|
WinPFind Log Assistance Request
|
|
|
Nephylim
Suspended due to non-functional email address
|
6. September 2006 @ 17:47 |
Link to this message
|
I've been having some computer issues lately...
It's running very slowly most of the time now, and I get a generic host error after a while that kills my sound drivers after every reboot. I've run every scanner that I know of on my computer to try and find something wrong and have found not a thing. Today I found WinPFind and ran it and I was hoping someone could analyze my log and let me know if there's anything I can fix. Thank you in advance...its driving me insane.
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
UPX! 17/08/2006 16:39:58 275456 C:\Program1.exe
Checking %ProgramFilesDir% folder...
UPX! 23/07/2006 17:56:22 194101 C:\Program Files\patcher.exe
UPX! 17/08/2006 16:40:34 285184 C:\Program Files\shell32.exe
UPX! 17/08/2006 16:39:58 275456 C:\Program Files\user32.exe
Checking %WinDir% folder...
UPX! 22/08/2004 17:04:56 69120 C:\WINDOWS\daemon.dll
PECompact2 29/09/2005 13:49:40 15968671 C:\WINDOWS\LPT$VPN.867
qoologic 29/09/2005 13:49:40 15968671 C:\WINDOWS\LPT$VPN.867
SAHAgent 29/09/2005 13:49:40 15968671 C:\WINDOWS\LPT$VPN.867
UPX! 23/07/2006 17:56:22 194101 C:\WINDOWS\patcher.exe
UPX! 25/02/2005 06:10:52 170053 C:\WINDOWS\tsc.exe
UPX! 16/10/2003 00:42:16 150528 C:\WINDOWS\unSpySweeper.exe
PECompact2 29/09/2005 13:49:40 15968671 C:\WINDOWS\VPTNFILE.867
qoologic 29/09/2005 13:49:40 15968671 C:\WINDOWS\VPTNFILE.867
SAHAgent 29/09/2005 13:49:40 15968671 C:\WINDOWS\VPTNFILE.867
UPX! 18/02/2005 18:40:14 1044560 C:\WINDOWS\vsapi32.dll
aspack 18/02/2005 18:40:14 1044560 C:\WINDOWS\vsapi32.dll
Checking %System% folder...
PEC2 04/10/2001 15:20:48 41131 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 03/07/2006 22:40:50 620180 C:\WINDOWS\SYSTEM32\divx.dll
PECompact2 03/07/2006 22:40:50 620180 C:\WINDOWS\SYSTEM32\divx.dll
PTech 14/02/2006 10:20:14 550120 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 08/06/2006 22:19:50 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 08/06/2006 22:19:50 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 19/08/2004 20:09:14 733184 C:\WINDOWS\SYSTEM32\ntdll.dll
UPX! 29/01/2003 06:10:06 7168 C:\WINDOWS\SYSTEM32\ogg.dll
UPX! 25/11/2003 19:32:02 123392 C:\WINDOWS\SYSTEM32\pncrt.dll
Umonitor 19/08/2004 20:09:40 685056 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 20/03/2005 00:52:52 26768 C:\WINDOWS\SYSTEM32\SSK5.dll
UPX! 11/03/2003 13:25:54 313856 C:\WINDOWS\SYSTEM32\ThriXXX000089.dll
UPX! 11/03/2003 13:25:54 18432 C:\WINDOWS\SYSTEM32\ThriXXX000089SOUNDDX3.dll
UPX! 11/03/2003 07:56:36 23040 C:\WINDOWS\SYSTEM32\ThriXXX010104Z.dll
UPX! 11/03/2003 07:56:52 51200 C:\WINDOWS\SYSTEM32\ThriXXX010205PNG.dll
UPX! 11/03/2003 07:56:24 56832 C:\WINDOWS\SYSTEM32\ThriXXX015003JP2.dll
UPX! 29/01/2003 06:10:06 46592 C:\WINDOWS\SYSTEM32\vorbis.dll
winsync 04/10/2001 15:23:46 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
PTech 04/08/2004 02:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
06/09/2006 21:30:08 S 2048 C:\WINDOWS\bootstat.dat
25/01/2032 21:07:56 HS 1537 C:\WINDOWS\page files\maxmeg.sys
27/07/2006 14:56:12 S 7744 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem28.CAT
06/09/2006 21:39:00 H 1024 C:\WINDOWS\system32\config\default.LOG
06/09/2006 21:30:14 H 1024 C:\WINDOWS\system32\config\SAM.LOG
06/09/2006 21:32:04 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
06/09/2006 22:36:16 H 24576 C:\WINDOWS\system32\config\software.LOG
06/09/2006 21:56:32 H 1024 C:\WINDOWS\system32\config\system.LOG
22/08/2006 14:02:18 HS 2128 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt
05/09/2006 20:54:10 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\0db808cf-2c83-44ea-b869-561c09d90951
05/09/2006 20:54:10 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
20/06/2046 13:16:20 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\290606a7-1ae5-45c4-b904-6cf0fa8ca3b8
04/09/2006 23:19:44 H 262 C:\WINDOWS\Tasks\McDefragTask.job
04/09/2006 23:19:42 H 350 C:\WINDOWS\Tasks\McQcTask.job
06/09/2006 21:30:10 H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
25/05/2004 12:06:58 417792 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 19/08/2004 20:10:06 71680 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 19/08/2004 20:10:06 555008 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 19/08/2004 20:10:06 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 19/08/2004 20:10:06 138240 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 19/08/2004 20:10:06 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 19/08/2004 20:10:06 157184 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Ahead Software AG 26/05/2003 06:12:14 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 19/08/2004 20:10:06 359936 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 19/08/2004 20:10:06 134144 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 19/08/2004 20:10:06 380928 C:\WINDOWS\SYSTEM32\irprops.cpl
InstallShield Software Corporation16/06/2004 06:03:30 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 19/08/2004 20:10:06 70144 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 03/06/2004 23:05:06 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 04/10/2001 15:22:20 189952 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 19/08/2004 20:10:06 626176 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 04/10/2001 15:22:42 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 19/08/2004 20:10:06 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 19/08/2004 20:10:06 261120 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 15/06/2005 17:20:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 19/08/2004 20:10:06 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 19/08/2004 20:10:06 118272 C:\WINDOWS\SYSTEM32\powercfg.cpl
Sonix 14/05/2002 09:51:58 32768 C:\WINDOWS\SYSTEM32\SNCPL.CPL
Microsoft Corporation 19/08/2004 20:10:06 305152 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 04/10/2001 15:23:34 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 19/08/2004 20:10:06 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 19/08/2004 20:10:06 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 04:16:32 175896 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 04/10/2001 15:22:20 189952 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 04/10/2001 15:22:42 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 04/10/2001 15:23:34 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 26/05/2005 04:16:32 175896 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
22/08/2004 17:29:18 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
02/07/2006 23:03:36 2108 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Wireless Configuration Utility HW.51.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
24/08/2004 13:13:48 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
28/07/2006 16:35:58 838 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Checking files in %USERPROFILE%\Startup folder...
22/08/2004 17:29:18 HS 84 C:\Documents and Settings\Vain\Menu Démarrer\Programmes\Démarrage\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
24/08/2004 13:13:48 HS 62 C:\Documents and Settings\Vain\Application Data\desktop.ini
11/01/2006 18:46:38 36240 C:\Documents and Settings\Vain\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
iOpus-I-M = *�v
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BitcolliderShellExt
{62CEC5C9-4B3F-4BE8-897B-C08CAA114FAA} = C:\WINDOWS\system32\bcshellext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\MatroskaContextMenu
{789111D8-68A3-46a3-9663-145A3FF4C9C9} = C:\Program Files\MatroskaProp\MatroskaProp.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\MCVSRIGHTCLICKSCANNER
{162EFDC5-2957-465D-887B-590AF4A7E84D} = c:\program files\mcafee\virusscan\mcodsax.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} =
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Épingle du menu Démarrer = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\a2FreeContMenu
{A155339D-CCCD-4714-85EB-3754B804C9DF} = C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\MCVSRIGHTCLICKSCANNER
{162EFDC5-2957-465D-887B-590AF4A7E84D} = c:\program files\mcafee\virusscan\mcodsax.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Bitcollider Shell Extension
{62CEC5C9-4B3F-4BE8-897B-C08CAA114FAA} = C:\WINDOWS\system32\bcshellext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu
{73B24247-042E-4EF5-ADC2-42F62E6FD654} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ZFAdd
{8FF88D27-7BD0-11D1-BFB7-00AA00262A11} = C:\Program Files\WinAce\arcext.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{781395AF-A127-469f-A06F-59B482AF4F3F}
= C:\Program Files\MatroskaProp\MatroskaProp.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
scriptproxy = c:\program files\mcafee\virusscan\scriptsn.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Astuce du jour = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
Bandeau de recherche de l'Explorateur = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{C4069E3A-68F1-403E-B40E-20066696354B} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Liens : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} = :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
0304041157422640mcinstcleanup C:\DOCUME~1\Vain\LOCALS~1\Temp\030404~1.EXE C:\PROGRA~1\FICHIE~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog
McLogLch_exe C:\Program Files\McAfee\MSC\McLogLch.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\bhoreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
Avg7UpdSvc 2
Avg7Alrt 2
cmdService 2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk
path C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
location Common Startup
command "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe"
item Adobe Gamma Loader
path C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk
backup C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
location Common Startup
command "C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe"
item Adobe Gamma Loader
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^CleanSweep Smart Sweep-Internet Sweep.lnk
location Common Startup
item CleanSweep Smart Sweep-Internet Sweep
location Common Startup
item CleanSweep Smart Sweep-Internet Sweep
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^DOCUME~1^ALLUSE~1^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk
backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
location Common Startup
command "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
item InterVideo WinCinema Manager
backup C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
location Common Startup
command "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
item InterVideo WinCinema Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AcctMgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AcctMgr
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AcctMgr
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AVG7_CC
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AVG7_CC
hkey HKLM
command C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AVG7_CC
hkey HKLM
command C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools-1033
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Daemon Tools-1033
hkey HKLM
command "C:\Program Files\D-Tools\daemon.exe" -lang 1033
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Daemon Tools-1033
hkey HKLM
command "C:\Program Files\D-Tools\daemon.exe" -lang 1033
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GhostStartTrayApp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GhostStartTrayApp
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GhostStartTrayApp
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HP Software Update
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HP Software Update
hkey HKLM
command C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item HP Software Update
hkey HKLM
command C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KeyMaestro
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item KeyMaestro
hkey HKLM
command C:\KMaestro\KMaestro.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item KeyMaestro
hkey HKLM
command C:\KMaestro\KMaestro.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCplDaemon
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NvCplDaemon
hkey HKLM
command RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Omnipage
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Omnipage
hkey HKLM
command C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Omnipage
hkey HKLM
command C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\pccguide.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pccguide.exe
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pccguide.exe
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PCClient.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PCClient.exe
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PCClient.exe
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Road About Bin Wave
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Cash team
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Cash team
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Supportdupe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jump comp
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jump comp
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SurfSideKick 2
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SurfSideKick 2
hkey HKCU
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SurfSideKick 2
hkey HKCU
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TM Outbreak Agent
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TM Outbreak Agent
hkey HKLM
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TM Outbreak Agent
hkey HKLM
inimapping 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun ˙
NoDriveAutoRun
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 06/09/2006 22:44:10
This message has been edited since posting. Last time this message was edited on 6. September 2006 @ 17:53
|
|
Advertisement
|
 |
|
|
Senior Member
|
6. September 2006 @ 19:54 |
Link to this message
|
Hi Nephylim,
maca1 is familar with these logs and he can probably help you more than I 'cause I haven't learnt them yet. I haven't seen him on since yesterday and he probably won't be on until tormorrow or later. I know time is everything when dealing with viruses so I'd like to help where I can but, I need something I am more familar with. Until maca1 can help you I'd like you to post a HijackThis log here and we'll see if anything is showing. After you download HijackThis before you run it, rename HijackThis.exe to scanner.exe. Also, please tell me what scanners you have scanned with so I know what not to refer you to.
|
|
Nephylim
Suspended due to non-functional email address
|
6. September 2006 @ 20:03 |
Link to this message
|
Hello, and thank you. Here is my HijackThis log.
I'm not sure how many of the scans I ran that were able to finish. Refer me wherever you think I should go and I'll report back whenever they finish. Mcafee Anti-virus (trial) runs for a couple hours and completely stalls my system massively, I tried their online scan and after 2 hours it had scanned 10k files. Adaware also stalls my system. I'm not able to get into safe mode the normal way either. I'll do anything you ask of me to get this machine back in order.
Logfile of HijackThis v1.99.1
Scan saved at 00:56:22, on 07/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Vain\Bureau\Stuff to DO\Scanners\scanner.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suprnova.org
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suprnova.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://sympatico.zone.msn.com/bingame/pa...pandaonline.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/we...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/we...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...841/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companio...bio5_3_18_0.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: DirectX Service (DirectService) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: FireDaemon Service: system (system) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
|
Senior Member
|
6. September 2006 @ 20:55 |
Link to this message
|
Ok, thanks for that, but nothing bad is showing. i found some bad files in your WinPFind log though, and a few questionable ones. I'll only list the one's I know are bad.
Go here and download KillBox.
Note: you may want to print these instructions, you will be in safe mode.
Restart your computer in safe mode. <--> Edit: just read your all your post. :D If you can't get into safe mode, just run KillBox in normal mode.
Open Killbox.exe.
Check "Standard File Kill".
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time. Then click on the button that has the red circle with the X in the middle after you enter each file.
You will be prompted to confirm, click Yes.
C:\WINDOWS\SYSTEM32\ThriXXX000089.dll
C:\WINDOWS\SYSTEM32\ThriXXX000089SOUNDDX3.dll
C:\WINDOWS\SYSTEM32\ThriXXX010104Z.dll
C:\WINDOWS\SYSTEM32\ThriXXX010205PNG.dll
C:\WINDOWS\SYSTEM32\ThriXXX015003JP2.dll
Note: KillBox may prompt "File does not seem to exist". In this case, ignore and continue, but do not miss any.
Edit: If KillBox cannot delete those files or say they don't exist Do the following:
Open HijackThis.
Click "Open Misc Tools sections".
Under System Tools, click "Delete a file on reboot...".
Find all those files and add.
Restart your computer.
Then, restart your computer in normal mode and run a scan only with HijackThis, check to fix these.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
After that, if you are still having problems, go here and run an ActiveScan if you haven't already. When it finishes, save the results and post 'em here.
This message has been edited since posting. Last time this message was edited on 6. September 2006 @ 21:00
|
|
Nephylim
Suspended due to non-functional email address
|
6. September 2006 @ 22:41 |
Link to this message
|
|
Alright, I've done everything you said (couldn't get safemode)...I'm in the process of downloading the activex controls for pandascan. Its been an hour and counting and its at almost about half way. I'd estimate another hour to finish the controls. I'll post again when the activex controls finish downloading. Thanks again, Unfortunately there must still be something wrong as in the past I've used panda online and the activex controls take less than 10 minutes.
|
|
Nephylim
Suspended due to non-functional email address
|
6. September 2006 @ 23:27 |
Link to this message
|
|
Probably been another hour now. It says its updating. From the look of the progress bar I'd say its at about 15 percent.
|
|
Nephylim
Suspended due to non-functional email address
|
7. September 2006 @ 00:33 |
Link to this message
|
|
The scan started and its about 30 pct done. So far its discovered around 50 items. I'll keep posting....
|
Senior Member
|
7. September 2006 @ 00:45 |
Link to this message
|
Edited: I'll wait until those results come. Also, after it's finished rename scanner back to HijackThis and post a new log with the ActiveScan results.
Edit: just seen you last post. That's great! once we get some names, we'll start ridding those POS's. Post them results when finished. :)
This message has been edited since posting. Last time this message was edited on 7. September 2006 @ 00:51
|
|
Nephylim
Suspended due to non-functional email address
|
7. September 2006 @ 10:20 |
Link to this message
|
|
Erm, sorry about that. Fell asleep waiting for it. The majority of what it found were cookies but I'm hoping if you help me eliminate the problems at the top of the report that I may see some kind of improvement.
Incident Status Location
Dialer:dialer.b Not disinfected c:\windows\downloaded program files\EGAUTH.inf
Adware:adware/beginto Not disinfected c:\windows\system32\cache32_rtneg3
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Spyware:spyware/tiky Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.atwola.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.revenue.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.com.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.zedo.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.belnk.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.findwhat.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.seeq.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[adserver.filefront.com/]
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookies.txt[www.advnt01.com/]
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookiesnew.txt[.ccbill.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookiesnew.txt[.realmedia.com/]
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookiesnew.txt[.versiontracker.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Vain\Application Data\Mozilla\Firefox\Profiles\i6egstrm.default\cookiesnew.txt[.belnk.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Vain\Local Settings\Temp\Cookies\vain@atwola[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Vain\Local Settings\Temp\Cookies\vain@go[2].txt
|
Senior Member
|
7. September 2006 @ 15:07 |
Link to this message
|
Yeah, I was wondering what happen to ya. ;)
First, get Ccleaner here. Install and run both the cleaner and the issues fix(when prompted to backup registry, do so).
Then, get Ewido here.
Install and update.
Restart in safe mode.(by now you should be able to)
Run a full scan.
When it finishes, set all items to delete and click "Apply All Actions".
Then click "Save Report".
Look at the report and if these two were not rid. Follow same directions for KillBox.
c:\windows\downloaded program files\EGAUTH.inf
c:\windows\system32\cache32_rtneg3
Restart in normal mode.
Run the cleaner one more time.
Post the Ewdio log.
This message has been edited since posting. Last time this message was edited on 7. September 2006 @ 15:09
|
|
Nephylim
Suspended due to non-functional email address
|
7. September 2006 @ 18:52 |
Link to this message
|
|
Alright, I (finally) finished everything you asked. CCleaner found a good 2k things to delete. Ewido found nothing but a cookie and the log I told it to save didn't actually save. I had to get into safe mode using msconfig and when I told it to apply the changes and start in safemode it said I couldn't for some reason...So I clicked okay and it prompted me to restart. Thankfully it did restart in safemode. I deleted the two files with killbox as directed. Anything else I should do?
|
Senior Member
|
7. September 2006 @ 19:07 |
Link to this message
|
|
Last thing, delete the backup to the registry made by Ccleaner. Any more troubles, let me know.
|
|
Nephylim
Suspended due to non-functional email address
|
8. September 2006 @ 13:03 |
Link to this message
|
|
How is it that none of my scans are finding anything, but something is STILL crashing my generic host process (and therefore my sound). I had to leave it alone for a while to see if the error still happens....and unfortunately it does. I attempted to run mcafee yesterday...when I came back to the computer more than 8 hours later it had scanned no more than 37,000 files. Along with that dissapointment I also had an insufficient virtual memory message popped up. I'm not sure whats going on but I think I still need your help.
|
Senior Member
|
8. September 2006 @ 22:36 |
Link to this message
|
Quote:
something is STILL crashing my generic host process (and therefore my sound).
Does it give a name or reason? Post a new HijackThis log.
Quote:
I also had an insufficient virtual memory message popped up.
Right click My Computer > Properties > Advance tab > Performace settings > Advance tab > Virtual Memory change button. In the top window what is the Paging file size (MB)? Then, at bottom of same window what is the recommend size?
|
|
Nephylim
Suspended due to non-functional email address
|
9. September 2006 @ 00:12 |
Link to this message
|
The Error happens several hours after the computer has been restarted, it says something about the generic host 32 being shut down due to a problem. I reported it once and it opened a microsoft webpage telling me that a virus may be causing this. If I try to...say, watch a movie in winamp after the host error, I get a message saying that I need to reinstall sound drivers. The only number on the page relating to virtual memory, is 385mo (the computer is in french). The computer is acting up and lagging considerably right now so I'm expecting the error any time. I'll get a screenshot and have my husband translate it from french for me so I can tell you exactly what it says.
Logfile of HijackThis v1.99.1
Scan saved at 05:06:33, on 09/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\j2re1.4.2_05\bin\javaw.exe
C:\Documents and Settings\Vain\Bureau\Stuff to DO\Scanners\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defa...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suprnova.org
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://sympatico.zone.msn.com/bingame/pa...pandaonline.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housec...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/we...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.games.yahoo.com/games/we...aploader_v6.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-lo...841/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companio...bio5_3_18_0.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: DirectX Service (DirectService) - Unknown owner - c:\windows\system32\directx.exe (file missing)
O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\FICHIE~1\McAfee\EmProxy\emproxy.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
O23 - Service: FireDaemon Service: system (system) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)
|
Senior Member
|
9. September 2006 @ 00:57 |
Link to this message
|
Did you mean a screenshot of the Virtual Memory window or the error? If you can, post both.
Also, just noticed you need to updata Java
Download Java 5.0 Update 8 here.
Uninstall any previous versions via Add/Remove Programs.
Restart if prompted.
Install Update 8.
This message has been edited since posting. Last time this message was edited on 9. September 2006 @ 01:00
|
|
Nephylim
Suspended due to non-functional email address
|
9. September 2006 @ 17:49 |
Link to this message
|
|
I installed the new java, and I'm still waiting for the error (oddly).
Thanks so much for all your help so far and I'll be sure to get a screenshot to post the moment my errors pop up.
|
|
Nephylim
Suspended due to non-functional email address
|
9. September 2006 @ 20:32 |
Link to this message
|
I finally got the error.
http://www.momoshare.com/photo/view.php?...b0c741ec1c61932
It basically says:
Generic host process win 32 has encountered a problem and must close.
Now, I restarted the computer afterwards and forgot to click the link so I could post more info but that's how it starts. After that if I try to play anything in winamp or any other video/sound program I get another error that says Bad Direct Sound Driver. Please install proper drivers or select another device in configuration. Error code: 88780078
Last time I sent the errror report it told me that it was possibly a virus that was causing the generic host process problem. I'll wait for it again and send exact information.
|
Senior Member
|
9. September 2006 @ 22:31 |
Link to this message
|
I'm not sure if the generic host error is realated to the sound error or not but, I read here that someone noticed out_ds.dll(a Winamp dll) had changed their soundcard setting, from their soundcard to a generic name.
First thing you should try is updating you sound card drivers. If that doesn't work then search "Error code: 88780078" in Google. I came up with many other forums with people with the same problem. There are many solutions, some work for some people, others do not.
|
|
Nephylim
Suspended due to non-functional email address
|
12. September 2006 @ 04:01 |
Link to this message
|
Okay as promised this time I clicked the link when I got the error and it sends me to this page :
http://oca.microsoft.com/en/response.asp...32d8f4&SID=2250
Just thought I'd finish on that note. Thanks greatly for all the help you've sent in my direction and the new tools you've put at my disposal.
|
|
Nephylim
Suspended due to non-functional email address
|
12. September 2006 @ 09:14 |
Link to this message
|
|
I've been searching the two files I get when I click further into the error report. I been searching "svchost.exe.mdmp"+"appcompat.txt" and getting a lot of results just not a lot of solutions.
I'm not able to use windows update since it would appear the version of windows that I have is not one that is valid (even tho the cd looks valid). I'm running a blaster removal tool, since a loooong time ago I remember typing shutdown -a but I'm not sure if I ever went any further. I also find it odd that if I actually do have blaster that none of the extensive scans I've done have come across it.
I'm still trying to solve the problem but I've noticed that it happens more often when I've been running a p2p program I use called eMule. I minimize the program and several hours later open it to check the progress and the error occurs. I've come across some garbled instructions to turn off error reporting and use drwatson to locate a file creating a bad checksum and then delete the file but I neither understand or trust the information. If I'm barking up the wrong tree let me know and I'll try and find the proper place to post my problem. I'd just really like to nick this thing in the bud. I tried to navigate to the system32 folder today and it hung very very badly. Before I ever got down to drwatson I lost the start menu bar and all my desktop icons. Leaving me essentially with nothing besides wallpaper and a mouse cursor, forcing a hard shutdown. I don't remember having any of these problems until I downloaded maplestory1 from download.com. Ever since then there's been issues. I know its a little long but I'm trying to get somewhere.
|
|
Advertisement
|
|
|
Senior Member
|
12. September 2006 @ 21:59 |
Link to this message
|
|
Check your PM...
You said problems started after install maplestory1 so, try uninstalling and see what happens. Can always re-download, right?
This message has been edited since posting. Last time this message was edited on 12. September 2006 @ 22:00
|
