lots of nasties

View previous topic View next topic Go down

lots of nasties

Post by xpreetzo on Wed Jun 18, 2008 4:36 am

Spybot and AdAware found alot of issues and thats about the same time my system starting freezing up, screen would go black or with maybe some odd colors then it would just reboot. This would happin several times an hour at first but after running my anti-vir and some anti spyware programs it only does it now about every hour or so.

Again, this could be a hardware issue but I thought I should check with you guys first.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:33 PM, on 17/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CarbonPoker\client.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\mike\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [You must be registered and logged in to see this link.]
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - [You must be registered and logged in to see this link.]
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 7018 bytes

xpreetzo
Intermediate
Intermediate

Posts Posts : 150
Joined Joined : 2008-06-18
Gender Gender : Male
OS OS : winXP pro
Points Points : 31142
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by Doctor Inferno on Wed Jun 18, 2008 4:42 am

First I need you to download the following tools & save them to your Desktop.
Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

Deckard's System Scanner from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]


Run Malwarebytes' Anti-Malware:
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt.
I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of
  • main.txt
  • extra.txt

in your next reply.


The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.


Last edited by Doctor Inferno on Tue Aug 26, 2008 7:51 am; edited 2 times in total


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by xpreetzo on Wed Jun 18, 2008 2:59 pm

Main.txt

Deckard's System Scanner v20071014.68
Run by mike on 2008-06-18 9:44:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
75: 2008-06-18 16:44:35 UTC - RP128 - Deckard's System Scanner Restore Point
74: 2008-06-18 06:49:28 UTC - RP127 - Software Distribution Service 3.0
73: 2008-06-11 03:39:14 UTC - RP126 - System Checkpoint
72: 2008-06-09 06:06:15 UTC - RP125 - Software Distribution Service 3.0
71: 2008-06-09 01:12:55 UTC - RP124 - System Checkpoint


-- First Restore Point --
1: 2008-01-18 02:30:59 UTC - RP54 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as mike.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:21 AM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\XKQC8XJV\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\mike.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C06F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C06F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\mike\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00106BD12D94} (PCPitstop Utility) - [You must be registered and logged in to see this link.]
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A060-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A706AD929EEE} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {9A9307A0-7DA4-4DAF-B062-5009F29E09E1} (ActiveScan Installer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - [You must be registered and logged in to see this link.]
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - [You must be registered and logged in to see this link.]
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 7052 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys
R3 SASENUM - c:\program files\superantispyware\sasenum.sys
R3 scrcap - c:\windows\system32\drivers\scrcap.sys

S0 XMS1563K - c:\windows\system32\drivers\xms1563k.sys
S3 catchme - c:\docume~1\mike\locals~1\temp\catchme.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys
S3 vgadrv - c:\windows\system32\drivers\vgadrv.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe"
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe"
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe"


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-18 and 2008-06-18 -----------------------------

2008-06-18 01:48:45 0 dr-h----- C:\Documents and Settings\mike\Recent
2008-06-06 16:45:56 0 d-------- C:\Documents and Settings\mike\Application Data\Malwarebytes
2008-06-06 16:45:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-06 16:45:49 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-05 23:52:12 0 d-------- C:\Program Files\Absolute Poker Basic
2008-06-05 23:52:08 0 d-------- C:\Program Files\_uninstallation_info
2008-06-05 13:02:40 299520 --a------ C:\WINDOWS\uninst.exe
2008-03-30 13:54:55 0 d-------- C:\Program Files\SUPERAntiSpyware


-- Find3M Report ---------------------------------------------------------------

2008-06-06 19:25:06 0 d-------- C:\Program Files\Trend Micro
2008-06-01 23:34:45 0 d-------- C:\Program Files\CarbonPoker
2008-03-30 13:54:55 0 d-------- C:\Documents and Settings\mike\Application Data\SUPERAntiSpyware.com
2008-03-30 13:54:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 23:27:26 0 d-------- C:\Program Files\Razor
2008-03-06 01:07:30 0 d-------- C:\Program Files\PurePlay
2008-02-18 19:08:23 0 d-------- C:\Program Files\AIM6
2008-02-18 19:08:07 0 d-------- C:\Program Files\Viewpoint
2008-02-17 16:39:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-17 16:38:52 0 d-------- C:\Program Files\DECAdry
2008-02-17 14:19:06 0 d-------- C:\Documents and Settings\mike\Application Data\Alfac
2008-02-17 13:52:50 0 d-------- C:\Program Files\AMF Software
2008-02-17 12:28:27 0 d-------- C:\Documents and Settings\mike\Application Data\Adobe
2008-02-17 12:24:27 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SideWinderTrayV4"="C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe" [06/02/2000 07:07 PM]
"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" [11/01/2006 09:46 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [05/03/2005 07:38 PM C:\WINDOWS\system32\P17.dll]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [01/26/2008 05:34 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 06:27 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2006 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/06/2006 07:00 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 11:15 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 06:03 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 06/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-06-18 11:46:07 ------------

Extra txt.
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

xpreetzo
Intermediate
Intermediate

Posts Posts : 150
Joined Joined : 2008-06-18
Gender Gender : Male
OS OS : winXP pro
Points Points : 31142
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by xpreetzo on Wed Jun 18, 2008 2:59 pm

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2000+
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 511.48 MiB / 291.31 MiB
Pagefile Memory (total/avail): 2528.11 MiB / 2291.68 MiB
Virtual Memory (total/avail): 2067.88 MiB / 1937.26 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 23.17 GiB free.
D: is Fixed (NTFS) - 37.27 GiB total, 29.3 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - MAXTOR 6L060J2 - 37.28 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD400JB-00JJC0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition v 7.0.3.158
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"="C:\\Program Files\\EA Games\\Ultima Online Mondain's Legacy\\client.exe:*:Enabled:client"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Quake2\\quake2.exe"="C:\\Program Files\\Quake2\\quake2.exe:*:Enabled:quake2"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\CarbonPoker\\client.exe"="C:\\Program Files\\CarbonPoker\\client.exe:*:Enabled:Carbon Poker Client"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\mike\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SAXON21
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\mike
LOGONSERVER=\\SAXON21
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\mike\LOCALS~1\Temp
TMP=C:\DOCUME~1\mike\LOCALS~1\Temp
USERDOMAIN=SAXON21
USERNAME=mike
USERPROFILE=C:\Documents and Settings\mike
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

mike (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v2.4.4 --> "C:\Program Files\AGEIA Technologies\uninstall.exe"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
ALSee --> "C:\Program Files\ESTsoft\ALSee\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F062E-E1B9-4A5B-8D46-387BB172F0A4}
Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BSPlayer --> "C:\Program Files\Webteh\BSplayer\uninstall.exe"
CarbonPoker --> C:\Program Files\CarbonPoker\uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Creative EAX Settings --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
Creative Speaker Settings --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
Device Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Fraps --> "C:\Fraps\uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mount&Blade --> C:\Program Files\Mount&Blade\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PlayGATE Setup --> C:\PROGRA~1\Playnet\Playgate\UNWISE.EXE C:\PROGRA~1\Playnet\Playgate\INSTALL.LOG
PurePlay Poker --> MsiExec.exe /X{19E16A54-962C-45D6-BDDE-FD01EBB1A086}
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
SideWinder Precision 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Hardware\Game Controllers\Precision 2\Uninst.isu" -c"C:\Program Files\Microsoft Hardware\Game Controllers\Precision 2\Uninstall.dll"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Ultima Online: Mondain's Legacy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}\setup.exe" -l0x9 -removeonly
UltimateBet --> C:\PROGRA~1\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\ULTIMA~1\INSTALL.LOG
UO Auto-Map --> c:\Program Files\UOAM\uoam.exe -uninstall
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Wisdom-soft ScreenHunter 4.0 Free --> C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
ZD Soft Screen Recorder --> "C:\Program Files\ZD Soft\Screen Recorder\Uninstall.exe"
ZD Soft Screen Video Decoder --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\scrvid.inf

xpreetzo
Intermediate
Intermediate

Posts Posts : 150
Joined Joined : 2008-06-18
Gender Gender : Male
OS OS : winXP pro
Points Points : 31142
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by xpreetzo on Wed Jun 18, 2008 3:00 pm

-- Application Event Log -------------------------------------------------------

Event Record #/Type8331 / Warning
Event Submitted/Written: 06/12/2008 01:52:27 AM
Event ID/Source: 1020 / ASP.NET 2.0.50727.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Event Record #/Type8172 / Error
Event Submitted/Written: 06/05/2008 06:40:37 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application aim6.exe, version 1.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8129 / Error
Event Submitted/Written: 06/05/2008 09:42:03 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type7961 / Error
Event Submitted/Written: 03/29/2008 09:01:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module quicktime.qts, version 7.4.0.91, fault address 0x001514d4.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type7960 / Error
Event Submitted/Written: 03/29/2008 08:54:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module quicktime.qts, version 7.4.0.91, fault address 0x001514d4.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type33235 / Error
Event Submitted/Written: 06/12/2008 11:06:00 AM / 06/12/2008 11:06:30 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.

Event Record #/Type33234 / Error
Event Submitted/Written: 06/12/2008 11:06:00 AM / 06/12/2008 11:06:30 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.

Event Record #/Type33233 / Error
Event Submitted/Written: 06/12/2008 11:06:00 AM / 06/12/2008 11:06:30 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.

Event Record #/Type33232 / Error
Event Submitted/Written: 06/12/2008 11:06:00 AM / 06/12/2008 11:06:30 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.

Event Record #/Type33231 / Error
Event Submitted/Written: 06/12/2008 11:06:00 AM / 06/12/2008 11:06:30 AM
Event ID/Source: 14 / nv
Event Description:
Unknown error on



-- End of Deckard's System Scanner: finished at 2008-06-18 11:46:07 ------------

xpreetzo
Intermediate
Intermediate

Posts Posts : 150
Joined Joined : 2008-06-18
Gender Gender : Male
OS OS : winXP pro
Points Points : 31142
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by Doctor Inferno on Thu Jun 19, 2008 4:37 am

You don't appear to be running a 3rd party firewall. These are essential to protect from trojans, viruses, spyware etc.

You should check out:- [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.]

User manuals are available for both:
Comodo's manual is built in and accessable from the Help Menu.

[You must be registered and logged in to see this link.]

Both are simple to install & free to use.
Please install only 1

I need you to post me a fresh HijackThis log to confirm correct installation of the Firewall.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by xpreetzo on Fri Jun 20, 2008 5:10 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:02 AM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\mike\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [You must be registered and logged in to see this link.]
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - [You must be registered and logged in to see this link.]
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 7821 bytes

xpreetzo
Intermediate
Intermediate

Posts Posts : 150
Joined Joined : 2008-06-18
Gender Gender : Male
OS OS : winXP pro
Points Points : 31142
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by Doctor Inferno on Fri Jun 20, 2008 1:50 pm

That log looks pretty clear, but as a check, can you do an Online scan?

Please go [You must be registered and logged in to see this link.] to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to C:\active_scan.txt
  • Post the contents of the TotalScan report


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by xpreetzo on Sat Jun 21, 2008 8:50 am

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-13 14:13:54
PROTECTIONS: 5
MALWARE: 5
SUSPECTS: 23
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Avira AntiVir PersonalEdition Classic 0.0.0.0 No Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition 7.0.3.158
Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\mike\Cookies\mike@atdmt[1].txt
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\mike\Cookies\mike@mediaplex[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\mike\Cookies\mike@advertising[1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\mike\Cookies\mike@atwola[1].txt
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
No C:\SYZ_DAT\ali.exe
No C:\SYZ_DAT\cdlock.dll
No C:\SYZ_DAT\cpy.exe
No C:\SYZ_DAT\EMF_Decrypt.exe
No C:\SYZ_DAT\fldrvw61.ocx
No C:\SYZ_DAT\install.exe
No C:\SYZ_DAT\magic.exe
No C:\SYZ_DAT\mfx
No C:\SYZ_DAT\systray.exe
No C:\SYZ_DAT\tb.exe
No C:\WINDOWS\system32\drivers\MFX.sys
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\DivX501Bundle.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\HistoryKill2003.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\JOIN16.EXE
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Join32.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\ppfsetup.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\scrtfldr.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\wrar330.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\AboutDC.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\Direct Connect.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\Survey.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\hand\wrar330.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\spooph22\Spooph.exe

xpreetzo
Intermediate
Intermediate

Posts Posts : 150
Joined Joined : 2008-06-18
Gender Gender : Male
OS OS : winXP pro
Points Points : 31142
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by Doctor Inferno on Sun Jun 22, 2008 12:38 pm

Please download the following & save to your Desktop:
[You must be registered and logged in to see this link.] by OldTimer.

Run OTMoveIt2:
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    Code:
    C:\WINDOWS\system32\Process.exe
    C:\SYZ_DAT\ali.exe
    C:\SYZ_DAT\cdlock.dll
    C:\SYZ_DAT\cpy.exe
    C:\SYZ_DAT\EMF_Decrypt.exe
    C:\SYZ_DAT\fldrvw61.ocx
    C:\SYZ_DAT\install.exe
    C:\SYZ_DAT\magic.exe
    C:\SYZ_DAT\mfx
    C:\SYZ_DAT\systray.exe
    C:\SYZ_DAT\tb.exe
    C:\WINDOWS\system32\drivers\MFX.sys
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\DivX501Bundle.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\HistoryKill2003.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\JOIN16.EXE
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Join32.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\ppfsetup.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\scrtfldr.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\wrar330.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\AboutDC.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\Direct Connect.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\Survey.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\hand\wrar330.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\spooph22\Spooph.exe


    Return to OTMoveIt, right click on the "Paste list of Files/Folders to be moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Open Notepad
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
  • Paste the text into the Notepad file, click in the window and press Ctrl + V.
  • Click "Exit" to close OTMoveIt.
  • Save the text file as C:\otmove.txt

(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)


Shut down & Reboot normally:

Run HijackThis again:
  • Select the Run a system scan and save a logfile button. The logfile will open in Notepad.
  • Start your Web browser and navigate back to this thread.
  • Click the Add Reply button
  • Copy and Paste the text into the Reply window.

Please include a note to tell me how your PC is running now.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by xpreetzo on Wed Jun 25, 2008 10:18 am

its been about four hours since my pc crashed

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:31:34 PM, on 6/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\mike\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - [You must be registered and logged in to see this link.]
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [You must be registered and logged in to see this link.]
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [You must be registered and logged in to see this link.]
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [You must be registered and logged in to see this link.]
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - [You must be registered and logged in to see this link.]
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - [You must be registered and logged in to see this link.]

--
End of file - 7911 bytes

xpreetzo
Intermediate
Intermediate

Posts Posts : 150
Joined Joined : 2008-06-18
Gender Gender : Male
OS OS : winXP pro
Points Points : 31142
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by Doctor Inferno on Thu Jun 26, 2008 7:19 am

Is your PC is just rebooting when it crashes instead of giving you a Blue Screen of Death (BSOD),
do the following:

Change the Default action:
  • Open System Properties via Start > Control Panel > Performance and Maintenance > System
    (System Properties may also be opened using the WinKey+Pause key combination)
  • Select the Advanced tab and then click Settings in the Startup and Recovery section
  • In System Failure section, clear the checkbox next to Automatically Restart
  • Click OK and OK to exit


We need the Stop Code generated, to see what the problem could be.

There is really very little in that log to worry about. If you are still having issues with it, we really need to dig a bit deeper.

Please download [You must be registered and logged in to see this link.] (Click on Download Rootkit Revealer link at the bottom of the page)
  • Unzip it to your desktop.
  • Open the rootkitrevealer folder and double-click rootkitrevealer.exe
  • Close ALL windows and programs and do nothing on the pc while the scan runs. This includes games, browser windows, email clients, etc.
  • Click the Scan button (bottom right)
  • It may take a while to scan (don't do anything while it's running)
  • When it's done, go up to File > Save. Choose to save it to your desktop.
  • Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by xpreetzo on Sun Jun 29, 2008 3:52 am

HKU\.DEFAULT\Control Panel\International 9/29/2007 9:03 PM 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\International\Geo 9/29/2007 9:03 PM 0 bytes Security mismatch.
HKU\S-1-5-21-73586283-1844237615-839522115-1004\Control Panel\International 12/22/2007 1:24 PM 0 bytes Security mismatch.
HKU\S-1-5-21-73586283-1844237615-839522115-1004\Control Panel\International\Geo 9/29/2007 9:03 PM 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International 9/29/2007 9:03 PM 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International\Geo 9/29/2007 9:03 PM 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 4/3/2006 7:50 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 4/3/2006 7:50 PM 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\IDX\master.idx 4/29/2008 10:25 PM 56 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\LOGFILES\Upd-2008-04-15-22-24-41.log 4/29/2008 10:28 PM 55.57 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179 4/29/2008 10:26 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\ave2.info 4/29/2008 10:25 PM 5.03 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\ave2.info.gz 4/29/2008 10:25 PM 1.47 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\classic-nt-en.idx 4/29/2008 10:25 PM 394 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\classic-nt-en.info 4/29/2008 10:25 PM 41.15 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\classic-nt-en.info.gz 4/29/2008 10:25 PM 10.10 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\idx 4/29/2008 10:25 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\idx\master.idx 4/29/2008 10:25 PM 56 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\info-wks-classic-nt-en.info 4/29/2008 10:25 PM 713 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\info-wks-classic-nt-en.info.gz 4/29/2008 10:25 PM 428 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\SPECIALFIRST 4/29/2008 10:25 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\SPECIALFIRST\message.idx 4/29/2008 10:25 PM 3.14 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\SPECIALSECOND 4/29/2008 10:25 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\SPECIALSECOND\message.idx 4/29/2008 10:25 PM 3.14 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\specvir-nt.info 4/29/2008 10:25 PM 732 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\specvir-nt.info.gz 4/29/2008 10:25 PM 448 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\vdf.info 4/29/2008 10:25 PM 2.45 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\vdf.info.gz 4/29/2008 10:25 PM 765 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks 4/29/2008 10:26 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en 4/29/2008 10:26 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt 4/29/2008 10:28 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avarkt.dll 4/29/2008 10:26 PM 300.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avarkt.dll.gz 4/29/2008 10:26 PM 157.53 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avcenter.exe 4/29/2008 10:26 PM 352.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avcenter.exe.gz 4/29/2008 10:26 PM 144.65 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.cpl 4/29/2008 10:27 PM 68.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.cpl.gz 4/29/2008 10:26 PM 32.71 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.dll 4/29/2008 10:27 PM 9.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.dll.gz 4/29/2008 10:27 PM 2.24 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.exe 4/29/2008 10:27 PM 236.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.exe.gz 4/29/2008 10:27 PM 88.66 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avevtlog.dll 4/29/2008 10:27 PM 112.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avevtlog.dll.gz 4/29/2008 10:27 PM 54.83 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avgio.dll 4/29/2008 10:27 PM 119.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avgio.dll.gz 4/29/2008 10:27 PM 66.68 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avgnt.exe 4/29/2008 10:27 PM 256.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avgnt.exe.gz 4/29/2008 10:27 PM 90.64 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avguard.exe 4/29/2008 10:27 PM 143.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avguard.exe.gz 4/29/2008 10:27 PM 71.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avinet.dll 4/29/2008 10:26 PM 10.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avinet.dll.gz 4/29/2008 10:26 PM 4.46 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avipc.dll 4/29/2008 10:27 PM 72.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avipc.dll.gz 4/29/2008 10:27 PM 31.99 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avnotify.dll 4/29/2008 10:27 PM 8.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avnotify.dll.gz 4/29/2008 10:27 PM 2.47 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avnotify.exe 4/29/2008 10:27 PM 180.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avnotify.exe.gz 4/29/2008 10:27 PM 73.67 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avpref.dll 4/29/2008 10:27 PM 25.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avpref.dll.gz 4/29/2008 10:27 PM 8.06 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avreg.dll 4/29/2008 10:27 PM 30.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avreg.dll.gz 4/29/2008 10:27 PM 11.05 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avscan.dll 4/29/2008 10:27 PM 52.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avscan.dll.gz 4/29/2008 10:27 PM 8.20 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avscan.exe 4/29/2008 10:27 PM 304.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avscan.exe.gz 4/29/2008 10:27 PM 131.60 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avwinll.dll 4/29/2008 10:27 PM 14.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avwinll.dll.gz 4/29/2008 10:27 PM 7.79 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avwsc.exe 4/29/2008 10:27 PM 203.70 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avwsc.exe.gz 4/29/2008 10:27 PM 93.63 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccev.dll 4/29/2008 10:27 PM 148.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccev.dll.gz 4/29/2008 10:27 PM 57.80 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccevrc.dll 4/29/2008 10:27 PM 12.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccevrc.dll.gz 4/29/2008 10:27 PM 3.64 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgen.dll 4/29/2008 10:27 PM 264.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgen.dll.gz 4/29/2008 10:27 PM 98.29 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgenrc.dll 4/29/2008 10:27 PM 17.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgenrc.dll.gz 4/29/2008 10:27 PM 4.62 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgrdrc.dll 4/29/2008 10:27 PM 19.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgrdrc.dll.gz 4/29/2008 10:27 PM 5.36 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccguard.dll 4/29/2008 10:27 PM 212.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccguard.dll.gz 4/29/2008 10:27 PM 77.77 KB Hidden from Windows API.

xpreetzo
Intermediate
Intermediate

Posts Posts : 150
Joined Joined : 2008-06-18
Gender Gender : Male
OS OS : winXP pro
Points Points : 31142
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by xpreetzo on Sun Jun 29, 2008 3:53 am

C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclib.dll 4/29/2008 10:27 PM 156.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclib.dll.gz 4/29/2008 10:27 PM 64.73 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclic.dll 4/29/2008 10:27 PM 60.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclic.dll.gz 4/29/2008 10:27 PM 18.97 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclicrc.dll 4/29/2008 10:27 PM 5.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclicrc.dll.gz 4/29/2008 10:27 PM 1.43 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccmainrc.dll 4/29/2008 10:27 PM 20.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccmainrc.dll.gz 4/29/2008 10:27 PM 5.54 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccmsg.dll 4/29/2008 10:27 PM 152.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccmsg.dll.gz 4/29/2008 10:27 PM 63.44 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccprofil.dll 4/29/2008 10:27 PM 256.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccprofil.dll.gz 4/29/2008 10:27 PM 103.73 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccquamgr.dll 4/29/2008 10:27 PM 212.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccquamgr.dll.gz 4/29/2008 10:27 PM 93.28 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccquarc.dll 4/29/2008 10:27 PM 15.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccquarc.dll.gz 4/29/2008 10:27 PM 4.46 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccreporc.dll 4/29/2008 10:27 PM 11.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccreporc.dll.gz 4/29/2008 10:27 PM 3.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccreport.dll 4/29/2008 10:27 PM 128.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccreport.dll.gz 4/29/2008 10:27 PM 50.39 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccscanrc.dll 4/29/2008 10:27 PM 22.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccscanrc.dll.gz 4/29/2008 10:27 PM 6.54 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccsched.dll 4/29/2008 10:27 PM 148.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccsched.dll.gz 4/29/2008 10:27 PM 56.34 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccscherc.dll 4/29/2008 10:27 PM 17.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccscherc.dll.gz 4/29/2008 10:27 PM 4.71 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cctpc.dll 4/29/2008 10:27 PM 240.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cctpc.dll.gz 4/29/2008 10:27 PM 110.46 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccupdate.dll 4/29/2008 10:28 PM 112.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccupdate.dll.gz 4/29/2008 10:28 PM 42.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccupdrc.dll 4/29/2008 10:28 PM 12.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccupdrc.dll.gz 4/29/2008 10:28 PM 3.32 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\guardgui.exe.gz 4/29/2008 10:28 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\scewxml.dll 4/29/2008 10:26 PM 100.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\scewxml.dll.gz 4/29/2008 10:26 PM 43.10 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\update.exe 4/29/2008 10:26 PM 432.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\update.exe.gz 4/29/2008 10:26 PM 187.35 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\update_msg.avr 4/29/2008 10:26 PM 10.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\update_msg.avr.gz 4/29/2008 10:26 PM 5.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updgui.dll 4/29/2008 10:26 PM 144.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updgui.dll.gz 4/29/2008 10:26 PM 56.99 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updguirc.dll 4/29/2008 10:26 PM 9.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updguirc.dll.gz 4/29/2008 10:26 PM 2.76 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updlib.dll 4/29/2008 10:26 PM 448.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updlib.dll.gz 4/29/2008 10:26 PM 135.37 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updlibrc.dll 4/29/2008 10:26 PM 22.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updlibrc.dll.gz 4/29/2008 10:26 PM 5.07 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt 4/29/2008 10:26 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\antivir.oem 4/29/2008 10:26 PM 256 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\antivir.oem.gz 4/29/2008 10:26 PM 279 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\rcimage.dll 4/29/2008 10:26 PM 2.26 MB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\rcimage.dll.gz 4/29/2008 10:26 PM 642.33 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\rctext.dll 4/29/2008 10:26 PM 84.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\rctext.dll.gz 4/29/2008 10:26 PM 26.67 KB Hidden from Windows API.
C:\Documents and Settings\mike\Cookies\mike@avira.cleverbridge[2].txt 4/29/2008 10:28 PM 445 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Cookies\mike@cleverbridge[1].txt 4/29/2008 10:28 PM 90 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Cookies\mike@notifier.antivir-pe[1].txt 4/29/2008 10:26 PM 650 bytes Hidden from Windows API.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\1L8B21GR\price[1].gif 4/29/2008 10:26 PM 11.98 KB Hidden from Windows API.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\1L8B21GR\table_en[1].jpg 4/29/2008 10:26 PM 152.10 KB Hidden from Windows API.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\30[1].htm 4/29/2008 10:28 PM 68.88 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\CDScanSmall[1].png 4/29/2008 10:28 PM 2.29 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\creditcards[1].png 4/29/2008 10:28 PM 1.21 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\geoip[1].htm 4/29/2008 10:26 PM 2 bytes Hidden from Windows API.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\red_arrow[1].gif 4/29/2008 10:28 PM 81 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\shoppingcart[1].png 4/29/2008 10:28 PM 1.53 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\spacer[1].gif 4/29/2008 10:28 PM 49 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\topMenuBgd_sand[1].gif 4/29/2008 10:28 PM 925 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\L4H95BXU\default[1].htm 4/29/2008 10:26 PM 30.70 KB Hidden from Windows API.

xpreetzo
Intermediate
Intermediate

Posts Posts : 150
Joined Joined : 2008-06-18
Gender Gender : Male
OS OS : winXP pro
Points Points : 31142
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by xpreetzo on Sun Jun 29, 2008 3:54 am

C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\L4H95BXU\ga[2].js 4/29/2008 10:26 PM 18.93 KB Hidden from Windows API.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\NS948XPN\en[1].htm 4/29/2008 10:26 PM 2.10 KB Hidden from Windows API.
C:\SYZ_DAT 4/29/2008 9:51 PM 0 bytes Hidden from Windows API.
C:\SYZ_DAT\ali.exe 4/3/2006 9:49 PM 28.00 KB Hidden from Windows API.
C:\SYZ_DAT\cdlock.dll 4/3/2006 9:49 PM 48.00 KB Hidden from Windows API.
C:\SYZ_DAT\cpy.exe 4/3/2006 9:49 PM 32.00 KB Hidden from Windows API.
C:\SYZ_DAT\dirlist 4/29/2008 9:51 PM 250 bytes Hidden from Windows API.
C:\SYZ_DAT\dirlist_bak 4/29/2008 9:51 PM 250 bytes Hidden from Windows API.
C:\SYZ_DAT\DL.BAK 4/29/2008 8:24 PM 250 bytes Hidden from Windows API.
C:\SYZ_DAT\EMF_Decrypt.exe 4/3/2006 9:49 PM 124.00 KB Hidden from Windows API.
C:\SYZ_DAT\fldrvw61.ocx 4/3/2006 9:49 PM 408.00 KB Hidden from Windows API.
C:\SYZ_DAT\install.exe 4/13/2008 2:37 PM 1.09 MB Hidden from Windows API.
C:\SYZ_DAT\magic.exe 4/3/2006 9:49 PM 24.00 KB Hidden from Windows API.
C:\SYZ_DAT\mf.chm 4/3/2006 9:49 PM 32.36 KB Hidden from Windows API.
C:\SYZ_DAT\mf.txx 4/3/2006 9:49 PM 24.41 KB Hidden from Windows API.
C:\SYZ_DAT\mfx 4/3/2006 9:49 PM 50.89 KB Hidden from Windows API.
C:\SYZ_DAT\MFX.CFG 4/29/2008 9:52 PM 104 bytes Hidden from Windows API.
C:\SYZ_DAT\mfx_cfg.org 4/3/2006 9:49 PM 93 bytes Hidden from Windows API.
C:\SYZ_DAT\readme.txt 4/3/2006 9:49 PM 3.09 KB Hidden from Windows API.
C:\SYZ_DAT\systray.exe 4/3/2006 9:54 PM 32.00 KB Hidden from Windows API.
C:\SYZ_DAT\tb.exe 4/3/2006 9:49 PM 24.00 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\AVNOTIFY.EXE-32FAE179.pf 4/29/2008 10:26 PM 43.25 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\PREUPD.EXE-0C5BC219.pf 4/29/2008 10:24 PM 14.43 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\UPDATE.EXE-264167D5.pf 4/29/2008 10:24 PM 23.51 KB Hidden from Windows API.
C:\WINDOWS\system32\drivers\MFX.sys 4/3/2006 9:49 PM 50.89 KB Hidden from Windows API.

xpreetzo
Intermediate
Intermediate

Posts Posts : 150
Joined Joined : 2008-06-18
Gender Gender : Male
OS OS : winXP pro
Points Points : 31142
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by Doctor Inferno on Sun Jun 29, 2008 10:42 am

I think those hidden files in your C:\SYZ_DAT folder are at least part of the problem.
Unfortunately I didn't ask you to send me the OTMoveIt scan report, or I would have known that they hadn't been deleted.


1. Please download [You must be registered and logged in to see this link.] by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Code:
Folders to delete:
C:\SYZ_DAT

Files to delete:
C:\WINDOWS\system32\drivers\MFX.sys


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "script file to execute" choose "Input script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.

4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.

5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104600
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by xpreetzo on Wed Jul 02, 2008 10:38 am

Problem is solved now, thanks. Thank You!

xpreetzo
Intermediate
Intermediate

Posts Posts : 150
Joined Joined : 2008-06-18
Gender Gender : Male
OS OS : winXP pro
Points Points : 31142
# Likes # Likes : 0

View user profile

Back to top Go down

Re: lots of nasties

Post by Doctor Inferno on Thu Jul 03, 2008 7:48 am

This issue has been solved and will now be locked.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12015
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104600
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum