Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows XP missing Uninstall tabs


  • Please log in to reply

#1
Sirius Black

Sirius Black

    Member

  • Member
  • PipPip
  • 74 posts
I'm running Windows XP home edition. Recently, I went into the Add/Remove panel to uninstall a program and noticed that almost all of the uninstall tabs are missing from the individual programs.
Additionally, there are a multitude of Adobe programs installed in there that I never installed. I DO have a few, Photoshop CS3, Premiere pro, Abode reader, Flash and thats about it.
This seems to be a common problem(the missing tabs), as indicated by many other on-line forums, with no simple solution.
Is this the result of a virus?
Any help will be appreciated.
Thanks
  • 0

Advertisements


#2
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Hi,

Posted ImageClick here to download HJTInstall.exe
  • Save HJTInstall.exe to your desktop.
  • Doubleclick on the HJTInstall.exe icon on your desktop.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#3
Sirius Black

Sirius Black

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Hello and thanks for helping with this.
As instructed, here is the log from the HijackThis scan.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:06 AM, on 7/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: run_startmenu.cmd
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211989408543
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6636 bytes
  • 0

#4
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#5
Sirius Black

Sirius Black

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
I've downloaded the ComboFix program, however, following the steps outlined for installing the Windows XP recovery console I am unable to do so. I have substituted the X with the appropriate drive letter.
I keep getting a prompt stating that Windows can not find the path.
This is with all (4) recovery cds.
Under my programs list there is an application that came with this machine called System Recovery.
The three options available under the attached drop down window prior to starting the actual program are:

Application & Driver Recovery
Media Recovery Creator
System Recovery


As of yet I haven't run the ComboFix program due to the uncertainty of the recovery program.

Please Advise
Thank You
  • 0

#6
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Okay,

please skip the recovery console instructions and just run combofix :)
  • 0

#7
Sirius Black

Sirius Black

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
As instructed, I ran the ComboFix program and the following log was produced.

ComboFix 08-07-29.1 - Owner 2008-07-31 12:45:56.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1621 [GMT -10:00]
Running from: C:\Documents and Settings\Owner\Desktop\Incoming\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\install.exe
C:\WINDOWS\system32\CMMGR32.EXE

----- BITS: Possible infected sites -----

http://www.dj |Cv @J...C7-927721D56EBB
.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 )))))))))))))))))))))))))))))))
.

