lots of nasties

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

lots of nasties18th June 2008, 4:36 am

Spybot and AdAware found alot of issues and thats about the same time my system starting freezing up, screen would go black or with maybe some odd colors then it would just reboot. This would happin several times an hour at first but after running my anti-vir and some anti spyware programs it only does it now about every hour or so.

Again, this could be a hardware issue but I thought I should check with you guys first.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:33 PM, on 17/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CarbonPoker\client.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\mike\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144112257468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://spinpalace.microgaming.com/freeplay/FlashAX2.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.uogamers.com/forum/images/artakus/artakus_bg.gif

--
End of file - 7018 bytes

Re: lots of nasties18th June 2008, 4:42 am

First I need you to download the following tools & save them to your Desktop.
Malwarebytes' Anti-Malware from Here or Here

Deckard's System Scanner from Here or Here

Run Malwarebytes' Anti-Malware:
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Run Deckard's System Scanner:

Close all other windows before proceeding.
Double click on the dss.exe file on your Desktop and follow the prompts.
Scans will run, and 2 text files will open in Notepad.
Close both of the text files.

These files are C:\Deckard\System Scanner\main.txt & extra.txt.
I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of

main.txt
extra.txt

in your next reply.

The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.

Last edited by Doctor Inferno on 26th August 2008, 7:51 am; edited 2 times in total

............................................................................................
Please be a GeekPolice fan on Facebook!

lots of nasties Lambo-11

Have we helped you? Help us! | Doctor by day, ninja by night.

Re: lots of nasties18th June 2008, 2:59 pm

Main.txt

Deckard's System Scanner v20071014.68
Run by mike on 2008-06-18 9:44:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
75: 2008-06-18 16:44:35 UTC - RP128 - Deckard's System Scanner Restore Point
74: 2008-06-18 06:49:28 UTC - RP127 - Software Distribution Service 3.0
73: 2008-06-11 03:39:14 UTC - RP126 - System Checkpoint
72: 2008-06-09 06:06:15 UTC - RP125 - Software Distribution Service 3.0
71: 2008-06-09 01:12:55 UTC - RP124 - System Checkpoint

-- First Restore Point --
1: 2008-01-18 02:30:59 UTC - RP54 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as mike.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:21 AM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\XKQC8XJV\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\mike.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C06F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C06F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\mike\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00106BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A060-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39206
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144112257468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A706AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B062-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://spinpalace.microgaming.com/freeplay/FlashAX2.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.uogamers.com/forum/images/artakus/artakus_bg.gif

--
End of file - 7052 bytes

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys
R3 scrcap - c:\windows\system32\drivers\scrcap.sys

S0 XMS1563K - c:\windows\system32\drivers\xms1563k.sys
S3 catchme - c:\docume~1\mike\locals~1\temp\catchme.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys
S3 vgadrv - c:\windows\system32\drivers\vgadrv.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe"
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe"
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe"

-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.

-- Files created between 2008-03-18 and 2008-06-18 -----------------------------

2008-06-18 01:48:45 0 dr-h----- C:\Documents and Settings\mike\Recent
2008-06-06 16:45:56 0 d-------- C:\Documents and Settings\mike\Application Data\Malwarebytes
2008-06-06 16:45:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 16:45:49 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-05 23:52:12 0 d-------- C:\Program Files\Absolute Poker Basic
2008-06-05 23:52:08 0 d-------- C:\Program Files\_uninstallation_info
2008-06-05 13:02:40 299520 --a------ C:\WINDOWS\uninst.exe
2008-03-30 13:54:55 0 d-------- C:\Program Files\SUPERAntiSpyware

-- Find3M Report ---------------------------------------------------------------

2008-06-06 19:25:06 0 d-------- C:\Program Files\Trend Micro
2008-06-01 23:34:45 0 d-------- C:\Program Files\CarbonPoker
2008-03-30 13:54:55 0 d-------- C:\Documents and Settings\mike\Application Data\SUPERAntiSpyware.com
2008-03-30 13:54:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 23:27:26 0 d-------- C:\Program Files\Razor
2008-03-06 01:07:30 0 d-------- C:\Program Files\PurePlay
2008-02-18 19:08:23 0 d-------- C:\Program Files\AIM6
2008-02-18 19:08:07 0 d-------- C:\Program Files\Viewpoint
2008-02-17 16:39:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-17 16:38:52 0 d-------- C:\Program Files\DECAdry
2008-02-17 14:19:06 0 d-------- C:\Documents and Settings\mike\Application Data\Alfac
2008-02-17 13:52:50 0 d-------- C:\Program Files\AMF Software
2008-02-17 12:28:27 0 d-------- C:\Documents and Settings\mike\Application Data\Adobe
2008-02-17 12:24:27 0 d-------- C:\Program Files\Common Files\Adobe

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SideWinderTrayV4"="C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe" [06/02/2000 07:07 PM]
"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" [11/01/2006 09:46 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [05/03/2005 07:38 PM C:\WINDOWS\system32\P17.dll]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [01/26/2008 05:34 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 06:27 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2006 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/06/2006 07:00 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 11:15 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 06:03 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 06/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

-- End of Deckard's System Scanner: finished at 2008-06-18 11:46:07 ------------

Extra txt.
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

Re: lots of nasties18th June 2008, 2:59 pm

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2000+
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 511.48 MiB / 291.31 MiB
Pagefile Memory (total/avail): 2528.11 MiB / 2291.68 MiB
Virtual Memory (total/avail): 2067.88 MiB / 1937.26 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 23.17 GiB free.
D: is Fixed (NTFS) - 37.27 GiB total, 29.3 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - MAXTOR 6L060J2 - 37.28 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD400JB-00JJC0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition v 7.0.3.158
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"="C:\\Program Files\\EA Games\\Ultima Online Mondain's Legacy\\client.exe:*:Enabled:client"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Quake2\\quake2.exe"="C:\\Program Files\\Quake2\\quake2.exe:*:Enabled:quake2"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\CarbonPoker\\client.exe"="C:\\Program Files\\CarbonPoker\\client.exe:*:Enabled:Carbon Poker Client"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\mike\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SAXON21
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\mike
LOGONSERVER=\\SAXON21
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\mike\LOCALS~1\Temp
TMP=C:\DOCUME~1\mike\LOCALS~1\Temp
USERDOMAIN=SAXON21
USERNAME=mike
USERPROFILE=C:\Documents and Settings\mike
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

mike (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v2.4.4 --> "C:\Program Files\AGEIA Technologies\uninstall.exe"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
ALSee --> "C:\Program Files\ESTsoft\ALSee\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F062E-E1B9-4A5B-8D46-387BB172F0A4}
Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BSPlayer --> "C:\Program Files\Webteh\BSplayer\uninstall.exe"
CarbonPoker --> C:\Program Files\CarbonPoker\uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Creative EAX Settings --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
Creative Speaker Settings --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
Device Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Fraps --> "C:\Fraps\uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mount&Blade --> C:\Program Files\Mount&Blade\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PlayGATE Setup --> C:\PROGRA~1\Playnet\Playgate\UNWISE.EXE C:\PROGRA~1\Playnet\Playgate\INSTALL.LOG
PurePlay Poker --> MsiExec.exe /X{19E16A54-962C-45D6-BDDE-FD01EBB1A086}
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
SideWinder Precision 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Hardware\Game Controllers\Precision 2\Uninst.isu" -c"C:\Program Files\Microsoft Hardware\Game Controllers\Precision 2\Uninstall.dll"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Ultima Online: Mondain's Legacy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}\setup.exe" -l0x9 -removeonly
UltimateBet --> C:\PROGRA~1\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\ULTIMA~1\INSTALL.LOG
UO Auto-Map --> c:\Program Files\UOAM\uoam.exe -uninstall
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Wisdom-soft ScreenHunter 4.0 Free --> C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
ZD Soft Screen Recorder --> "C:\Program Files\ZD Soft\Screen Recorder\Uninstall.exe"
ZD Soft Screen Video Decoder --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\scrvid.inf

Re: lots of nasties18th June 2008, 3:00 pm

-- Application Event Log -------------------------------------------------------

Event Record #/Type8331 / Warning
Event Submitted/Written: 06/12/2008 01:52:27 AM
Event ID/Source: 1020 / ASP.NET 2.0.50727.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Event Record #/Type8172 / Error
Event Submitted/Written: 06/05/2008 06:40:37 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application aim6.exe, version 1.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8129 / Error
Event Submitted/Written: 06/05/2008 09:42:03 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type7961 / Error
Event Submitted/Written: 03/29/2008 09:01:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module quicktime.qts, version 7.4.0.91, fault address 0x001514d4.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type7960 / Error
Event Submitted/Written: 03/29/2008 08:54:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module quicktime.qts, version 7.4.0.91, fault address 0x001514d4.
Processing media-specific event for [iexplore.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type33235 / Error
Event Submitted/Written: 06/12/2008 11:06:00 AM / 06/12/2008 11:06:30 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.

Event Record #/Type33234 / Error
Event Submitted/Written: 06/12/2008 11:06:00 AM / 06/12/2008 11:06:30 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.

Event Record #/Type33233 / Error
Event Submitted/Written: 06/12/2008 11:06:00 AM / 06/12/2008 11:06:30 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.

Event Record #/Type33232 / Error
Event Submitted/Written: 06/12/2008 11:06:00 AM / 06/12/2008 11:06:30 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.

Event Record #/Type33231 / Error
Event Submitted/Written: 06/12/2008 11:06:00 AM / 06/12/2008 11:06:30 AM
Event ID/Source: 14 / nv
Event Description:
Unknown error on

-- End of Deckard's System Scanner: finished at 2008-06-18 11:46:07 ------------

Re: lots of nasties19th June 2008, 4:37 am

You don't appear to be running a 3rd party firewall. These are essential to protect from trojans, viruses, spyware etc.

You should check out:- Comodo Firewall Pro or Sunbelt Personal Firewall

User manuals are available for both:
Comodo's manual is built in and accessable from the Help Menu.

Sunbelt Manual Here

Both are simple to install & free to use.
Please install only 1

I need you to post me a fresh HijackThis log to confirm correct installation of the Firewall.

............................................................................................
Please be a GeekPolice fan on Facebook!

lots of nasties Lambo-11

Have we helped you? Help us! | Doctor by day, ninja by night.

Re: lots of nasties20th June 2008, 5:10 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:02 AM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\mike\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144112257468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://spinpalace.microgaming.com/freeplay/FlashAX2.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.uogamers.com/forum/images/artakus/artakus_bg.gif

--
End of file - 7821 bytes

Re: lots of nasties20th June 2008, 1:50 pm

That log looks pretty clear, but as a check, can you do an Online scan?

Please go HERE to run Panda's TotalScan

Select the bubble for Full scan
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
Then the scan will begin
When the scan completes, click the Save button on the right of Scan details
Save it to C:\active_scan.txt
Post the contents of the TotalScan report

............................................................................................
Please be a GeekPolice fan on Facebook!

lots of nasties Lambo-11

Have we helped you? Help us! | Doctor by day, ninja by night.

Re: lots of nasties21st June 2008, 8:50 am

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-13 14:13:54
PROTECTIONS: 5
MALWARE: 5
SUSPECTS: 23
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Avira AntiVir PersonalEdition Classic 0.0.0.0 No Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition 7.0.3.158
Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\mike\Cookies\mike@atdmt[1].txt
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\mike\Cookies\mike@mediaplex[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\mike\Cookies\mike@advertising[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\mike\Cookies\mike@atwola[1].txt
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
No C:\SYZ_DAT\ali.exe
No C:\SYZ_DAT\cdlock.dll
No C:\SYZ_DAT\cpy.exe
No C:\SYZ_DAT\EMF_Decrypt.exe
No C:\SYZ_DAT\fldrvw61.ocx
No C:\SYZ_DAT\install.exe
No C:\SYZ_DAT\magic.exe
No C:\SYZ_DAT\mfx
No C:\SYZ_DAT\systray.exe
No C:\SYZ_DAT\tb.exe
No C:\WINDOWS\system32\drivers\MFX.sys
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\DivX501Bundle.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\HistoryKill2003.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\JOIN16.EXE
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Join32.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\ppfsetup.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\scrtfldr.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\wrar330.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\AboutDC.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\Direct Connect.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\Survey.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\hand\wrar330.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\spooph22\Spooph.exe

Re: lots of nasties22nd June 2008, 12:38 pm

Please download the following & save to your Desktop:
OTMoveIt2 by OldTimer.

Run OTMoveIt2:

Please double-click OTMoveIt2.exe to run it.
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

Code:
C:\WINDOWS\system32\Process.exe C:\SYZ_DAT\ali.exe C:\SYZ_DAT\cdlock.dll C:\SYZ_DAT\cpy.exe C:\SYZ_DAT\EMF_Decrypt.exe C:\SYZ_DAT\fldrvw61.ocx C:\SYZ_DAT\install.exe C:\SYZ_DAT\magic.exe C:\SYZ_DAT\mfx C:\SYZ_DAT\systray.exe C:\SYZ_DAT\tb.exe C:\WINDOWS\system32\drivers\MFX.sys D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\DivX501Bundle.exe D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\HistoryKill2003.exe D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\JOIN16.EXE D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Join32.exe D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\ppfsetup.exe D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\scrtfldr.exe D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\wrar330.exe D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\AboutDC.exe D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\Direct Connect.exe D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\Survey.exe D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\hand\wrar330.exe D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\spooph22\Spooph.exe

Return to OTMoveIt, right click on the "Paste list of Files/Folders to be moved" window (under the light blue bar) and choose Paste.
Click the red Moveit! button.
Open Notepad
Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
Paste the text into the Notepad file, click in the window and press Ctrl + V.
Click "Exit" to close OTMoveIt.
Save the text file as C:\otmove.txt

(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)

Shut down & Reboot normally:

Run HijackThis again:

Select the Run a system scan and save a logfile button. The logfile will open in Notepad.
Start your Web browser and navigate back to this thread.
Click the Add Reply button
Copy and Paste the text into the Reply window.

Please include a note to tell me how your PC is running now.

............................................................................................
Please be a GeekPolice fan on Facebook!

lots of nasties Lambo-11

Have we helped you? Help us! | Doctor by day, ninja by night.

Re: lots of nasties25th June 2008, 10:18 am

its been about four hours since my pc crashed

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:31:34 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\mike\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/u...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1144112257468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://spinpalace.microgaming.com/freeplay/FlashAX2.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.uogamers.com/forum/images/artakus/artakus_bg.gif

--
End of file - 7911 bytes

Re: lots of nasties26th June 2008, 7:19 am

Is your PC is just rebooting when it crashes instead of giving you a Blue Screen of Death (BSOD),
do the following:

Change the Default action:

Open System Properties via Start > Control Panel > Performance and Maintenance > System
(System Properties may also be opened using the WinKey+Pause key combination)
Select the Advanced tab and then click Settings in the Startup and Recovery section
In System Failure section, clear the checkbox next to Automatically Restart
Click OK and OK to exit

We need the Stop Code generated, to see what the problem could be.

There is really very little in that log to worry about. If you are still having issues with it, we really need to dig a bit deeper.

Please download Rootkit Revealer (Click on Download Rootkit Revealer link at the bottom of the page)

Unzip it to your desktop.
Open the rootkitrevealer folder and double-click rootkitrevealer.exe
Close ALL windows and programs and do nothing on the pc while the scan runs. This includes games, browser windows, email clients, etc.
Click the Scan button (bottom right)
It may take a while to scan (don't do anything while it's running)
When it's done, go up to File > Save. Choose to save it to your desktop.
Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here

............................................................................................
Please be a GeekPolice fan on Facebook!

lots of nasties Lambo-11

Have we helped you? Help us! | Doctor by day, ninja by night.

Re: lots of nasties29th June 2008, 3:52 am

HKU\.DEFAULT\Control Panel\International 9/29/2007 9:03 PM 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\International\Geo 9/29/2007 9:03 PM 0 bytes Security mismatch.
HKU\S-1-5-21-73586283-1844237615-839522115-1004\Control Panel\International 12/22/2007 1:24 PM 0 bytes Security mismatch.
HKU\S-1-5-21-73586283-1844237615-839522115-1004\Control Panel\International\Geo 9/29/2007 9:03 PM 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International 9/29/2007 9:03 PM 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International\Geo 9/29/2007 9:03 PM 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 4/3/2006 7:50 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 4/3/2006 7:50 PM 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\IDX\master.idx 4/29/2008 10:25 PM 56 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\LOGFILES\Upd-2008-04-15-22-24-41.log 4/29/2008 10:28 PM 55.57 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179 4/29/2008 10:26 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\ave2.info 4/29/2008 10:25 PM 5.03 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\ave2.info.gz 4/29/2008 10:25 PM 1.47 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\classic-nt-en.idx 4/29/2008 10:25 PM 394 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\classic-nt-en.info 4/29/2008 10:25 PM 41.15 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\classic-nt-en.info.gz 4/29/2008 10:25 PM 10.10 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\idx 4/29/2008 10:25 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\idx\master.idx 4/29/2008 10:25 PM 56 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\info-wks-classic-nt-en.info 4/29/2008 10:25 PM 713 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\info-wks-classic-nt-en.info.gz 4/29/2008 10:25 PM 428 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\SPECIALFIRST 4/29/2008 10:25 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\SPECIALFIRST\message.idx 4/29/2008 10:25 PM 3.14 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\SPECIALSECOND 4/29/2008 10:25 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\SPECIALSECOND\message.idx 4/29/2008 10:25 PM 3.14 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\specvir-nt.info 4/29/2008 10:25 PM 732 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\specvir-nt.info.gz 4/29/2008 10:25 PM 448 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\vdf.info 4/29/2008 10:25 PM 2.45 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\vdf.info.gz 4/29/2008 10:25 PM 765 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks 4/29/2008 10:26 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en 4/29/2008 10:26 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt 4/29/2008 10:28 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avarkt.dll 4/29/2008 10:26 PM 300.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avarkt.dll.gz 4/29/2008 10:26 PM 157.53 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avcenter.exe 4/29/2008 10:26 PM 352.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avcenter.exe.gz 4/29/2008 10:26 PM 144.65 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.cpl 4/29/2008 10:27 PM 68.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.cpl.gz 4/29/2008 10:26 PM 32.71 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.dll 4/29/2008 10:27 PM 9.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.dll.gz 4/29/2008 10:27 PM 2.24 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.exe 4/29/2008 10:27 PM 236.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.exe.gz 4/29/2008 10:27 PM 88.66 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avevtlog.dll 4/29/2008 10:27 PM 112.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avevtlog.dll.gz 4/29/2008 10:27 PM 54.83 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avgio.dll 4/29/2008 10:27 PM 119.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avgio.dll.gz 4/29/2008 10:27 PM 66.68 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avgnt.exe 4/29/2008 10:27 PM 256.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avgnt.exe.gz 4/29/2008 10:27 PM 90.64 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avguard.exe 4/29/2008 10:27 PM 143.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avguard.exe.gz 4/29/2008 10:27 PM 71.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avinet.dll 4/29/2008 10:26 PM 10.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avinet.dll.gz 4/29/2008 10:26 PM 4.46 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avipc.dll 4/29/2008 10:27 PM 72.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avipc.dll.gz 4/29/2008 10:27 PM 31.99 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avnotify.dll 4/29/2008 10:27 PM 8.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avnotify.dll.gz 4/29/2008 10:27 PM 2.47 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avnotify.exe 4/29/2008 10:27 PM 180.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avnotify.exe.gz 4/29/2008 10:27 PM 73.67 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avpref.dll 4/29/2008 10:27 PM 25.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avpref.dll.gz 4/29/2008 10:27 PM 8.06 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avreg.dll 4/29/2008 10:27 PM 30.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avreg.dll.gz 4/29/2008 10:27 PM 11.05 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avscan.dll 4/29/2008 10:27 PM 52.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avscan.dll.gz 4/29/2008 10:27 PM 8.20 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avscan.exe 4/29/2008 10:27 PM 304.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avscan.exe.gz 4/29/2008 10:27 PM 131.60 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avwinll.dll 4/29/2008 10:27 PM 14.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avwinll.dll.gz 4/29/2008 10:27 PM 7.79 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avwsc.exe 4/29/2008 10:27 PM 203.70 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avwsc.exe.gz 4/29/2008 10:27 PM 93.63 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccev.dll 4/29/2008 10:27 PM 148.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccev.dll.gz 4/29/2008 10:27 PM 57.80 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccevrc.dll 4/29/2008 10:27 PM 12.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccevrc.dll.gz 4/29/2008 10:27 PM 3.64 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgen.dll 4/29/2008 10:27 PM 264.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgen.dll.gz 4/29/2008 10:27 PM 98.29 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgenrc.dll 4/29/2008 10:27 PM 17.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgenrc.dll.gz 4/29/2008 10:27 PM 4.62 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgrdrc.dll 4/29/2008 10:27 PM 19.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgrdrc.dll.gz 4/29/2008 10:27 PM 5.36 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccguard.dll 4/29/2008 10:27 PM 212.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccguard.dll.gz 4/29/2008 10:27 PM 77.77 KB Hidden from Windows API.

Re: lots of nasties29th June 2008, 3:53 am

C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclib.dll 4/29/2008 10:27 PM 156.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclib.dll.gz 4/29/2008 10:27 PM 64.73 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclic.dll 4/29/2008 10:27 PM 60.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclic.dll.gz 4/29/2008 10:27 PM 18.97 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclicrc.dll 4/29/2008 10:27 PM 5.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclicrc.dll.gz 4/29/2008 10:27 PM 1.43 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccmainrc.dll 4/29/2008 10:27 PM 20.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccmainrc.dll.gz 4/29/2008 10:27 PM 5.54 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccmsg.dll 4/29/2008 10:27 PM 152.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccmsg.dll.gz 4/29/2008 10:27 PM 63.44 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccprofil.dll 4/29/2008 10:27 PM 256.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccprofil.dll.gz 4/29/2008 10:27 PM 103.73 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccquamgr.dll 4/29/2008 10:27 PM 212.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccquamgr.dll.gz 4/29/2008 10:27 PM 93.28 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccquarc.dll 4/29/2008 10:27 PM 15.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccquarc.dll.gz 4/29/2008 10:27 PM 4.46 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccreporc.dll 4/29/2008 10:27 PM 11.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccreporc.dll.gz 4/29/2008 10:27 PM 3.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccreport.dll 4/29/2008 10:27 PM 128.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccreport.dll.gz 4/29/2008 10:27 PM 50.39 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccscanrc.dll 4/29/2008 10:27 PM 22.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccscanrc.dll.gz 4/29/2008 10:27 PM 6.54 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccsched.dll 4/29/2008 10:27 PM 148.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccsched.dll.gz 4/29/2008 10:27 PM 56.34 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccscherc.dll 4/29/2008 10:27 PM 17.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccscherc.dll.gz 4/29/2008 10:27 PM 4.71 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cctpc.dll 4/29/2008 10:27 PM 240.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cctpc.dll.gz 4/29/2008 10:27 PM 110.46 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccupdate.dll 4/29/2008 10:28 PM 112.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccupdate.dll.gz 4/29/2008 10:28 PM 42.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccupdrc.dll 4/29/2008 10:28 PM 12.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccupdrc.dll.gz 4/29/2008 10:28 PM 3.32 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\guardgui.exe.gz 4/29/2008 10:28 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\scewxml.dll 4/29/2008 10:26 PM 100.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\scewxml.dll.gz 4/29/2008 10:26 PM 43.10 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\update.exe 4/29/2008 10:26 PM 432.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\update.exe.gz 4/29/2008 10:26 PM 187.35 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\update_msg.avr 4/29/2008 10:26 PM 10.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\update_msg.avr.gz 4/29/2008 10:26 PM 5.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updgui.dll 4/29/2008 10:26 PM 144.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updgui.dll.gz 4/29/2008 10:26 PM 56.99 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updguirc.dll 4/29/2008 10:26 PM 9.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updguirc.dll.gz 4/29/2008 10:26 PM 2.76 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updlib.dll 4/29/2008 10:26 PM 448.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updlib.dll.gz 4/29/2008 10:26 PM 135.37 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updlibrc.dll 4/29/2008 10:26 PM 22.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updlibrc.dll.gz 4/29/2008 10:26 PM 5.07 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt 4/29/2008 10:26 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\antivir.oem 4/29/2008 10:26 PM 256 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\antivir.oem.gz 4/29/2008 10:26 PM 279 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\rcimage.dll 4/29/2008 10:26 PM 2.26 MB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\rcimage.dll.gz 4/29/2008 10:26 PM 642.33 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\rctext.dll 4/29/2008 10:26 PM 84.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\rctext.dll.gz 4/29/2008 10:26 PM 26.67 KB Hidden from Windows API.
C:\Documents and Settings\mike\Cookies\mike@avira.cleverbridge[2].txt 4/29/2008 10:28 PM 445 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Cookies\mike@cleverbridge[1].txt 4/29/2008 10:28 PM 90 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Cookies\mike@notifier.antivir-pe[1].txt 4/29/2008 10:26 PM 650 bytes Hidden from Windows API.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\1L8B21GR\price[1].gif 4/29/2008 10:26 PM 11.98 KB Hidden from Windows API.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\1L8B21GR\table_en[1].jpg 4/29/2008 10:26 PM 152.10 KB Hidden from Windows API.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\30[1].htm 4/29/2008 10:28 PM 68.88 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\CDScanSmall[1].png 4/29/2008 10:28 PM 2.29 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\creditcards[1].png 4/29/2008 10:28 PM 1.21 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\geoip[1].htm 4/29/2008 10:26 PM 2 bytes Hidden from Windows API.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\red_arrow[1].gif 4/29/2008 10:28 PM 81 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\shoppingcart[1].png 4/29/2008 10:28 PM 1.53 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\spacer[1].gif 4/29/2008 10:28 PM 49 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\topMenuBgd_sand[1].gif 4/29/2008 10:28 PM 925 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\L4H95BXU\default[1].htm 4/29/2008 10:26 PM 30.70 KB Hidden from Windows API.

Re: lots of nasties29th June 2008, 3:54 am

C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\L4H95BXU\ga[2].js 4/29/2008 10:26 PM 18.93 KB Hidden from Windows API.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\NS948XPN\en[1].htm 4/29/2008 10:26 PM 2.10 KB Hidden from Windows API.
C:\SYZ_DAT 4/29/2008 9:51 PM 0 bytes Hidden from Windows API.
C:\SYZ_DAT\ali.exe 4/3/2006 9:49 PM 28.00 KB Hidden from Windows API.
C:\SYZ_DAT\cdlock.dll 4/3/2006 9:49 PM 48.00 KB Hidden from Windows API.
C:\SYZ_DAT\cpy.exe 4/3/2006 9:49 PM 32.00 KB Hidden from Windows API.
C:\SYZ_DAT\dirlist 4/29/2008 9:51 PM 250 bytes Hidden from Windows API.
C:\SYZ_DAT\dirlist_bak 4/29/2008 9:51 PM 250 bytes Hidden from Windows API.
C:\SYZ_DAT\DL.BAK 4/29/2008 8:24 PM 250 bytes Hidden from Windows API.
C:\SYZ_DAT\EMF_Decrypt.exe 4/3/2006 9:49 PM 124.00 KB Hidden from Windows API.
C:\SYZ_DAT\fldrvw61.ocx 4/3/2006 9:49 PM 408.00 KB Hidden from Windows API.
C:\SYZ_DAT\install.exe 4/13/2008 2:37 PM 1.09 MB Hidden from Windows API.
C:\SYZ_DAT\magic.exe 4/3/2006 9:49 PM 24.00 KB Hidden from Windows API.
C:\SYZ_DAT\mf.chm 4/3/2006 9:49 PM 32.36 KB Hidden from Windows API.
C:\SYZ_DAT\mf.txx 4/3/2006 9:49 PM 24.41 KB Hidden from Windows API.
C:\SYZ_DAT\mfx 4/3/2006 9:49 PM 50.89 KB Hidden from Windows API.
C:\SYZ_DAT\MFX.CFG 4/29/2008 9:52 PM 104 bytes Hidden from Windows API.
C:\SYZ_DAT\mfx_cfg.org 4/3/2006 9:49 PM 93 bytes Hidden from Windows API.
C:\SYZ_DAT\readme.txt 4/3/2006 9:49 PM 3.09 KB Hidden from Windows API.
C:\SYZ_DAT\systray.exe 4/3/2006 9:54 PM 32.00 KB Hidden from Windows API.
C:\SYZ_DAT\tb.exe 4/3/2006 9:49 PM 24.00 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\AVNOTIFY.EXE-32FAE179.pf 4/29/2008 10:26 PM 43.25 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\PREUPD.EXE-0C5BC219.pf 4/29/2008 10:24 PM 14.43 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\UPDATE.EXE-264167D5.pf 4/29/2008 10:24 PM 23.51 KB Hidden from Windows API.
C:\WINDOWS\system32\drivers\MFX.sys 4/3/2006 9:49 PM 50.89 KB Hidden from Windows API.

Re: lots of nasties29th June 2008, 10:42 am

I think those hidden files in your C:\SYZ_DAT folder are at least part of the problem.
Unfortunately I didn't ask you to send me the OTMoveIt scan report, or I would have known that they hadn't been deleted.

1. Please download The Avenger by Swandog46 to your Desktop.

Click on Avenger.zip to open the file
Extract avenger.exe to your desktop

2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Code:

Folders to delete:
C:\SYZ_DAT

Files to delete:
C:\WINDOWS\system32\drivers\MFX.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.

Under "script file to execute" choose "Input script Manually".
Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
Paste the text copied to clipboard into this window by pressing (Ctrl+V).
Click Done
Now click on the Green Light to begin execution of the script
Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:

It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
On reboot, it will briefly open a black command window on your desktop, this is normal.
After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply

............................................................................................
Please be a GeekPolice fan on Facebook!

lots of nasties Lambo-11

Have we helped you? Help us! | Doctor by day, ninja by night.

Re: lots of nasties2nd July 2008, 10:38 am

Problem is solved now, thanks. Thank You!

Re: lots of nasties3rd July 2008, 7:48 am

This issue has been solved and will now be locked.

............................................................................................
Please be a GeekPolice fan on Facebook!

lots of nasties Lambo-11

Have we helped you? Help us! | Doctor by day, ninja by night.

lots of nasties

descriptionlots of nasties18th June 2008, 4:36 am

descriptionRe: lots of nasties18th June 2008, 4:42 am

descriptionRe: lots of nasties18th June 2008, 2:59 pm

descriptionRe: lots of nasties18th June 2008, 2:59 pm

descriptionRe: lots of nasties18th June 2008, 3:00 pm

descriptionRe: lots of nasties19th June 2008, 4:37 am

descriptionRe: lots of nasties20th June 2008, 5:10 am

descriptionRe: lots of nasties20th June 2008, 1:50 pm

descriptionRe: lots of nasties21st June 2008, 8:50 am

descriptionRe: lots of nasties22nd June 2008, 12:38 pm

descriptionRe: lots of nasties25th June 2008, 10:18 am

descriptionRe: lots of nasties26th June 2008, 7:19 am

descriptionRe: lots of nasties29th June 2008, 3:52 am

descriptionRe: lots of nasties29th June 2008, 3:53 am

descriptionRe: lots of nasties29th June 2008, 3:54 am

descriptionRe: lots of nasties29th June 2008, 10:42 am

descriptionRe: lots of nasties2nd July 2008, 10:38 am

descriptionRe: lots of nasties3rd July 2008, 7:48 am

descriptionRe: lots of nasties

lots of nasties18th June 2008, 4:36 am

Re: lots of nasties18th June 2008, 4:42 am

Re: lots of nasties18th June 2008, 2:59 pm

Re: lots of nasties18th June 2008, 2:59 pm

Re: lots of nasties18th June 2008, 3:00 pm

Re: lots of nasties19th June 2008, 4:37 am

Re: lots of nasties20th June 2008, 5:10 am

Re: lots of nasties20th June 2008, 1:50 pm

Re: lots of nasties21st June 2008, 8:50 am

Re: lots of nasties22nd June 2008, 12:38 pm

Re: lots of nasties25th June 2008, 10:18 am

Re: lots of nasties26th June 2008, 7:19 am

Re: lots of nasties29th June 2008, 3:52 am

Re: lots of nasties29th June 2008, 3:53 am

Re: lots of nasties29th June 2008, 3:54 am

Re: lots of nasties29th June 2008, 10:42 am

Re: lots of nasties2nd July 2008, 10:38 am

Re: lots of nasties3rd July 2008, 7:48 am

Re: lots of nasties