XP / SP3: Security Update for Windows XP (KB905414) / Windows XP / SP3: Security Update for Windows XP (KB905749) / Windows XP / SP3: Security Update for Windows XP (KB905915) / Windows XP / SP3: Hotfix for Windows XP (KB906569) / Windows XP / SP3: Security Update for Windows XP (KB908519) / Windows XP / SP3: Security Update for Windows XP (KB908531) / Windows XP / SP3: Hotfix for Windows XP (KB909095) / Windows XP / SP3: Update for Windows XP (KB910437) / Windows XP / SP3: Hotfix for Windows XP (KB910728) / Windows XP / SP3: Update for Windows XP (KB911280) / Windows XP / SP3: Security Update for Windows XP (KB911562) / Windows XP / SP3: Security Update for Windows XP (KB911567) / Windows XP / SP3: Security Update for Windows XP (KB911927) / Windows XP / SP3: Hotfix for Windows XP (KB912024) / Windows XP / SP3: Security Update for Windows XP (KB912812) / Windows XP / SP3: Security Update for Windows XP (KB912919) / Windows XP / SP3: Update for Windows XP (KB912945) / Windows XP / SP3: Security Update for Windows XP (KB913580) / Windows XP / SP3: Security Update for Windows XP (KB914388) / Windows XP / SP3: Security Update for Windows XP (KB914389) / Windows XP / SP3: Hotfix for Windows XP (KB914440) / Windows XP / SP3: Hotfix for Windows XP (KB914906) / Windows XP / SP3: Hotfix for Windows XP (KB915865) / Windows XP / SP3: Security Update for Windows XP (KB916281) / Windows XP / SP3: Update for Windows XP (KB916595) / Windows XP / SP3: Security Update for Windows XP (KB917159) / Windows XP / SP3: Security Update for Windows XP (KB917344) / Windows XP / SP3: Security Update for Windows XP (KB917422) / Windows XP / SP3: Security Update for Windows XP (KB917537) / Windows XP / SP3: Security Update for Windows XP (KB917953) / Windows XP / SP3: Security Update for Windows XP (KB918439) / Windows XP / SP3: Security Update for Windows XP (KB919007) / Windows XP / SP3: Security Update for Windows XP (KB920213) / Windows XP / SP3: Security Update for Windows XP (KB920214) / Windows XP / SP3: Security Update for Windows XP (KB920670) / Windows XP / SP3: Security Update for Windows XP (KB920683) / Windows XP / SP3: Security Update for Windows XP (KB920685) / Windows XP / SP3: Update for Windows XP (KB920872) / Windows XP / SP3: Security Update for Windows XP (KB921398) / Windows XP / SP3: Update for Windows XP (KB922582) / Windows XP / SP3: Security Update for Windows XP (KB922616) / Windows XP / SP3: Security Update for Windows XP (KB922760) / Windows XP / SP3: Security Update for Windows XP (KB922819) / Windows XP / SP3: Security Update for Windows XP (KB923191) / Windows XP / SP3: Security Update for Windows XP (KB923414) / Windows XP / SP3: Security Update for Windows XP (KB923694) / Windows XP / SP3: Security Update for Windows XP (KB923980) / Windows XP / SP3: Security Update for Windows XP (KB924191) / Windows XP / SP3: Security Update for Windows XP (KB924270) / Windows XP / SP3: Security Update for Windows XP (KB924496) / Windows XP / SP3: Security Update for Windows XP (KB925454) / Windows XP / SP3: Security Update for Windows XP (KB925486) / Windows XP / SP3: Hotfix for Windows XP (KB926239) / Windows XP / SP3: Security Update for Windows XP (KB926255)--- Startup entries list ---Located: HK_LM:Run, LXCRCATScommand: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 file:Located: HK_LM:Run, MCAgentExecommand: c:\PROGRA~1\mcafee.com\agent\McAgent.exe file: c:\PROGRA~1\mcafee.com\agent\McAgent.exe size: 303104 MD5: e8d2dcece015f4558aa3853514664f15Located: HK_LM:Run, MCUpdateExecommand: c:\PROGRA~1\mcafee.com\agent\mcupdate.exe file: c:\PROGRA~1\mcafee.com\agent\mcupdate.exe size: 212992 MD5: dec79e9887924b82837b9b7730ecaa1fLocated: HK_LM:Run, MPFEXEcommand: "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe" file: C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe size: 1005096 MD5: d76dcba1bce72093e00a4efa114a4e98Located: HK_LM:Run, MSKAGENTEXEcommand: C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe file: C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe size: 110592 MD5: cb760add3ca741dfd499e289dc682f02Located: HK_LM:Run, SunJavaUpdateSchedcommand: "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" file: C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe size: 49263 MD5: 3aa5d60b77ce19b1f2521f532ab986e7Located: HK_CU:Run, Aim6command: "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp file: C:\Program Files\AIM6\aim6.exe size: 50736 MD5: b6c1d859d1c25e80ab655bd5f4a6884bLocated: HK_CU:Run, MSMSGScommand: "C:\Program Files\Messenger\msmsgs.exe" /background file: C:\Program Files\Messenger\msmsgs.exe size: 1694208 MD5: 74e6e96c6f0e2eca4edbb7f7a468f259Located: System.ini, AtiExtEventcommand: Ati2evxx.dll file: Ati2evxx.dllLocated: System.ini, crypt32chaincommand: crypt32.dll file: crypt32.dllLocated: System.ini, cryptnetcommand: cryptnet.dll file: cryptnet.dllLocated: System.ini, cscdllcommand: cscdll.dll file: cscdll.dllLocated: System.ini, ScCertPropcommand: wlnotify.dll file: wlnotify.dllLocated: System.ini, Schedulecommand: wlnotify.dll file: wlnotify.dllLocated: System.ini, sclgntfycommand: sclgntfy.dll file: sclgntfy.dllLocated: System.ini, SensLogncommand: WlNotify.dll file: WlNotify.dllLocated: System.ini, termsrvcommand: wlnotify.dll file: wlnotify.dllLocated: System.ini, wlballooncommand: wlnotify.dll file: wlnotify.dll--- Browser helper object list ---{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} (BitComet ClickCapture) BHO name: BitComet ClickCapture CLSID name: BitComet Helper Path: C:\Program Files\BitComet\tools\ Long name: BitCometBHO.dll Short name: BITCOM~2.DLL Date (created): 12/27/2006 10:00:32 AMDate (last access): 1/7/2007 8:54:46 PM Date (last write): 12/27/2006 10:00:32 AM Filesize: 325184 Attributes: archive MD5: 957D8A9EB70FD9A668E7BECAACD1F249 CRC32: 0FDD58F8 Version: 1.0.12.26{3EC8255F-E043-4cae-8B3B-B191550C2A22} (McAfee PopupKiller) BHO name: McAfee PopupKiller CLSID name: McAfee Privacy Service Popup Blocker Path: c:\program files\mcafee.com\mps\ Long name: PopupKiller.dll Short name: POPUPK~1.DLL Date (created): 12/17/2006 12:59:38 AMDate (last access): 1/7/2007 9:00:52 PM Date (last write): 9/28/2005 4:28:10 PM Filesize: 132648 Attributes: archive MD5: 77D107A323259FF27D6121CA30304C82 CRC32: ADBD1E43 Version: 8.1.0.120{41D68ED8-4CFF-4115-88A6-6EBB8AF19000} (McAfee AntiPhishing Filter) BHO name: CLSID name: McAfee AntiPhishing Filter Path: c:\PROGRA~1\mcafee\SPAMKI~1\ Long name: McApfBHO.dll Short name: Date (created): 10/21/2006 10:08:56 PMDate (last access): 1/7/2007 9:00:52 PM Date (last write): 11/3/2005 2:10:32 PM Filesize: 348160 Attributes: archive MD5: D035A02257CEE3F6A1F6115AF5AD3F54 CRC32: 2EA64926 Version: 7.0.2.3{CA6319C0-31B7-401E-A518-A07C3DB8F777} (CBrowserHelperObject Object) BHO name: CLSID name: CBrowserHelperObject Object Path: c:\windows\system32\ Long name: bae.dll Short name: Date (created): 10/21/2006 9:44:52 PMDate (last access): 1/7/2007 9:00:52 PM Date (last write): 1/31/2006 1:54:30 PM Filesize: 94208 Attributes: archive MD5: 3467178AE878796650290CA54361C810 CRC32: 9C59917B Version: 1.1.0.1--- ActiveX list ---{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0) DPF name: Java Runtime Environment 1.5.0 CLSID name: Java Plug-in 1.5.0_10 Installer: Codebase: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab Path: C:\Program Files\Java\jre1.5.0_10\bin\ Long name: NPJPI150_10.dll Short name: NPJPI1~1.DLL Date (created): 11/9/2006 3:07:34 PMDate (last access): 1/6/2007 2:49:06 AM Date (last write): 11/9/2006 3:21:54 PM Filesize: 75528 Attributes: archive MD5: 635F4B3A0F1C661B5CEDE628BA85E46B CRC32: 0C9B7145 Version: 5.0.100.3--- Process list ---PID: 0 ( 0) [System]PID: 868 ( 4) \SystemRoot\System32\smss.exePID: 940 ( 868) \??\C:\WINDOWS\system32\csrss.exePID: 968 ( 868) \??\C:\WINDOWS\system32\winlogon.exePID: 1016 ( 968) C:\WINDOWS\system32\services.exe size: 108032 MD5: C6CE6EEC82F187615D1002BB3BB50ED4PID: 1028 ( 968) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: 84885F9B82F4D55C6146EBF6065D75D2PID: 1184 (1016) C:\WINDOWS\system32\Ati2evxx.exe size: 405504 MD5: 5784A06FDC2AC7954225A1A79E1A8F00PID: 1196 (1016) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 1280 (1016) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 1432 (1016) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 1488 (1016) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 1664 (1016) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 128 (1016) C:\WINDOWS\System32\WLTRYSVC.EXE size: 18944 MD5: 61E71BC3CD3530444000A9B68F7EE931PID: 252 ( 212) C:\WINDOWS\Explorer.EXE size: 1032192 MD5: A0732187050030AE399B241436565E64PID: 360 (1016) C:\WINDOWS\system32\spoolsv.exe size: 57856 MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9FPID: 744 (1016) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe size: 204800 MD5: E8FBDCC8D618D1BB84B828F247A6244BPID: 768 (1016) C:\WINDOWS\eHome\ehRecvr.exe size: 237568 MD5: 5D1347AA5AE6E2F77D7F4F8372D95AC9PID: 848 (1016) C:\WINDOWS\eHome\ehSched.exe size: 102912 MD5: A53243709439AC2A4C216B817F8D7411PID: 1156 (1016) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRserv.exe size: 61440 MD5: 2B12A8CCDFB6E9AAA978AED233972A70PID: 1360 (1016) c:\program files\mcafee.com\agent\mcdetect.exe size: 126976 MD5: F73B0F3EBD90B1C87A3B93BE94E831C7PID: 1400 (1016) c:\PROGRA~1\mcafee.com\vso\mcshield.exe size: 221184 MD5: FAE84A2F9C11B7C532950BF0AE1EC26APID: 1520 (1016) c:\PROGRA~1\mcafee.com\agent\mctskshd.exe size: 122368 MD5: A214E217784D1002411DCA8E9793D4A4PID: 1612 (1400) c:\PROGRA~1\mcafee.com\vso\OasClnt.exe size: 53248 MD5: 76E033F33912BFACA4A05BE8D1F3A740PID: 1968 (1016) C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe size: 548864 MD5: 316535E69181703D4CE4623DEA29FECBPID: 2012 (1196) c:\program files\mcafee.com\vso\mcvsshld.exe size: 163840 MD5: B154AC6DBD82F96476003E58E1625BD8PID: 1704 (2012) c:\program files\mcafee.com\agent\mcagent.exe size: 303104 MD5: E8D2DCECE015F4558AA3853514664F15PID: 272 (2012) c:\progra~1\mcafee.com\vso\mcvsescn.exe size: 483328 MD5: 3B1A1BAA8D7444DEFCE4093611212ED6PID: 1392 ( 252) C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe size: 110592 MD5: CB760ADD3CA741DFD499E289DC682F02PID: 1424 ( 252) C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe size: 1005096 MD5: D76DCBA1BCE72093E00A4EFA114A4E98PID: 2276 (1196) c:\progra~1\mcafee.com\vso\mcvsftsn.exe size: 299008 MD5: FBB63395BDE6DBE39D4D469A046D5311PID: 2372 (1016) C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS size: 172032 MD5: 33D7285F12D934268A34206DFC4AD1B3PID: 2488 (1016) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 2644 (1016) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 2728 (1016) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716PID: 3096 (1016) C:\WINDOWS\ehome\mcrdsvc.exe size: 99328 MD5: DF0A511F38F16016BF658FCA0090CB87PID: 3744 (1016) C:\WINDOWS\system32\dllhost.exe size: 5120 MD5: DD87DB7387B9EB441C5674888A0D840CPID: 3884 (1016) C:\WINDOWS\system32\lxcrcoms.exe size: 495616 MD5: 0D61D164E07C514570D243FFA347C3A7PID: 1388 (1016) C:\WINDOWS\System32\alg.exe size: 44544 MD5: F1958FBF86D5C004CF19A5951A9514B7PID: 2064 (1196) C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe size: 524288 MD5: EFFC4B0F270FC1A6EDF49A274BF5CDF8PID: 648 ( 252) C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe size: 630872 MD5: 04D87406AE5C6E263BB14600B8891489PID: 2324 ( 252) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe size: 6266880 MD5: 01D90AE5DCCBCE0C7B52874FEC35A608PID: 3840 ( 128) C:\WINDOWS\System32\bcmwltry.exe size: 1093632 MD5: 9A0CE1DB25F1CDD3ED11236884800538PID: 3256 ( 252) C:\Program Files\BitComet\BitComet.exe size: 5146176 MD5: D92FA50866D4ED2E5F153C3772E8AF81PID: 3224 ( 252) C:\Program Files\AIM6\aim6.exe size: 50736 MD5: B6C1D859D1C25E80AB655BD5F4A6884BPID: 3952 (3224) C:\Program Files\AIM6\aolsoftware.exe size: 50736 MD5: C482C535CBFEFE722EC1EB7F11F680A3PID: 3216 ( 252) C:\Program Files\Mozilla Firefox\firefox.exe size: 7620696 MD5: 6D05E232DDE95D48FBF0D879559CD3CAPID: 1788 (3364) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 4393096 MD5: 09CA174A605B480318731E691DC98539PID: 1456 (2728) C:\WINDOWS\system32\wuauclt.exe size: 124184 MD5: EBF1AB7E4FC05CABF2F4680D2A45F827PID: 4 ( 0) System--- Browser start & search pages list ---Spybot - Search & Destroy browser pages report, 1/7/2007 9:16:02 PMHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\system32\blank.htmHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page http://www.google.comHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar http://www.google.com/ieHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page http://google.bearflix.com/HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://www.google.com/ieHKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@ http://www.google.com/search?q=%sHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htmHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6447HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL http://www.gateway.com/g/startpage.html?Ch...TB&M=MX6447HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.google.com/ieHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant http://www.google.com/ieHKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm--- Winsock Layered Service Provider list ---Protocol 0: MC_LAYERED MSAFD Tcpip [TCP/IP] GUID: {D67C2995-3395-44D8-A0AB-AFA15E7ACE03} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 1: MC_LAYERED MSAFD Tcpip [UDP/IP] GUID: {70A250BD-C191-4BC9-8638-EEABA1AFAC6E} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 2: MC_LAYERED MSAFD Tcpip [RAW/IP] GUID: {D947007D-2E30-4944-8FD1-D0B7FBA5B75F} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 3: MC_LAYERED RSVP UDP Service Provider GUID: {E176895C-5A4E-4E4A-A38A-28BED1CFFF29} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 4: MC_LAYERED RSVP TCP Service Provider GUID: {C06B2819-4A2F-4D46-8870-6D9C6CAAFF25} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 5: MC_LAYERED MSAFD Tcpip [TCP/IPv6] GUID: {91589EBE-A6DD-4E6C-A9D6-07C5466CF722} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 6: MC_LAYERED MSAFD Tcpip [UDP/IPv6] GUID: {A8B2B330-03AE-4382-83D3-3E01D0EEF99E} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 7: MC_LAYERED MSAFD Tcpip [RAW/IPv6] GUID: {5D2269D3-493C-4B9E-863D-C5911F07308F} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 8: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip6_{556D76A8-7D8A-441E-81DD-9304BE16D690}] SEQPACKET 3 GUID: {11A3511F-F7EB-4EC2-A5CE-0461208F6AF6} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 9: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip6_{556D76A8-7D8A-441E-81DD-9304BE16D690}] DATAGRAM 3 GUID: {98E0C868-4C7A-4D2A-ABB6-629CCE3E7590} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 10: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C9CD3F08-360D-42E1-83E7-66BB6B884BFE}] SEQPACKET 6 GUID: {E55EE927-8B9C-4025-A688-E0C43BB3E3EF} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 11: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C9CD3F08-360D-42E1-83E7-66BB6B884BFE}] DATAGRAM 6 GUID: {804CF46A-8E9C-4DD9-9B54-A344D1DD21C4} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 12: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C4D7CC61-449F-4A51-94CD-8A2D5DCEE408}] SEQPACKET 8 GUID: {8F9AB237-FDFE-471F-AF48-BD4D68B0B184} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 13: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip6_{C4D7CC61-449F-4A51-94CD-8A2D5DCEE408}] DATAGRAM 8 GUID: {BDF8890F-A4C1-4F56-88F7-2E1F682741AF} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 14: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6B922398-5FF5-46B4-83E5-F9CC44D0D2E7}] SEQPACKET 9 GUID: {FBE2074C-F4CA-428F-BB6C-9DD52F332D8F} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 15: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6B922398-5FF5-46B4-83E5-F9CC44D0D2E7}] DATAGRAM 9 GUID: {9444A4EB-AE01-49E5-9ED6-34D6456A2ADF} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 16: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{556D76A8-7D8A-441E-81DD-9304BE16D690}] SEQPACKET 7 GUID: {1FE8C530-624F-42FA-9914-A9981BB4EC47} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 17: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{556D76A8-7D8A-441E-81DD-9304BE16D690}] DATAGRAM 7 GUID: {4582F35F-8135-40F2-8E15-9727E0BFDA99} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 18: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{C4D7CC61-449F-4A51-94CD-8A2D5DCEE408}] SEQPACKET 5 GUID: {3999996A-53CE-426C-907E-14BF09CDF1B0} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 19: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{C4D7CC61-449F-4A51-94CD-8A2D5DCEE408}] DATAGRAM 5 GUID: {3FC80E74-8CA7-474E-B8FE-B59400BA7A73} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 20: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{7430F5C6-E937-4602-9CCA-FC6D14443F70}] SEQPACKET 4 GUID: {5AC1BD26-A642-4CE5-A62A-8BB92C7CF002} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 21: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{7430F5C6-E937-4602-9CCA-FC6D14443F70}] DATAGRAM 4 GUID: {DF78F2B7-008F-4344-8E2B-7DF8D6D69D31} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 22: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9CD3F08-360D-42E1-83E7-66BB6B884BFE}] SEQPACKET 0 GUID: {C7770C0C-5435-48F8-BD0D-7C2730A602E6} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 23: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{C9CD3F08-360D-42E1-83E7-66BB6B884BFE}] DATAGRAM 0 GUID: {36469746-5152-4469-9744-F3D1553BB93F} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 24: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{506B92FB-A770-49DE-B465-8EA15A95D517}] SEQPACKET 1 GUID: {08988B84-EE13-4A07-AF58-19839B55718B} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 25: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{506B92FB-A770-49DE-B465-8EA15A95D517}] DATAGRAM 1 GUID: {96C54531-5996-4D68-A8B8-793CB01350A8} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 26: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{E02061F1-C8BA-4BD9-9327-9B0269DD363E}] SEQPACKET 2 GUID: {574877E3-8CD2-4012-BE92-58BBA96524E8} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 27: MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{E02061F1-C8BA-4BD9-9327-9B0269DD363E}] DATAGRAM 2 GUID: {233D425B-EE2B-4241-846E-9BBC00B68B56} Filename: C:\WINDOWS\system32\mclsp.dllProtocol 56: McAfee.com Layered Provider GUID: {BEAA9090-2D12-11D4-9B80-00C04FF40D52} Filename: C:\WINDOWS\system32\mclsp.dll--- Uninstall list ---Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0) 05/27/2006 1.3.2.0 (53F13DB4D9611FD63BE580F06F0729BF236ABE68) uninstall cmd: C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_6FE44FCD212D4A086C7BC0C98B9A619782073FB7\amdk8.inf publisher: Advanced Micro DevicesAC3Filter (remove only) (AC3Filter) uninstall cmd: C:\Program Files\AC3Filter\uninstall.exeAd-Aware SE Personal 1.06 (Ad-Aware SE Personal) uninstall cmd: C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG publisher: Lavasoft help link: http://www.lavasoft.com (AddressBook)Adobe Photoshop 7.0 7.0 (Adobe Photoshop 7.0) version (major): 7install location: C:\Program Files\Adobe\Photoshop 7.0 install source: E:\Adobe Photoshop 7.0 Retail\ uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll" publisher: Adobe Systems, Inc.Adobe Shockwave Player 10.1.4.20 (Adobe Shockwave Player) uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log publisher: Adobe Systems, Inc. help link: http://www.adobe.com/support/shockwaveAIM 6.0 (AIM_6.0) uninstall cmd: C:\Program Files\AIM6\uninst.exeATI - Software Uninstall Utility 6.14.10.1014 (All ATI Software)install location: C:\Program Files\ATI Technologies\UninstallAll uninstall cmd: C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exeAOL Instant Messenger (AOL Instant Messenger) uninstall cmd: C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=AOL You've Got Pictures Screensaver (AOL YGP Screensaver) uninstall cmd: C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exeAOL Coach Version 2.0(Build:20041026.5 en) (AolCoach2_en) uninstall cmd: C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe -lang=en_en -ext=UDPAres 1.9.6 1.9.6-Build#3015 (Ares) uninstall cmd: "C:\Program Files\Ares\uninstall.exe" publisher: Ares Development GroupATI Display Driver 8.25-060404a1-035061C-Gateway (ATI Display Driver) uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -cleanAVG Anti-Spyware 7.5 (AVGAntiSpyware75)install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5 uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe publisher: Grisoft Ltd. help link: http://www.grisoft.comBigFix (BigFix) uninstall cmd: C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"BitComet 0.81 0.81 (BitComet) uninstall cmd: C:\Program Files\BitComet\uninst.exe publisher: ~RnySmile~ (Branding)Broadcom 802.11 Network Adapter 4.10.47.0 (Broadcom 802.11b Network Adapter) uninstall cmd: "C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter" publisher: Broadcom Corporation (Connection Manager) (DirectAnimation) (DirectDrawEx)DivX Content Uploader 1.1.0 (DivX Content Uploader)install location: C:\Program Files\DivX uninstall cmd: C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER publisher: DivX, Inc. (DXM_Runtime) (Fontcore)Gateway Game Console (Gateway Game Console)install location: C:\Program Files\WildTangent\Apps\Gateway Game Console uninstall cmd: "C:\Program Files\WildTangent\Apps\Gateway Game Console\Uninstall.exe" publisher: WildTangent comments: OEM setup version GTWY0101 help link: http://support.wildgames.comGoogle Desktop - (Google Desktop) uninstall cmd: C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall publisher: Google help link: http://desktop.google.com/help.html?hl=engtw_logo (gtw_logo) uninstall cmd: C:\WINDOWS\system32\gtw_logo.scr /UNINSTALL "C:\WINDOWS\system32\gtw_logo.log"HijackThis 1.99.1 1.99.1 (HijackThis) uninstall cmd: C:\Program Files\HijackThis\HijackThis.exe /uninstall publisher: Soeperman Enterprises Ltd. (ICW)Microsoft Internationalized Domain Names Mitigation APIs (IDNMitigationAPIs) install date: 20061208 uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" publisher: Microsoft Corporation (IE40) (IE4Data) (IE5BAKEX) (IEData) (InstallShield Uninstall Information)Texas Instruments PCIxx21/x515/xx12 drivers. 1.15.0000 (InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}) version: 17760256 version (major): 1 version (minor): 15 estimated size: 640 install date: 20061021 install source: D:\I386\APPS\APP11742\ uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033 publisher: Texas Instruments Inc. comments: TI PCIxx21/PCIx515/xx12 Software components contact: Customer Support Department help link: Please contact your vendor directly help telephone: ...Windows XP Hotfix - KB834707 20040929.110854 (KB834707) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=834707Windows XP Hotfix - KB867282 20050127.090417 (KB867282) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=867282Windows XP Hotfix - KB873333 20050114.005213 (KB873333) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=873333Windows XP Hotfix - KB873339 20041117.092459 (KB873339) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=873339Security Update for Windows XP (KB883939) 1 (KB883939) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=883939 (KB884016) (KB884267)Windows XP Hotfix - KB885250 20050118.202711 (KB885250) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=885250 (KB885353)Windows XP Hotfix - KB885835 20041027.181713 (KB885835) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=885835Windows XP Hotfix - KB885836 20041028.173203 (KB885836) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=885836Windows XP Hotfix - KB886185 20041021.090540 (KB886185) uninstall cmd: C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=886185 (KB886612) (KB887078)Windows XP Hotfix - KB887472 20041014.162858 (KB887472) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=887472 (KB887626)Microsoft .NET Framework 1.0 Hotfix (KB887998) (KB887998) uninstall cmd: "C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe" publisher: Microsoft CorporationHigh Definition Audio Driver Package - KB888111 20040219.000000 (KB888111WXPSP2) uninstall cmd: "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=KB888111Windows XP Hotfix - KB888113 20041116.131036 (KB888113) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=888113Windows XP Hotfix - KB888239 20041124.162528 (KB888239) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=888239Windows XP Hotfix - KB888302 20041207.111426 (KB888302) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=888302 (KB888656)Hotfix for Windows XP (KB888795) 3 (KB888795) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=888795Windows XP Hotfix - KB889673 20041116.085848 (KB889673) uninstall cmd: C:\WINDOWS\$NtUninstallKB889673$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=889673 (KB889858)Security Update for Windows XP (KB890046) 1 (KB890046) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=890046Windows XP Hotfix - KB890047 20041221.124506 (KB890047) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=890047Windows XP Hotfix - KB890175 20041201.233338 (KB890175) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=890175Windows XP Hotfix - KB890859 1 (KB890859) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=890859Windows XP Hotfix - KB890923 1 (KB890923) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=890923 (KB891122)Hotfix for Windows XP (KB891593) 2 (KB891593) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=891593Windows XP Hotfix - KB891781 20050110.165439 (KB891781) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=891781 (KB892313)Windows XP Hotfix - KB893066 1 (KB893066) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=893066Windows XP Hotfix - KB893086 1 (KB893086) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=893086 (KB893240) (KB893241)Hotfix for Windows XP (KB893357) 2 (KB893357) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=893357Security Update for Windows XP (KB893756) 1 (KB893756) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=893756Windows Installer 3.1 (KB893803) 3.1 (KB893803) publisher: Microsoft Corporation help link: http://go.microsoft.com/fwlink/?LinkId=42467Windows Installer 3.1 (KB893803) 3.1 (KB893803v2) publisher: Microsoft Corporation help link: http://go.microsoft.com/fwlink/?LinkId=42467Update for Windows XP (KB894391) 1 (KB894391) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=894391 (KB895181) (KB895316) (KB895572)Hotfix for Windows XP (KB895953) 4 (KB895953) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=895953Hotfix for Windows XP (KB895961) 1 (KB895961) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=895961Hotfix for Windows XP (KB896256) 3 (KB896256) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896256$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896256Hotfix for Windows XP (KB896344) 2 (KB896344) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896344Security Update for Windows XP (KB896358) 1 (KB896358) install date: 20060620 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896358Security Update for Windows XP (KB896422) 1 (KB896422) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896422Security Update for Windows XP (KB896423) 1 (KB896423) install date: 20060620 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896423Security Update for Windows XP (KB896424) 1 (KB896424) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896424Security Update for Windows XP (KB896428) 1 (KB896428) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896428Security Update for Windows XP (KB896688) 1 (KB896688) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896688Update for Windows XP (KB896727) 1 (KB896727) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=896727 (KB897586)Security Update for Step By Step Interactive Training (KB898458) 20050502.101010 (KB898458) publisher: Microsoft Corporation help link: http://support.microsoft.com/kb/898458Update for Windows XP (KB898461) 1 (KB898461) uninstall cmd: "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=898461 (KB898549)Hotfix for Windows XP (KB899337) 5 (KB899337) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=899337Hotfix for Windows XP (KB899510) 1 (KB899510) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=899510Security Update for Windows XP (KB899587) 1 (KB899587) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=899587Security Update for Windows XP (KB899588) 1 (KB899588) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=899588Security Update for Windows XP (KB899589) 1 (KB899589) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=899589Security Update for Windows XP (KB899591) 1 (KB899591) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=899591Update Rollup 2 for Windows XP Media Center Edition 2005 (KB900325) uninstall cmd: C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=900325 (KB900399)Update for Windows XP (KB900485) 2 (KB900485) install date: 20060621 uninstall cmd: "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=900485Security Update for Windows XP (KB900725) 1 (KB900725) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=900725Security Update for Windows XP (KB901017) 1 (KB901017) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=901017Security Update for Windows XP (KB901214) 1 (KB901214) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=901214 (KB902344)Security Update for Windows XP (KB902400) 1 (KB902400) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=902400Hotfix for Windows XP (KB902841) 1 (KB902841) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=902841Hotfix for Windows Media Player 10 (KB903157) (KB903157) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=903157Security Update for Windows XP (KB903235) 1 (KB903235) publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=903235Security Update for Windows XP (KB904706) 2 (KB904706) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=904706Update for Windows XP (KB904942) 2 (KB904942) install date: 20061208 uninstall cmd: "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=904942Security Update for Windows XP (KB905414) 1 (KB905414) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=905414Security Update for Windows XP (KB905749) 1 (KB905749) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=905749Security Update for Windows XP (KB905915) 1 (KB905915) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=905915Hotfix for Windows XP (KB906569) 2 (KB906569) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=906569 (KB907658)Security Update for Windows XP (KB908519) 1 (KB908519) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=908519Security Update for Windows XP (KB908531) 1 (KB908531) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=908531Hotfix for Windows XP (KB909095) 1 (KB909095) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB909095$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=909095Update for Windows Media Player 10 (KB910393) (KB910393) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com/?kbid=910393Update for Windows XP (KB910437) 1 (KB910437) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=910437Hotfix for Windows XP (KB910728) 1 (KB910728) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB910728$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=910728Security Update for Windows XP (KB911280) 1 (KB911280) install date: 20060619 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911280Security Update for Windows XP (KB911562) 1 (KB911562) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911562Security Update for Windows Media Player (KB911564) (KB911564) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com/?kbid=911564Security Update for Windows Media Player 10 (KB911565) (KB911565) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com/?kbid=911565Security Update for Windows XP (KB911567) 1 (KB911567) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911567 (KB911854)Security Update for Windows XP (KB911927) 1 (KB911927) install date: 20060621 uninstall cmd: "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=911927Hotfix for Windows XP (KB912024) 2 (KB912024) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB912024$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=912024Security Update for Windows XP (KB912812) 1 (KB912812) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=912812Security Update for Windows XP (KB912919) 1 (KB912919) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=912919Update for Windows XP (KB912945) 1 (KB912945) install date: 20060618 uninstall cmd: "C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=912945Security Update for Windows XP (KB913433) (KB913433) uninstall cmd: C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=913433Security Update for Windows XP (KB913580) 1 (KB913580) install date: 20060619 uninstall cmd: "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=913580Update for Windows Media Player 10 (KB913800) (KB913800) install date: 20060621 uninstall cmd: "C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com/?kbid=913800Security Update for Windows XP (KB914388) 1 (KB914388) install date: 20061022 uninstall cmd: "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=914388Security Update for Windows XP (KB914389) 1 (KB914389) install date: 20060619 uninstall cmd: "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=914389Hotfix for Windows XP (KB914440) 12 (KB914440) install date: 20061208 uninstall cmd: "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=914440Hotfix for Windows XP (KB914906) 1 (KB914906) install date: 20060619 uninstall cmd: "C:\WINDOWS\$NtUninstallKB914906$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: http://support.microsoft.com?kbid=914906Hotfix for Windows XP (

ivy90 · « **Reply #19 on:** January 12, 2007, 01:12:08 AM »

this is the hijack:

Logfile of HijackThis v1.99.1
Scan saved at 10:24:09 PM, on 1/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRserv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\program files\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\McAgent.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MPFEXE] "C:\Program Files\McAfee.com\Personal Firewall\MPFTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\PROGRA~1\mcafee\SPAMKI~1\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LXCRCustomerConnect - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\LXCRserv.exe
O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

i couldnt find the O4: stuff on hijack..but it shows on my processes that i still have them running...the ATI one freezes my computer every minute. and internet explorer freezes whenever i want to use it..so thats why i wanted to delete it..

News:

Author Topic: Win32.Trojan.Mirc and Win32.P2P-Worm.Alcan.a removal please (Read 908 times)