2008-07-30 18:16 . 2008-07-30 18:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-30 18:16 . 2008-07-30 18:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-29 21:25 . 2008-07-29 21:25 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\NASA
2008-07-29 21:24 . 2008-07-29 21:24 <DIR> d-------- C:\Program Files\NASA
2008-07-29 07:07 . 2008-07-29 07:07 <DIR> d-------- C:\Program Files\Morgan
2008-07-29 07:07 . 2008-07-29 07:08 <DIR> d-------- C:\Program Files\abcAVI
2008-07-29 07:07 . 2002-11-15 02:11 77,824 --a------ C:\WINDOWS\system32\MMSwitch.dll
2008-07-29 07:07 . 2002-11-18 05:15 62,464 --a------ C:\WINDOWS\system32\MMSwitch.ax
2008-07-29 07:07 . 2002-11-18 05:02 40,960 --a------ C:\WINDOWS\system32\MMAVILNG.exe
2008-07-29 06:57 . 2008-07-29 06:57 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-24 18:27 . 2008-07-24 18:25 4,623 --a------ C:\WINDOWS\_detmp.1
2008-07-24 18:23 . 2008-07-24 18:27 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\GetRightToGo
2008-07-23 21:43 . 2008-07-23 21:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Windows Search
2008-07-23 17:01 . 2008-07-23 17:01 <DIR> d-------- C:\WINDOWS\system32\GroupPolicy
2008-07-23 17:01 . 2008-07-23 21:47 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-07-23 16:13 . 2008-07-23 16:13 <DIR> d-------- C:\Program Files\CCleaner
2008-07-23 15:45 . 2004-08-04 09:00 17 --a------ C:\WINDOWS\system32\WINSPOOL.WIN
2008-07-23 15:40 . 2008-07-23 15:40 796,672 --a------ C:\WINDOWS\GPInstall.exe
2008-07-21 20:49 . 2008-07-21 20:49 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-07-19 15:46 . 2008-07-19 15:46 <DIR> d-------- C:\Program Files\ZoneAlarmSB
2008-07-19 15:44 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-07-19 15:43 . 2008-07-19 15:43 <DIR> d-------- C:\Program Files\Zone Labs
2008-07-18 22:30 . 2008-07-30 10:00 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-18 19:54 . 2008-07-30 09:56 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-07-18 19:54 . 2008-07-18 19:54 <DIR> d-------- C:\Program Files\AVG
2008-07-18 19:54 . 2008-07-23 17:03 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\AVGTOOLBAR
2008-07-18 19:54 . 2008-07-18 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-18 19:54 . 2008-07-18 19:54 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-18 19:54 . 2008-07-18 19:54 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-18 19:54 . 2008-07-18 19:54 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-07-18 11:41 . 2008-07-18 11:41 <DIR> d-------- C:\Program Files\ActiveX Control Pad
2008-07-18 11:41 . 2008-07-18 11:41 1,123,600 --a------ C:\WINDOWS\system32\FM20.DLL
2008-07-18 11:41 . 2008-07-18 11:41 169,984 --a------ C:\WINDOWS\system32\P2D.DLL
2008-07-18 11:41 . 2008-07-18 11:41 161,552 --a------ C:\WINDOWS\system32\ASYCPICT.DLL
2008-07-18 11:41 . 2008-07-18 11:41 127,488 --a------ C:\WINDOWS\system32\ISCTRLS.OCX
2008-07-18 11:41 . 2008-07-18 11:41 79,872 --a------ C:\WINDOWS\system32\MSNAUDIO.ACM
2008-07-18 11:41 . 2008-07-18 11:41 57,344 --a------ C:\WINDOWS\system32\COMMTB32.DLL
2008-07-18 11:41 . 2008-07-18 11:41 25,872 --a------ C:\WINDOWS\system32\FM20ENU.DLL
2008-07-18 11:36 . 2008-07-18 11:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ErrorSmart
2008-07-17 23:07 . 2008-07-17 23:07 <DIR> d-------- C:\Program Files\DivX
2008-07-17 23:07 . 2008-07-17 23:07 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\DivX
2008-07-17 20:51 . 2008-07-17 20:51 <DIR> d-------- C:\Program Files\Universal Interactive
2008-07-14 22:15 . 2008-07-21 21:00 24 ---hs---- C:\WINDOWS\S5E5652A5.tmp
2008-07-14 21:43 . 2008-07-14 21:43 512 --a------ C:\ScanSectorLog.dat
2008-07-13 18:36 . 2008-07-31 12:53 12,268,064 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-13 18:36 . 2008-07-30 23:51 167,576 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-13 18:36 . 2008-07-18 19:41 83,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-13 18:36 . 2008-07-18 19:41 9,968 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-12 20:51 . 2008-07-12 20:56 <DIR> d-------- C:\WINDOWS\Logs
2008-07-12 20:33 . 2008-06-13 03:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-12 20:33 . 2008-06-13 03:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-11 19:55 . 2008-07-11 20:05 <DIR> d-------- C:\Program Files\Return to Castle Wolfenstein
2008-07-11 19:50 . 2008-07-11 19:56 810 --a------ C:\WINDOWS\Rtcw.INI
2008-07-11 16:47 . 2008-07-11 17:08 896 --a------ C:\WINDOWS\STBC.ini
2008-07-08 23:40 . 2008-07-08 23:40 22,328 --a------ C:\Documents and Settings\Owner\Application Data\PnkBstrK.sys
2008-07-08 23:39 . 2007-07-19 18:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-07-08 23:39 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-07-08 23:39 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-07-08 23:29 . 2008-07-16 18:55 <DIR> d-------- C:\Program Files\Electronic Arts
2008-07-08 17:35 . 2008-07-08 17:35 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-07-08 17:35 . 2008-07-08 17:37 <DIR> d-------- C:\WINDOWS\NV36283912.TMP
2008-07-08 17:35 . 2008-05-02 22:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-07-08 17:34 . 2008-07-08 17:34 <DIR> d-------- C:\NVIDIA
2008-07-08 17:31 . 2008-07-12 20:10 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-07-08 17:31 . 2008-07-12 20:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
2008-07-08 17:21 . 2008-07-08 17:37 <DIR> d-------- C:\WINDOWS\nview
2008-07-08 17:21 . 2008-05-02 22:46 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-08 17:21 . 2008-07-31 12:30 167,179 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-08 17:21 . 2008-05-02 22:46 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-07-08 17:09 . 2008-07-08 17:09 10 --a------ C:\WINDOWS\WININIT.INI
2008-07-08 09:27 . 2008-07-08 09:27 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-07-04 01:43 . 2008-07-04 01:43 126,976 --a------ C:\WINDOWS\system32\UAService7.exe
2008-07-01 20:55 . 2008-07-01 20:55 <DIR> d-------- C:\Program Files\PCFriendly
2008-06-25 20:44 . 2008-06-25 20:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Petroglyph
2008-06-24 20:52 . 2008-06-24 20:52 <DIR> d-------- C:\Program Files\Atari
2008-06-24 00:44 . 2008-06-24 00:47 991 --a------ C:\WINDOWS\EFXP.ini
2008-06-24 00:40 . 2008-06-24 00:40 <DIR> d-------- C:\Program Files\Raven
2008-06-24 00:39 . 2008-06-27 23:43 1,070 --a------ C:\WINDOWS\EF.ini
2008-06-23 23:03 . 2008-07-14 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-06-23 22:43 . 2008-07-14 22:15 <DIR> d-------- C:\Program Files\SlySoft
2008-06-23 22:43 . 2008-05-20 11:43 37,312 --a------ C:\WINDOWS\system32\drivers\maplom.sys
2008-06-23 22:43 . 2008-05-20 11:43 36,288 --a------ C:\WINDOWS\system32\drivers\maploml.sys
2008-06-23 17:28 . 2008-07-11 16:58 <DIR> d-------- C:\Program Files\Activision
2008-06-23 15:17 . 1996-01-09 10:38 283,648 --a------ C:\WINDOWS\uninst.exe
2008-06-23 00:43 . 2008-06-23 22:44 27 --a------ C:\WINDOWS\system32\mcheck.mhf
2008-06-22 19:46 . 2008-06-22 19:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\ATI
2008-06-22 19:42 . 2008-06-22 19:43 <DIR> dr------- C:\My Documents
2008-06-21 22:42 . 2008-07-10 00:13 <DIR> d-------- C:\Program Files\LucasArts
2008-06-20 11:43 . 2008-06-20 11:43 61,200 --a------ C:\WINDOWS\system32\x264vfw-uninstall.exe
2008-06-20 10:14 . 2008-06-20 10:14 754 --a------ C:\WINDOWS\WORDPAD.INI
2008-06-20 10:13 . 2008-06-20 10:13 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Template
2008-06-20 10:12 . 2008-06-20 10:13 168 --a------ C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-06-19 18:40 . 2008-06-19 18:40 351,744 --a------ C:\WINDOWS\system32\avisynth.dll
2008-06-19 18:10 . 2008-06-19 18:10 <DIR> d-------- C:\Program Files\Red Kawa
2008-06-19 17:12 . 2008-06-19 17:12 <DIR> d-------- C:\Program Files\PQDVD
2008-06-18 11:22 . 2008-06-18 11:22 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-06-18 10:37 . 2008-06-18 10:37 2,045,459 --a------ C:\WINDOWS\system32\x264vfw.dll
2008-06-18 07:52 . 2008-06-18 07:52 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-17 21:26 . 2008-06-17 21:26 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-06-17 21:26 . 2008-06-17 21:26 681 --a------ C:\WINDOWS\mozver.dat
2008-06-13 09:16 . 2008-06-13 09:16 <DIR> dr-h----- C:\Documents and Settings\Owner\Application Data\SecuROM
2008-06-13 09:14 . 2008-07-09 00:11 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-13 09:06 . 2008-06-13 09:06 <DIR> d-------- C:\Program Files\Sierra Entertainment
2008-06-11 18:01 . 2008-06-11 18:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\CyberLink
2008-06-10 20:21 . 2008-06-10 20:21 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\ATI
2008-06-10 14:07 . 2008-06-10 14:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-06-10 14:07 . 2008-06-10 14:07 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-06-10 14:07 . 2008-06-10 14:07 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-06-10 14:04 . 2008-06-10 14:04 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-06-10 14:04 . 2008-06-10 14:04 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-06-10 00:43 . 2008-06-10 00:43 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Thinstall
2008-06-06 22:42 . 2008-06-06 22:42 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Alien Skin
2008-06-06 22:33 . 2008-06-06 22:33 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Filter Forge
2008-06-06 11:44 . 2008-06-06 11:44 <DIR> d-------- C:\Program Files\Realtek AC97
2008-06-05 15:21 . 2008-07-25 21:03 <DIR> d-------- C:\My FLVs
2008-06-05 15:11 . 2008-06-05 15:11 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-05 15:11 . 2008-06-10 00:24 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-05 15:11 . 2007-02-28 13:33 761,856 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-05 15:11 . 2007-02-28 13:32 716,800 --a------ C:\WINDOWS\system32\lameACM.acm
2008-06-05 15:11 . 2007-02-28 13:33 389,120 --a------ C:\WINDOWS\system32\actskn43.ocx
2008-06-05 15:11 . 2007-02-28 13:33 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-05 15:11 . 2007-02-28 13:32 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-06-04 15:48 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-06-04 15:48 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-06-04 15:48 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 07:38 --------- d-----w C:\Program Files\Google
2008-07-26 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-26 06:05 --------- d-----w C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2008-07-25 17:41 1,450,496 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-07-24 02:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-18 06:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-12 03:21 55,865 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_07_11_17_09_28_small.dmp.zip
2008-07-09 19:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 07:55 --------- d-----w C:\Program Files\Microsoft Games
2008-06-18 06:39 --------- d-----w C:\Program Files\MyPhotoBooks
2008-06-11 20:56 --------- d-----w C:\Program Files\coolpro2
2008-06-04 04:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-30 23:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-30 08:52 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-05-30 03:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2008-05-29 23:29 --------- d-----w C:\Program Files\DVD Decrypter
2008-05-29 23:28 --------- d-----w C:\Program Files\DVD Shrink
2008-05-29 09:51 --------- d-----w C:\Program Files\AlienGUIse
2008-05-29 09:49 --------- d-----w C:\Program Files\Common Files\Stardock
2008-05-29 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-05-29 08:39 --------- d-----w C:\Program Files\Photodex Presenter
2008-05-29 08:39 --------- d-----w C:\Program Files\Photodex
2008-05-29 08:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\Netscape
2008-05-29 08:38 --------- d-----w C:\Documents and Settings\Owner\Application Data\Photodex
2008-05-29 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-05-29 02:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Leadertech
2008-05-29 02:14 --------- d-----w C:\Program Files\epson
2008-05-29 02:14 --------- d-----w C:\Program Files\Common Files\ArcSoft
2008-05-29 02:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-05-29 02:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\InstallShield
2008-05-29 01:50 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-29 01:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ahead
2008-05-29 01:46 --------- d-----w C:\Program Files\Nero
2008-05-29 01:38 --------- d-----w C:\Program Files\Ahead
2008-05-29 01:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-29 00:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Syntrillium
2008-05-29 00:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Winamp
2008-05-29 00:10 --------- d-----w C:\Program Files\[email protected]
2008-05-29 00:10 --------- d-----w C:\Program Files\Common Files\Gibinsoft Shared
2008-05-28 22:31 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-05-28 22:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-28 22:04 --------- d-----w C:\Program Files\Lavasoft
2008-05-28 22:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-05-28 21:55 --------- d-----w C:\Program Files\QuickTime
2008-05-28 21:55 --------- d-----w C:\Program Files\iTunes
2008-05-28 21:55 --------- d-----w C:\Program Files\iPod
2008-05-28 21:55 --------- d-----w C:\Program Files\Bonjour
2008-05-28 21:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-05-28 19:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-28 19:20 --------- d-----w C:\Program Files\MSBuild
2008-05-28 19:16 --------- d-----w C:\Program Files\Reference Assemblies
2008-05-28 19:16 --------- d-----w C:\Program Files\MSXML 6.0
2008-05-28 17:38 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-28 17:03 --------- d-----w C:\Program Files\Java
2008-05-28 16:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2008-05-28 16:35 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-05-28 16:19 --------- d-----w C:\Program Files\Marvell
2008-05-28 16:16 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-05-28 16:16 --------- d-----w C:\Program Files\AvRack
2008-05-28 16:14 --------- d-----w C:\Program Files\AMD
2008-05-28 16:11 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-05-28 15:52 24,645,953 ----a-w C:\WINDOWS\Internet Logs\vsmon_on_demand_2008_05_28_05_40_52_full.dmp.zip
2008-05-28 15:36 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-28 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-28 14:47 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-28 14:46 --------- d-----w C:\Program Files\Common Files\Real
2008-05-28 14:45 --------- d-----w C:\Program Files\Common Files\aolshare
2008-05-28 14:39 60,416 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-05-28 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-28 13:36 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\McAfee
2008-05-28 13:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2008-05-28 13:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-28 13:36 --------- d-----w C:\Documents and Settings\Administrator\Application Data\McAfee
2008-05-28 13:33 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-05-28 13:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\SampleView
2008-05-28 13:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SampleView
2008-05-28 13:30 --------- d-----w C:\Program Files\CyberLink
2008-05-28 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-28 13:29 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver
2008-05-28 13:29 --------- d-----w C:\Program Files\Viewpoint
2008-05-28 13:29 --------- d-----w C:\Program Files\Pure Networks
2008-05-28 13:29 --------- d-----w C:\Program Files\Learn2.com
2008-05-28 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-05-28 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-05-28 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-05-28 13:28 --------- d-----w C:\Program Files\Common Files\Nullsoft
2008-05-28 13:27 --------- d-----w C:\Program Files\Digital Media Reader
2008-05-28 13:26 --------- d-----w C:\Program Files\Microsoft Works
2008-05-28 13:26 --------- d-----w C:\Program Files\Common Files\Java
2008-05-28 13:21 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-05-28 13:20 --------- d-----w C:\Program Files\Common Files\New Boundary
2008-05-28 13:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prism Deploy
2008-05-28 13:17 --------- d-----w C:\Program Files\CONEXANT
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-01 03:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 10:42 212992]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 12:04 135168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 11:48 479232]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-18 19:54 1232152]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"ShowWnd"="ShowWnd.exe" [2003-09-19 06:09 36864 C:\WINDOWS\ShowWnd.exe]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
run_startmenu.cmd [2004-10-11 17:20:38 45]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 23:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.mpegacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"vidc.uldx"= C:\PROGRA~1\ULEADS~1\ULEADV~1.0SE\DivX_UL.dll
"vidc.x264"= x264vfw.dll
"MSACM.MSNAUDIO"= msnaudio.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-10-28 16:25 94208 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 16:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2004-05-17 15:30 543232 C:\WINDOWS\zHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"EPSON_PM_RPCV4_01"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Sierra Entertainment\\World in Conflict - DEMO\\wic.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"C:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Activision\\Bridge Commander\\stbc.exe"=
"C:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R0 Si3132r5;SiI-3132 SoftRaid 5 Controller;C:\WINDOWS\system32\DRIVERS\Si3132r5.sys [2007-06-01 18:28]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-18 19:54]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-18 19:54]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-18 19:54]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-18 19:54]
R3 MaplomL;MaplomL;C:\WINDOWS\system32\drivers\MaplomL.sys [2008-05-20 11:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-07-21 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
- C:\Program Files\ErrorSmart\ErrorSmart.exe []

2008-07-21 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
- C:\Program Files\ErrorSmart []

2008-07-31 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHANS REMOVED - - - -

Notify-AtiExtEvent - (no file)
MSConfigStartUp-Adobe Photo Downloader - C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
MSConfigStartUp-ATIPTA - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
MSConfigStartUp-StartCCC - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MSConfigStartUp-SUPERAntiSpyware - C:\DOCUME~1\Owner\LOCALS~1\Temp\SSUPDATE.EXE
MSConfigStartUp-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-WinampAgent - C:\Program Files\Winamp\winampa.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.emachines.com/
R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.emachines.com/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 12:51:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-31 13:04:11
ComboFix-quarantined-files.txt 2008-07-31 23:03:48

Pre-Run: 25,635,827,712 bytes free
Post-Run: 25,677,287,424 bytes free

373
  • 0

#8
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please also post a fresh HijackThis log :)
  • 0

#9
Sirius Black

Sirius Black

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Here is the new HiJackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:49 AM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: run_startmenu.cmd
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211989408543
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6741 bytes
  • 0

#10
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

Advertisements


#11
Sirius Black

Sirius Black

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
This is the result of the requested scan


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Sunday, August 3, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Sunday, August 03, 2008 01:59:42
Records in database: 1046803
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
F:\
L:\
Z:\

Scan statistics:
Files scanned: 329563
Threat name: 2
Infected objects: 4
Suspicious objects: 0
Duration of the scan: 04:47:37


File name / Threat name / Threats count
L:\Gaming Mods\Star Trek\Elite Force\Star Trek Voyager Mod (NX-01).exe Infected: not-a-virus:AdWare.Win32.EShoper.bd 1
L:\Gaming Mods\Star Trek\Bridge Commander MODS\bcexpansioneoldeluxe.zip Infected: not-a-virus:AdWare.Win32.EShoper.bd 1
L:\Gaming Mods\Star Trek\Bridge Commander MODS\bcsupermod2beta.rar Infected: not-a-virus:AdWare.Win32.EShoper.bc 1
L:\Gaming Mods\AOM mods\fall_of_atlantis_v1.1_sp.zip Infected: not-a-virus:AdWare.Win32.EShoper.bd 1

The selected area was scanned.
  • 0

#12
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player

ErrorSmart is considered by many security vendors as adware, or scareware. So please also uninstall

* Errorsmart.

It's not recommended to use registry cleaners at all actually (http://miekiemoes.bl...weaking_13.html).

Then please reboot your computer.


Have you been using this reg cleaner? If so, it would be possible that the cleaner corrupted some registry keys, including the uninstall key.


Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Reboot and post a new HijackThislog in your next reply. Also please answer my question about the registry cleaner.
  • 0

#13
Sirius Black

Sirius Black

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Following instructions in your last post I went into the Add/Remove section to unistall these programs:

* Viewpoint
* Viewpoint Manager
* Viewpoint Media Player

I did not find anything listed nor did I find Errorsmart listed as well.
I did browse into the Programs Files folder and noticed that Viewpoint was in there.
I don't remember installing any of these programs.
Registry Cleaner does sound familiar but if I remember correctly it scanned but would only allow me to fix stuff if I purchased the program which I didn't. I don't have it installed on the PC anywhere and it's not listed in the Add/Remove section either.
I have used a program called CCcleaner but this was after I noticed that the uninstall tabs were missing.

ATF cleaner I do use regularly.
In light of being unable to uninstall the aforementioned programs should I proceed with running ATF cleaner
and the HiJackThis scan?
  • 0

#14
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
OK. I need some more information ....

1. First run ATF cleaner like I instructed.

2. Please run Notepad and copy the following text into a new file:

regedit /e check1.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"
regedit /e check2.txt "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall"
type check1.txt >> look.txt
type check2.txt >> look.txt
del check*.txt
start notepad look.txt

Save this as look.bat , choose to save as *all files and place it on your desktop.
This is how the batch must look afterwards: Posted Image
Doubleclick look.bat and notepad should open.
The log can be huge, so go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to the look.txt present on your desktop and submit it there.

3. Open HijackThis.
  • Click Open the Misc Tools section.
  • Click Open Uninstall Manager.
  • Click Save list (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.
4. Then run HijackThis and post a new scan.

Have you been using this reg cleaner?

- I meant Errorsmart here.... that's a registry cleaner. You haven't been using that?
  • 0

#15
Sirius Black

Sirius Black

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Ok.
I ran the ATF program.
I have sent the "look" text file via the Bleeping Computer site.
To answer your question about Errorsmart. No. I don't run that just the CCcleaner.

I'm hoping I did all this correctly so I'm posting the 2 other logs below and sent the other log through the other site.

This is the HiJackthis Uninstall list:
abcAVI
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Amazon Unbox Video
AnyDVD
AVG Free 8.0
Battlefield 2142 Deluxe Edition
CCleaner (remove only)
CloneDVD2
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Genesis Expansion Project
Google Earth
HijackThis 2.0.2
Hotfix for Windows XP (KB915800-v4)
Java™ 6 Update 7
Jurassic Park Operation Genesis
Microsoft ActiveX Control Pad
Morgan Stream Switcher
Mozilla Firefox (2.0.0.16)
NASA World Wind 1.4
TUROK: DINOSAUR HUNTER Demo
ZoneAlarm
ZoneAlarm Spy Blocker

This one is the new HiJackthis Log itself:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:20 PM, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: run_startmenu.cmd
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1211989408543
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: wbsys.dll,avgrsstx.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6664 bytes

If I missed a step please let me know

Edited by Sirius Black, 04 August 2008 - 06:04 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP