Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

HiJackThis log [CLOSED]


  • This topic is locked This topic is locked

#1
trinna

trinna

    Member

  • Member
  • PipPip
  • 47 posts
This might might be a hardware issue i'm not sure, my system is pretty old.
Spybot and AdAware found alot of issues and thats about the same time my system starting freezing up, screen would go black or with maybe some odd colors then it would just reboot. This would happin several times an hour at first but after running my anti-vir and some anti spyware programs it only does it now about every hour or so.

Again, this could be a hardware issue but I thought I should check with you guys first.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:34:33 PM, on 4/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CarbonPoker\client.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\mike\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1144112257468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://spinpalace.m...ay/FlashAX2.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.uogamers..../artakus_bg.gif

--
End of file - 7018 bytes
  • 0

Advertisements


#2
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi trinna,

Welcome to Geeks To Go,

I'm sorry that we haven't got to you until now, but the forum can get hectic at times.

I am sage5 and I will be helping you with this problem.

First I need you to download the following tools & save them to your Desktop.
Malwarebytes' Anti-Malware from Here or Here
Deckard's System Scanner


Spy-Bot's TeaTimer is a good tool for the prevention of spyware, but it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now. It can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.


Run Malwarebytes' Anti-Malware:
Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Save the entire report as C:\mbam.txt
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Run Deckard's System Scanner:
  • Close all other windows before proceeding.
  • Double click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in Notepad.
  • Close both of the text files.
These files are C:\Deckard\System Scanner\main.txt & extra.txt.
I will need you to copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of
  • main.txt
  • extra.txt
  • C:\mbam.txt
in your next reply.


The text from these files may exceed the maximum post length for this forum, and may need to be sent over 2 or more posts. Please ensure all text is posted.


Cheers,

sage5
  • 0

#3
trinna

trinna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Main.txt

Deckard's System Scanner v20071014.68
Run by mike on 2008-04-12 11:44:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
75: 2008-04-12 16:44:35 UTC - RP128 - Deckard's System Scanner Restore Point
74: 2008-04-12 06:49:28 UTC - RP127 - Software Distribution Service 3.0
73: 2008-04-11 03:39:14 UTC - RP126 - System Checkpoint
72: 2008-04-09 06:06:15 UTC - RP125 - Software Distribution Service 3.0
71: 2008-04-09 01:12:55 UTC - RP124 - System Checkpoint


-- First Restore Point --
1: 2008-01-18 02:30:59 UTC - RP54 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as mike.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:21 AM, on 4/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\XKQC8XJV\dss[1].exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\mike.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\mike\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1144112257468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://spinpalace.m...ay/FlashAX2.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.uogamers..../artakus_bg.gif

--
End of file - 7052 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys <Not Verified; Protection Technology; StarForce Protection System>
R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys <Not Verified; Protection Technology; StarForce Protection System>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>
R3 scrcap - c:\windows\system32\drivers\scrcap.sys <Not Verified; ZD Soft; ZD Soft Screen Capture Series>

S0 XMS1563K - c:\windows\system32\drivers\xms1563k.sys
S3 catchme - c:\docume~1\mike\locals~1\temp\catchme.sys (file missing)
S3 EagleNT - c:\windows\system32\drivers\eaglent.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 vgadrv - c:\windows\system32\drivers\vgadrv.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-03-12 and 2008-04-12 -----------------------------

2008-04-12 01:48:45 0 dr-h----- C:\Documents and Settings\mike\Recent
2008-04-06 16:45:56 0 d-------- C:\Documents and Settings\mike\Application Data\Malwarebytes
2008-04-06 16:45:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-06 16:45:49 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-05 23:52:12 0 d-------- C:\Program Files\Absolute Poker Basic
2008-04-05 23:52:08 0 d-------- C:\Program Files\_uninstallation_info
2008-04-05 13:02:40 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-03-30 13:54:55 0 d-------- C:\Program Files\SUPERAntiSpyware


-- Find3M Report ---------------------------------------------------------------

2008-04-04 19:25:04 0 d-------- C:\Program Files\Trend Micro
2008-04-01 23:34:45 0 d-------- C:\Program Files\CarbonPoker
2008-03-30 13:54:55 0 d-------- C:\Documents and Settings\mike\Application Data\SUPERAntiSpyware.com
2008-03-30 13:54:34 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 23:27:26 0 d-------- C:\Program Files\Razor
2008-03-06 01:07:30 0 d-------- C:\Program Files\PurePlay
2008-02-18 19:08:23 0 d-------- C:\Program Files\AIM6
2008-02-18 19:08:07 0 d-------- C:\Program Files\Viewpoint
2008-02-17 16:39:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-17 16:38:52 0 d-------- C:\Program Files\DECAdry
2008-02-17 14:19:06 0 d-------- C:\Documents and Settings\mike\Application Data\Alfac
2008-02-17 13:52:50 0 d-------- C:\Program Files\AMF Software
2008-02-17 12:28:27 0 d-------- C:\Documents and Settings\mike\Application Data\Adobe
2008-02-17 12:24:27 0 d-------- C:\Program Files\Common Files\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SideWinderTrayV4"="C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe" [06/02/2000 07:07 PM]
"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" [11/01/2006 09:46 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM C:\WINDOWS\system32\nwiz.exe]
"P17Helper"="P17.dll" [05/03/2005 07:38 PM C:\WINDOWS\system32\P17.dll]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [01/26/2008 05:34 PM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 04:27 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [01/03/2008 11:15 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,




-- End of Deckard's System Scanner: finished at 2008-04-12 11:46:07 ------------

Extra txt.
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon™ XP 2000+
Percentage of Memory in Use: 43%
Physical Memory (total/avail): 511.48 MiB / 291.31 MiB
Pagefile Memory (total/avail): 2528.11 MiB / 2291.68 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.26 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 37.26 GiB total, 23.17 GiB free.
D: is Fixed (NTFS) - 37.27 GiB total, 29.3 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)

\\.\PHYSICALDRIVE1 - MAXTOR 6L040J2 - 37.28 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.27 GiB - D:

\\.\PHYSICALDRIVE0 - WDC WD400JB-00JJC0 - 37.27 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 37.26 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH) Disabled
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition v 7.0.3.158
(Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)
AV: Avira AntiVir PersonalEdition Classic v0.0.0.0 (Avira GmbH)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EA Games\\Ultima Online Mondain's Legacy\\client.exe"="C:\\Program Files\\EA Games\\Ultima Online Mondain's Legacy\\client.exe:*:Enabled:client"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Quake2\\quake2.exe"="C:\\Program Files\\Quake2\\quake2.exe:*:Enabled:quake2"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\CarbonPoker\\client.exe"="C:\\Program Files\\CarbonPoker\\client.exe:*:Enabled:Carbon Poker Client"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\mike\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=SAXON21
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\mike
LOGONSERVER=\\SAXON21
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\mike\LOCALS~1\Temp
TMP=C:\DOCUME~1\mike\LOCALS~1\Temp
USERDOMAIN=SAXON21
USERNAME=mike
USERPROFILE=C:\Documents and Settings\mike
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

mike (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AGEIA PhysX v2.4.4 --> "C:\Program Files\AGEIA Technologies\uninstall.exe"
AIM 6 --> C:\Program Files\AIM6\uninst.exe
ALSee --> "C:\Program Files\ESTsoft\ALSee\unins000.exe"
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Avira AntiVir PersonalEdition Classic --> C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Bonjour --> MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
BSPlayer --> "C:\Program Files\Webteh\BSplayer\uninstall.exe"
CarbonPoker --> C:\Program Files\CarbonPoker\uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Creative EAX Settings --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C64409FA-42A7-49C6-837A-D2E5D813BD57}\setup.exe" -l0x9 /remove
Creative Speaker Settings --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32B4B536-4443-42F0-9676-98373BE9114F}\setup.exe" -l0x9 /remove
Device Control --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9194237B-7B58-40B4-A739-184AD59531A2}\setup.exe" -l0x9 /remove
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Fraps --> "C:\Fraps\uninstall.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
Malwarebytes' Anti-Malware --> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mIRC --> C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mount&Blade --> C:\Program Files\Mount&Blade\uninstall.exe
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PlayGATE Setup --> C:\PROGRA~1\Playnet\Playgate\UNWISE.EXE C:\PROGRA~1\Playnet\Playgate\INSTALL.LOG
PurePlay Poker --> MsiExec.exe /X{19E16A54-962C-45D6-BDDE-FD01EBB1A086}
QuickTime --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
SideWinder Precision 2 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Hardware\Game Controllers\Precision 2\Uninst.isu" -c"C:\Program Files\Microsoft Hardware\Game Controllers\Precision 2\Uninstall.dll"
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
Ultima Online: Mondain's Legacy --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DF7B213D-2065-41ED-BB51-7A3EED31EA7B}\setup.exe" -l0x9 -removeonly
UltimateBet --> C:\PROGRA~1\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\ULTIMA~1\INSTALL.LOG
UO Auto-Map --> c:\Program Files\UOAM\uoam.exe -uninstall
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Wisdom-soft ScreenHunter 4.0 Free --> C:\PROGRA~1\WISDOM~1\UNWISE.EXE C:\PROGRA~1\WISDOM~1\INSTALL.LOG
ZD Soft Screen Recorder --> "C:\Program Files\ZD Soft\Screen Recorder\Uninstall.exe"
ZD Soft Screen Video Decoder --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\scrvid.inf


-- Application Event Log -------------------------------------------------------

Event Record #/Type8331 / Warning
Event Submitted/Written: 04/12/2008 01:52:27 AM
Event ID/Source: 1020 / ASP.NET 2.0.50727.0
Event Description:
Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Event Record #/Type8172 / Error
Event Submitted/Written: 04/05/2008 06:40:37 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application aim6.exe, version 1.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type8129 / Error
Event Submitted/Written: 04/05/2008 09:42:03 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00001010.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type7961 / Error
Event Submitted/Written: 03/29/2008 09:01:15 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module quicktime.qts, version 7.4.0.91, fault address 0x001514d4.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type7960 / Error
Event Submitted/Written: 03/29/2008 08:54:42 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16608, faulting module quicktime.qts, version 7.4.0.91, fault address 0x001514d4.
Processing media-specific event for [iexplore.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type33235 / Error
Event Submitted/Written: 04/12/2008 11:04:00 AM / 04/12/2008 11:04:30 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.

Event Record #/Type33234 / Error
Event Submitted/Written: 04/12/2008 11:04:00 AM / 04/12/2008 11:04:30 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.

Event Record #/Type33233 / Error
Event Submitted/Written: 04/12/2008 11:04:00 AM / 04/12/2008 11:04:30 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.

Event Record #/Type33232 / Error
Event Submitted/Written: 04/12/2008 11:04:00 AM / 04/12/2008 11:04:30 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.

Event Record #/Type33231 / Error
Event Submitted/Written: 04/12/2008 11:04:00 AM / 04/12/2008 11:04:30 AM
Event ID/Source: 14 / nv
Event Description:
Unknown error on



-- End of Deckard's System Scanner: finished at 2008-04-12 11:46:07 ------------
  • 0

#4
trinna

trinna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Thanks for the reply sage5! malwarebytes did not find anything.
  • 0

#5
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi trinna,

You don't appear to be running a 3rd party firewall. These are essential to protect from trojans, viruses, spyware etc.

You should check out:- Comodo Firewall Pro or Sunbelt Personal Firewall

User manuals are available for both:
Comodo's manual is built in and accessable from the Help Menu.

Sunbelt Manual Here

Both are simple to install & free to use.
Please install only 1

I need you to post me a fresh HijackThis log to confirm correct installation of the Firewall.

Cheers,

sage5
  • 0

#6
trinna

trinna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
here ya go..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:02 AM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\mike\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1144112257468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://spinpalace.m...ay/FlashAX2.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.uogamers..../artakus_bg.gif

--
End of file - 7821 bytes
  • 0

#7
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi trinna,

That log looks pretty clear, but as a check, can you do an Online scan?

Please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to C:\active_scan.txt
  • Post the contents of the TotalScan report

Cheers,

sage5
  • 0

#8
trinna

trinna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
here ya go..

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-04-13 14:13:54
PROTECTIONS: 5
MALWARE: 5
SUSPECTS: 23
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Avira AntiVir PersonalEdition Classic 0.0.0.0 No Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition 7.0.3.158
Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
Avira AntiVir PersonalEdition Classic 0.0.0.0 Yes Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\mike\Cookies\[email protected][1].txt
00139535 Application/Processor HackTools No 0 Yes No C:\WINDOWS\system32\Process.exe
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\mike\Cookies\[email protected][1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\mike\Cookies\[email protected][1].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\mike\Cookies\[email protected][1].txt
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location
;===============================================================================
=================================================================================
===================
No C:\SYZ_DAT\ali.exe
No C:\SYZ_DAT\cdlock.dll
No C:\SYZ_DAT\cpy.exe
No C:\SYZ_DAT\EMF_Decrypt.exe
No C:\SYZ_DAT\fldrvw61.ocx
No C:\SYZ_DAT\install.exe
No C:\SYZ_DAT\magic.exe
No C:\SYZ_DAT\mfx
No C:\SYZ_DAT\systray.exe
No C:\SYZ_DAT\tb.exe
No C:\WINDOWS\system32\drivers\MFX.sys
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\DivX501Bundle.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\HistoryKill2003.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\JOIN16.EXE
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Join32.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\ppfsetup.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\scrtfldr.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\wrar330.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\AboutDC.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\Direct Connect.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\Survey.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\hand\wrar330.exe
No D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\spooph22\Spooph.exe
  • 0

#9
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi trinna,

Please download the following & save to your Desktop:
OTMoveIt2 by OldTimer.

Run OTMoveIt2:
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\Process.exe
    C:\SYZ_DAT\ali.exe
    C:\SYZ_DAT\cdlock.dll
    C:\SYZ_DAT\cpy.exe
    C:\SYZ_DAT\EMF_Decrypt.exe
    C:\SYZ_DAT\fldrvw61.ocx
    C:\SYZ_DAT\install.exe
    C:\SYZ_DAT\magic.exe
    C:\SYZ_DAT\mfx
    C:\SYZ_DAT\systray.exe
    C:\SYZ_DAT\tb.exe
    C:\WINDOWS\system32\drivers\MFX.sys
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\DivX501Bundle.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\HistoryKill2003.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\JOIN16.EXE
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Join32.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\ppfsetup.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\scrtfldr.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\wrar330.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\AboutDC.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\Direct Connect.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\Direct Connect\Survey.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\hand\wrar330.exe
    D:\wargame1\newwar\empty\warcon\crap4\warrior\warriordat\dat1\crap\spooph22\Spooph.exe
  • Return to OTMoveIt, right click on the "Paste list of Files/Folders to be moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Open Notepad
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy).
  • Paste the text into the Notepad file, click in the window and press Ctrl + V.
  • Click "Exit" to close OTMoveIt.
  • Save the text file as C:\otmove.txt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)


Shut down & Reboot normally:

Run HijackThis again:
  • Select the Run a system scan and save a logfile button. The logfile will open in Notepad.
  • Start your Web browser and navigate back to this thread.
  • Click the Add Reply button
  • Copy and Paste the text into the Reply window.
Please include a note to tell me how your PC is running now.

Cheers,

sage5
  • 0

#10
trinna

trinna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Thanks sage5, its been about four hours since my pc crashed so i'm crossing my fingers, I still get some fresh hits (data miner) on adware SE even tho I have not been to any web sites


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:31:34 PM, on 4/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
O4 - HKLM\..\Run: [hcsystray] C:\Program Files\Kuma Games\hcsystray\hc_tray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\mike\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...p/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1144112257468
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.co.../sysreqlab2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...l/installer.exe
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - https://spinpalace.m...ay/FlashAX2.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - http://www.uogamers..../artakus_bg.gif

--
End of file - 7911 bytes
  • 0

Advertisements


#11
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi trinna,

Is your PC is just rebooting when it crashes instead of giving you a Blue Screen of Death (BSOD),
do the following:

Change the Default action:
  • Open System Properties via Start > Control Panel > Performance and Maintenance > System
    (System Properties may also be opened using the WinKey+Pause key combination)
  • Select the Advanced tab and then click Settings in the Startup and Recovery section
  • In System Failure section, clear the checkbox next to Automatically Restart
  • Click OK and OK to exit

We need the Stop Code generated, to see what the problem could be.

There is really very little in that log to worry about. If you are still having issues with it, we really need to dig a bit deeper.

Please download Rootkit Revealer (Click on Download Rootkit Revealer link at the bottom of the page)
  • Unzip it to your desktop.
  • Open the rootkitrevealer folder and double-click rootkitrevealer.exe
  • Close ALL windows and programs and do nothing on the pc while the scan runs. This includes games, browser windows, email clients, etc.
  • Click the Scan button (bottom right)
  • It may take a while to scan (don't do anything while it's running)
  • When it's done, go up to File > Save. Choose to save it to your desktop.
  • Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here


Cheers,

sage5
  • 0

#12
trinna

trinna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Thanks sage, i'm still waiting for the BSoD. Here's the log-

HKU\.DEFAULT\Control Panel\International 9/29/2007 9:03 PM 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\International\Geo 9/29/2007 9:03 PM 0 bytes Security mismatch.
HKU\S-1-5-21-73586283-1844237615-839522115-1004\Control Panel\International 12/22/2007 1:24 PM 0 bytes Security mismatch.
HKU\S-1-5-21-73586283-1844237615-839522115-1004\Control Panel\International\Geo 9/29/2007 9:03 PM 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International 9/29/2007 9:03 PM 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\International\Geo 9/29/2007 9:03 PM 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 4/3/2006 7:50 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 4/3/2006 7:50 PM 0 bytes Key name contains embedded nulls (*)
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\IDX\master.idx 4/15/2008 10:25 PM 56 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\LOGFILES\Upd-2008-04-15-22-24-41.log 4/15/2008 10:28 PM 55.57 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179 4/15/2008 10:26 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\ave2.info 4/15/2008 10:25 PM 5.03 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\ave2.info.gz 4/15/2008 10:25 PM 1.47 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\classic-nt-en.idx 4/15/2008 10:25 PM 394 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\classic-nt-en.info 4/15/2008 10:25 PM 41.15 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\classic-nt-en.info.gz 4/15/2008 10:25 PM 10.10 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\idx 4/15/2008 10:25 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\idx\master.idx 4/15/2008 10:25 PM 56 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\info-wks-classic-nt-en.info 4/15/2008 10:25 PM 713 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\info-wks-classic-nt-en.info.gz 4/15/2008 10:25 PM 428 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\SPECIALFIRST 4/15/2008 10:25 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\SPECIALFIRST\message.idx 4/15/2008 10:25 PM 3.14 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\SPECIALSECOND 4/15/2008 10:25 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\SPECIALSECOND\message.idx 4/15/2008 10:25 PM 3.14 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\specvir-nt.info 4/15/2008 10:25 PM 732 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\specvir-nt.info.gz 4/15/2008 10:25 PM 448 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\vdf.info 4/15/2008 10:25 PM 2.45 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\vdf.info.gz 4/15/2008 10:25 PM 765 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks 4/15/2008 10:26 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en 4/15/2008 10:26 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt 4/15/2008 10:28 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avarkt.dll 4/15/2008 10:26 PM 300.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avarkt.dll.gz 4/15/2008 10:26 PM 157.53 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avcenter.exe 4/15/2008 10:26 PM 352.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avcenter.exe.gz 4/15/2008 10:26 PM 144.65 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.cpl 4/15/2008 10:27 PM 68.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.cpl.gz 4/15/2008 10:26 PM 32.71 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.dll 4/15/2008 10:27 PM 9.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.dll.gz 4/15/2008 10:27 PM 2.24 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.exe 4/15/2008 10:27 PM 236.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avconfig.exe.gz 4/15/2008 10:27 PM 88.66 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avevtlog.dll 4/15/2008 10:27 PM 112.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avevtlog.dll.gz 4/15/2008 10:27 PM 54.83 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avgio.dll 4/15/2008 10:27 PM 119.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avgio.dll.gz 4/15/2008 10:27 PM 66.68 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avgnt.exe 4/15/2008 10:27 PM 256.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avgnt.exe.gz 4/15/2008 10:27 PM 90.64 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avguard.exe 4/15/2008 10:27 PM 143.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avguard.exe.gz 4/15/2008 10:27 PM 71.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avinet.dll 4/15/2008 10:26 PM 10.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avinet.dll.gz 4/15/2008 10:26 PM 4.46 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avipc.dll 4/15/2008 10:27 PM 72.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avipc.dll.gz 4/15/2008 10:27 PM 31.99 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avnotify.dll 4/15/2008 10:27 PM 8.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avnotify.dll.gz 4/15/2008 10:27 PM 2.47 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avnotify.exe 4/15/2008 10:27 PM 180.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avnotify.exe.gz 4/15/2008 10:27 PM 73.67 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avpref.dll 4/15/2008 10:27 PM 25.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avpref.dll.gz 4/15/2008 10:27 PM 8.06 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avreg.dll 4/15/2008 10:27 PM 30.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avreg.dll.gz 4/15/2008 10:27 PM 11.05 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avscan.dll 4/15/2008 10:27 PM 52.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avscan.dll.gz 4/15/2008 10:27 PM 8.20 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avscan.exe 4/15/2008 10:27 PM 304.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avscan.exe.gz 4/15/2008 10:27 PM 131.60 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avwinll.dll 4/15/2008 10:27 PM 14.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avwinll.dll.gz 4/15/2008 10:27 PM 7.79 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avwsc.exe 4/15/2008 10:27 PM 203.70 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\avwsc.exe.gz 4/15/2008 10:27 PM 93.63 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccev.dll 4/15/2008 10:27 PM 148.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccev.dll.gz 4/15/2008 10:27 PM 57.80 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccevrc.dll 4/15/2008 10:27 PM 12.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccevrc.dll.gz 4/15/2008 10:27 PM 3.64 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgen.dll 4/15/2008 10:27 PM 264.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgen.dll.gz 4/15/2008 10:27 PM 98.29 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgenrc.dll 4/15/2008 10:27 PM 17.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgenrc.dll.gz 4/15/2008 10:27 PM 4.62 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgrdrc.dll 4/15/2008 10:27 PM 19.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccgrdrc.dll.gz 4/15/2008 10:27 PM 5.36 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccguard.dll 4/15/2008 10:27 PM 212.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccguard.dll.gz 4/15/2008 10:27 PM 77.77 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclib.dll 4/15/2008 10:27 PM 156.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclib.dll.gz 4/15/2008 10:27 PM 64.73 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclic.dll 4/15/2008 10:27 PM 60.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclic.dll.gz 4/15/2008 10:27 PM 18.97 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclicrc.dll 4/15/2008 10:27 PM 5.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cclicrc.dll.gz 4/15/2008 10:27 PM 1.43 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccmainrc.dll 4/15/2008 10:27 PM 20.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccmainrc.dll.gz 4/15/2008 10:27 PM 5.54 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccmsg.dll 4/15/2008 10:27 PM 152.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccmsg.dll.gz 4/15/2008 10:27 PM 63.44 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccprofil.dll 4/15/2008 10:27 PM 256.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccprofil.dll.gz 4/15/2008 10:27 PM 103.73 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccquamgr.dll 4/15/2008 10:27 PM 212.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccquamgr.dll.gz 4/15/2008 10:27 PM 93.28 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccquarc.dll 4/15/2008 10:27 PM 15.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccquarc.dll.gz 4/15/2008 10:27 PM 4.46 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccreporc.dll 4/15/2008 10:27 PM 11.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccreporc.dll.gz 4/15/2008 10:27 PM 3.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccreport.dll 4/15/2008 10:27 PM 128.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccreport.dll.gz 4/15/2008 10:27 PM 50.39 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccscanrc.dll 4/15/2008 10:27 PM 22.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccscanrc.dll.gz 4/15/2008 10:27 PM 6.54 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccsched.dll 4/15/2008 10:27 PM 148.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccsched.dll.gz 4/15/2008 10:27 PM 56.34 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccscherc.dll 4/15/2008 10:27 PM 17.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccscherc.dll.gz 4/15/2008 10:27 PM 4.71 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cctpc.dll 4/15/2008 10:27 PM 240.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\cctpc.dll.gz 4/15/2008 10:27 PM 110.46 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccupdate.dll 4/15/2008 10:28 PM 112.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccupdate.dll.gz 4/15/2008 10:28 PM 42.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccupdrc.dll 4/15/2008 10:28 PM 12.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\ccupdrc.dll.gz 4/15/2008 10:28 PM 3.32 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\guardgui.exe.gz 4/15/2008 10:28 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\scewxml.dll 4/15/2008 10:26 PM 100.00 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\scewxml.dll.gz 4/15/2008 10:26 PM 43.10 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\update.exe 4/15/2008 10:26 PM 432.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\update.exe.gz 4/15/2008 10:26 PM 187.35 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\update_msg.avr 4/15/2008 10:26 PM 10.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\update_msg.avr.gz 4/15/2008 10:26 PM 5.50 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updgui.dll 4/15/2008 10:26 PM 144.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updgui.dll.gz 4/15/2008 10:26 PM 56.99 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updguirc.dll 4/15/2008 10:26 PM 9.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updguirc.dll.gz 4/15/2008 10:26 PM 2.76 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updlib.dll 4/15/2008 10:26 PM 448.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updlib.dll.gz 4/15/2008 10:26 PM 135.37 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updlibrc.dll 4/15/2008 10:26 PM 22.75 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\basic-nt\updlibrc.dll.gz 4/15/2008 10:26 PM 5.07 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt 4/15/2008 10:26 PM 0 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\antivir.oem 4/15/2008 10:26 PM 256 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\antivir.oem.gz 4/15/2008 10:26 PM 279 bytes Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\rcimage.dll 4/15/2008 10:26 PM 2.26 MB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\rcimage.dll.gz 4/15/2008 10:26 PM 642.33 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\rctext.dll 4/15/2008 10:26 PM 84.25 KB Hidden from Windows API.
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\UPDATE\AVUPDATE_48057179\winwks\en\classic-nt\rctext.dll.gz 4/15/2008 10:26 PM 26.67 KB Hidden from Windows API.
C:\Documents and Settings\mike\Cookies\[email protected][2].txt 4/15/2008 10:28 PM 445 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Cookies\[email protected][1].txt 4/15/2008 10:28 PM 90 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Cookies\[email protected][1].txt 4/15/2008 10:26 PM 650 bytes Hidden from Windows API.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\1L8B21GR\price[1].gif 4/15/2008 10:26 PM 11.98 KB Hidden from Windows API.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\1L8B21GR\table_en[1].jpg 4/15/2008 10:26 PM 152.10 KB Hidden from Windows API.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\30[1].htm 4/15/2008 10:28 PM 68.88 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\CDScanSmall[1].png 4/15/2008 10:28 PM 2.29 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\creditcards[1].png 4/15/2008 10:28 PM 1.21 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\geoip[1].htm 4/15/2008 10:26 PM 2 bytes Hidden from Windows API.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\red_arrow[1].gif 4/15/2008 10:28 PM 81 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\shoppingcart[1].png 4/15/2008 10:28 PM 1.53 KB Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\spacer[1].gif 4/15/2008 10:28 PM 49 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\3FT5UBJL\topMenuBgd_sand[1].gif 4/15/2008 10:28 PM 925 bytes Visible in directory index, but not Windows API or MFT.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\L4H95BXU\default[1].htm 4/15/2008 10:26 PM 30.70 KB Hidden from Windows API.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\L4H95BXU\ga[2].js 4/15/2008 10:26 PM 18.93 KB Hidden from Windows API.
C:\Documents and Settings\mike\Local Settings\Temporary Internet Files\Content.IE5\NS948XPN\en[1].htm 4/15/2008 10:26 PM 2.10 KB Hidden from Windows API.
C:\SYZ_DAT 4/15/2008 9:51 PM 0 bytes Hidden from Windows API.
C:\SYZ_DAT\ali.exe 4/3/2006 9:49 PM 28.00 KB Hidden from Windows API.
C:\SYZ_DAT\cdlock.dll 4/3/2006 9:49 PM 48.00 KB Hidden from Windows API.
C:\SYZ_DAT\cpy.exe 4/3/2006 9:49 PM 32.00 KB Hidden from Windows API.
C:\SYZ_DAT\dirlist 4/15/2008 9:51 PM 250 bytes Hidden from Windows API.
C:\SYZ_DAT\dirlist_bak 4/15/2008 9:51 PM 250 bytes Hidden from Windows API.
C:\SYZ_DAT\DL.BAK 4/15/2008 8:24 PM 250 bytes Hidden from Windows API.
C:\SYZ_DAT\EMF_Decrypt.exe 4/3/2006 9:49 PM 124.00 KB Hidden from Windows API.
C:\SYZ_DAT\fldrvw61.ocx 4/3/2006 9:49 PM 408.00 KB Hidden from Windows API.
C:\SYZ_DAT\install.exe 4/13/2008 2:37 PM 1.09 MB Hidden from Windows API.
C:\SYZ_DAT\magic.exe 4/3/2006 9:49 PM 24.00 KB Hidden from Windows API.
C:\SYZ_DAT\mf.chm 4/3/2006 9:49 PM 32.36 KB Hidden from Windows API.
C:\SYZ_DAT\mf.txx 4/3/2006 9:49 PM 24.41 KB Hidden from Windows API.
C:\SYZ_DAT\mfx 4/3/2006 9:49 PM 50.89 KB Hidden from Windows API.
C:\SYZ_DAT\MFX.CFG 4/15/2008 9:52 PM 104 bytes Hidden from Windows API.
C:\SYZ_DAT\mfx_cfg.org 4/3/2006 9:49 PM 93 bytes Hidden from Windows API.
C:\SYZ_DAT\readme.txt 4/3/2006 9:49 PM 3.09 KB Hidden from Windows API.
C:\SYZ_DAT\systray.exe 4/3/2006 9:54 PM 32.00 KB Hidden from Windows API.
C:\SYZ_DAT\tb.exe 4/3/2006 9:49 PM 24.00 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\AVNOTIFY.EXE-32FAE179.pf 4/15/2008 10:26 PM 43.25 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\PREUPD.EXE-0C5BC219.pf 4/15/2008 10:24 PM 14.43 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\UPDATE.EXE-264167D5.pf 4/15/2008 10:24 PM 23.51 KB Hidden from Windows API.
C:\WINDOWS\system32\drivers\MFX.sys 4/3/2006 9:49 PM 50.89 KB Hidden from Windows API.
  • 0

#13
trinna

trinna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Oh sorry mate, just after posting that my sys locked up, I had to reboot, i got the BSoD on reboot what was it we needed to get? Stop Code generated?
  • 0

#14
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi trinna,

I think those hidden files in your C:\SYZ_DAT folder are at least part of the problem.
Unfortunately I didn't ask you to send me the OTMoveIt scan report, or I would have known that they hadn't been deleted.


1. Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\SYZ_DAT

Files to delete:
C:\WINDOWS\system32\drivers\MFX.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

3. Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply


Cheers,

sage5
  • 0

#15
trinna

trinna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 47 posts
Sage I got the avenger program but I do not see anything about- "Script file to execute" or Input Script Manually nor do I see a Magnifying Glass icon or a green light. It just has 3 buttons on top left that say load script from file, load script from internet, and paste script from clipboard.
There is a larger window near the bottom tha says "paste script here, and a check box below it that says scan for rootkits. Unless i'm missing something? Just wanting to make sure I get it right :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP