« previous next »
Pages: [1] 2 3

Author Topic: something is WRONG Guestolo  (Read 1657 times)

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
something is WRONG Guestolo
« on: December 25, 2006, 09:15:17 AM »
I ran AVG and it said: BOOT SECTOR OF DISK Reading error C.
ntoskrn.exe C\windows\system32\ntoskrn.exe
? first scan also showed something about shell32 but did not show up after 2nd scan because my computer is rebooting by it self

When I highlighted the items it said they were some virus but at the bottom of AVG scan it said no threats were found so that confusing.

And my drweb-cure isn't working either.

Another problem is that my Steam program isn't downloading the standard maps for my game online I play and I'm really freaking out.

Logfile of HijackThis v1.99.1
Scan saved at 8:49:48 AM, on 12/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Randy\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eightballclan.branzone.com/admi...ator/index2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.eightballclan.com
O15 - Trusted Zone: *.tpgleague.org
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logged

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
something is WRONG Guestolo
« Reply #1 on: December 25, 2006, 10:37:12 AM »
@3TEST RESULTS

[Last Updated:: 12/25/2006 10:06:48 AM]

Memory Test
Optimizing Test Memory Size...
Test Memory Allocated:   1171180 KB   OK
Test Memory Blocks:   18299 blks
Start Address:   10020020h
Initialize Memory Addresses:   577D0020h   PASSED
Verify Memory Addresses:   2534E2EEh   PASSED
Addr = 2534E2EE, Data = D002, Expected = F002
===>Test Failed.
 
Found Error(s).


@3SYSTEM INFORMATION

@3Memory Utilization
Total Physical Memory:   1572332 KB
Free Physical Memory:   1176760 KB
Total Pagefile:   2208784 KB
Free Pagefile:   1968648 KB
Total Virtual Memory Space:   2097024 KB
Free Virtual Memory Space:   2021608 KB
Logged

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
something is WRONG Guestolo
« Reply #2 on: December 25, 2006, 11:40:01 AM »
SmitFraudFix v2.102

Scan done at 11:30:30.34, Mon 12/25/2006
Run from C:\Documents and Settings\Randy\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Randy


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Randy\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Randy\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
 
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
something is WRONG Guestolo
« Reply #3 on: December 25, 2006, 11:48:51 AM »
Quote
I ran AVG and it said
I don't even see AVG running? Why not, did you disable it or uninstall it?

Quote
ntoskrn.exe C\windows\system32\ntoskrn.exe
Are you sure about the file name? It wasn't ntoskrnl.exe was it?

I don't need to see the Smitfraudfix log, You can delete smitfraudfix.zip and the smitfraudfix folder
Also the file
C:\rapport.txt <-this file
If I need to see the log, I'll make sure we update it first

Quote
And my drweb-cure isn't working either.
It is probably out of date, another tool that needs updating before ran
You can delete Dr.web cureit.exe on the desktop and
C:\Documents and Settings\Randy\DoctorWeb < this folder

IF you have an earlier version of the next tool
Delete it and the C:\sUBs folder

If you haven't downloaded it before
Download this file - Combofix.exe and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from combofix
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
something is WRONG Guestolo
« Reply #4 on: December 25, 2006, 02:40:58 PM »
Yes I had it diabled. I guess because when I run steam for gaming I want full resourse for it. But I enabled it now and will keep it on. I also remove the other desk top items you told me to delete.

I ran another scan after updating and nothing came up.

Yes this is what came up earlier: ntoskrn.exe C\windows\system32\ntoskrn.exe

I also ran a Check it diagnostic and it failed the memory test.

Here is the log you requested:
Randy - 06-12-25 14:29:27.95    Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Randy\Desktop"
 
((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
 
 
C:\WINDOWS\system32\taskmgr.com
 

(((((((((((((((((((((((((((((((   Files Created from 2006-11-25 to 2006-12-25  ))))))))))))))))))))))))))))))))))
 
 
2006-12-25 11:46 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2006-12-25 11:46 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2006-12-25 09:17 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-12-25 09:17 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-12-25 09:17 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-12-25 09:17 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-12-20 05:31 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-12-20 05:29 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-19 21:14 10,920 --a------ C:\aolconnfix.exe
 

((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))
 

2006-12-25 13:31 -------- d-------- C:\Documents and Settings\Randy\Application Data\AVG7
2006-12-24 15:29 -------- d-------- C:\Program Files\mIRC
2006-12-23 15:14 -------- d-------- C:\Program Files\CleanUp!
2006-12-20 05:31 -------- d-------- C:\Program Files\Windows Media Player
2006-12-14 11:00 -------- d-------- C:\Program Files\WinRAR
2006-12-13 23:00 -------- d-------- C:\Program Files\Outlook Express
2006-12-13 23:00 -------- d-------- C:\Program Files\Common Files\System
2006-12-12 10:03 -------- d-------- C:\Program Files\America Online 9.0
2006-11-30 15:56 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-25 21:47 -------- d-------- C:\Program Files\HLSW
2006-11-22 10:52 520192 --------- C:\WINDOWS\system32\ati2sgag.exe
2006-11-21 22:25 2829824 --a------ C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-11-21 22:25 261120 --a------ C:\WINDOWS\system32\ati2dvag.dll
2006-11-21 22:20 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll
2006-11-21 22:20 106496 --a------ C:\WINDOWS\system32\Oemdspif.dll
2006-11-21 22:19 90112 --a------ C:\WINDOWS\system32\ati2evxx.dll
2006-11-21 22:19 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll
2006-11-21 22:19 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe
2006-11-21 22:18 430080 --a------ C:\WINDOWS\system32\ati2evxx.exe
2006-11-21 22:17 53248 --a------ C:\WINDOWS\system32\ATIDDC.DLL
2006-11-21 22:12 2526688 --a------ C:\WINDOWS\system32\ati3duag.dll
2006-11-21 22:11 5279744 --a------ C:\WINDOWS\system32\atioglxx.dll
2006-11-21 22:08 1090016 --a------ C:\WINDOWS\system32\ativvaxx.dll
2006-11-21 21:57 217088 --a------ C:\WINDOWS\system32\atikvmag.dll
2006-11-21 21:56 17408 --a------ C:\WINDOWS\system32\atitvo32.dll
2006-11-21 21:51 294912 --a------ C:\WINDOWS\system32\ati2cqag.dll
2006-11-21 21:50 6684672 --a------ C:\WINDOWS\system32\atioglx1.dll
2006-11-21 21:49 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll
2006-11-21 21:21 303104 --a------ C:\WINDOWS\system32\ATIDEMGR.dll
2006-11-16 11:44 33592 --a------ C:\WINDOWS\system32\drivers\atwpkt264.sys
2006-11-16 11:44 25136 --a------ C:\WINDOWS\system32\drivers\atwpkt2.sys
2006-11-16 11:44 103984 --a------ C:\WINDOWS\system32\AOLDial.dll
2006-11-13 01:20 -------- d-------- C:\Program Files\Internet Explorer
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 16:28 -------- d-------- C:\Program Files\Grisoft
2006-11-04 12:14 -------- d-------- C:\Program Files\Logitech
2006-11-04 09:57 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-02 12:29 816672 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-28 22:23 -------- d-------- C:\Program Files\SpywareBlaster
2006-10-27 15:09 6049280 --------- C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\WMASF.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 13:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-09-28 20:13 95344 --------- C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56 55808 --------- C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56 316416 --------- C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56 165376 --------- C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56 146432 --------- C:\WINDOWS\system32\WudfHost.exe
2006-09-25 17:58 23856 --a------ C:\WINDOWS\system32\spupdsvc.exe
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
 
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
 
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
 
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDriveAutoRun"=hex:ff,ff,ff,03
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
"NoLogoff"=dword:00000000
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
 
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
 
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
 
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AOL Fast Start"="\"C:\\Program Files\\America Online 9.0\\Email RemovedEXE\" -b"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"Registry Cleaner"="\"C:\\Program Files\\TPT Registry_Cleaner (Trial)\\regclean.exe\""
@=""
"LDM"="\\Program\\"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"nwiz"="nwiz.exe /install"
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"SoundMan"="SOUNDMAN.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1126634133\\ee\\AOLSoftware.exe"
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"mm_server"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_server.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"!ewido"="\"C:\\Documents and Settings\\Randy\\Desktop\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe"
"MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
@=""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"Launch LGDCore"="\"C:\\Program Files\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE"
"Launch LCDMon"="\"C:\\Program Files\\Logitech\\G-series Software\\LCDMon.exe\""
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk.disabled"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnk.disabledCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk.disabled"
"item"="Adobe Reader Speed Launch.lnk"
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk.disabled]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk.disabled"
"backup"="C:\\WINDOWS\\pss\\America Online 9.0 Tray Icon.lnk.disabledCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\America Online 9.0 Tray Icon.lnk.disabled"
"item"="America Online 9.0 Tray Icon.lnk"
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^CleanSweep Smart Sweep-Internet Sweep.lnk.disabled]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\CleanSweep Smart Sweep-Internet Sweep.lnk.disabled"
"backup"="C:\\WINDOWS\\pss\\CleanSweep Smart Sweep-Internet Sweep.lnk.disabledCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\CleanSweep Smart Sweep-Internet Sweep.lnk.disabled"
"item"="CleanSweep Smart Sweep-Internet Sweep.lnk"
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk.disabled]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk.disabled"
"backup"="C:\\WINDOWS\\pss\\Logitech Desktop Messenger.lnk.disabledCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech Desktop Messenger.lnk.disabled"
"item"="Logitech Desktop Messenger.lnk"
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk.disabled]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech SetPoint.lnk.disabled"
"backup"="C:\\WINDOWS\\pss\\Logitech SetPoint.lnk.disabledCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Logitech SetPoint.lnk.disabled"
"item"="Logitech SetPoint.lnk"
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk.disabled]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk.disabled"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnk.disabledCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk.disabled"
"item"="Microsoft Office.lnk"
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PKZIP Attachments Status.lnk.disabled]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PKZIP Attachments Status.lnk.disabled"
"backup"="C:\\WINDOWS\\pss\\PKZIP Attachments Status.lnk.disabledCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\PKZIP Attachments Status.lnk.disabled"
"item"="PKZIP Attachments Status.lnk"
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AOLDial"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"inimapping"="0"
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=dword:00000002
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
 

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Spybot - Search & Destroy -  Scheduled Task.job
 
Completion time: 06-12-25 14:30:18.68
C:\ComboFix.txt ... 06-12-25 14:30
Logged

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
something is WRONG Guestolo
« Reply #5 on: December 25, 2006, 02:42:39 PM »
My computer keeps rebooting at various time for no known reason.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
something is WRONG Guestolo
« Reply #6 on: December 25, 2006, 03:30:11 PM »
Wow, you must be the king of disabling startup entries  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />
What do you use to disable startup entries, just 'msconfig' alone?

Quote
I also ran a Check it diagnostic and it failed the memory test
What is it that you exactly ran?

Can you do the following
Right click the MyComputer icon>>left click Properties
Advanced tab>>Settings under Startup and Recovery
Uncheck "Automatically Restart" under System Failure
Click OK>>APPLY>>OK

Maybe the next time your system wants to Restart, it will blue screen instead
If it does, can you post a fresh hijackthis log back here please
I mean, can you post back the exact error message on the blue screen

Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
« Last Edit: December 25, 2006, 06:12:48 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
something is WRONG Guestolo
« Reply #7 on: December 25, 2006, 06:35:05 PM »
&Smith Micro Home Page | http://www.smithmicro.com |
&CheckIt Home Page | http://www.smithmicro.com/checkit |
&Technical Support Home Page | http://www.symantec.com/techsupp/ |
 
It came with the computer. It runs and test memory, video, the hard drive and some other stuff also.
 
And YEAH, I use spybot start up and also msconfig, LOL
 
Here is log you requested:
 
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.7
Adobe® Photoshop® Album Starter Edition 3.0
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Explorer
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AOL You\'ve Got Pictures Screensaver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Free Edition
Belkin Gigabit Ethernet
CheckIt Diagnostics
CleanUp!
FileZilla (remove only)
HijackThis 1.99.1
HLSW v1.0.0.48
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
J2SE Runtime Environment 5.0 Update 9
Lernout & Hauspie TruVoice American English TTS Engine
Logitech G-series Keyboard Software
Logitech QuickCam
Logitech SetPoint
Logitech® Camera Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office 2000 SR-1 Professional
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
mIRC
QuickTime
RealPlayer
Realtek AC\'97 Audio
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB926255)
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Steam
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Ventrilo Client
VideoLAN VLC media player 0.8.5
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver


It won\'t let me uncheck auto restart button
Logged

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
something is WRONG Guestolo
« Reply #8 on: December 25, 2006, 06:50:07 PM »
Ok its unchecked. Don't know why it didn't let me at first.

Could this be a hardware problem instead? Like maybe one of my sticks of ram or maybe my cpu chip? Reason being that when downloading a map for my game I play its not letting me enter afterwards because it says map differs from server. And then I have the recuring reboot problem.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
something is WRONG Guestolo
« Reply #9 on: December 25, 2006, 07:11:27 PM »
Let's first try and clear some entries from your computer
Can you NOT disable anything else on startup for a bit

Looks like you install and uninstall programs and entries get left behind
Again, I have to have you do the following

First off
Disable your Realtime protections, this includes Windows Defender and Spybot
Window's Defender
Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box.
Click Allow Change box if prompted

Stay in Spybot
Under System Startup, recheck EVERYTHING that you disabled previously

Go to START>>RUN>>type in msconfig
Hit OK
Under the SERVICES tab>>Enable ALL>>Apply it
Under the STARTUP   tab>>Enable ALL>>Apply it
Under the GENERAL   tab>>Ensure NORMAL startup is Selected
APPLY it then CLOSE

Reboot your computer

Come back here and post a fresh hijackthis log
You know the routine, keep EVERYTHNG enabled on startup
If you are using any additional tools to disable anything, reenable them too before rebooting

After you post the new hijackthis log
Run Combofix again, post the new log that opens
« Last Edit: December 25, 2006, 07:13:59 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
something is WRONG Guestolo
« Reply #10 on: December 25, 2006, 08:06:09 PM »
Logfile of HijackThis v1.99.1
Scan saved at 8:05:13 PM, on 12/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\1126634133\ee\AOLSoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\ManifestEngine.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Documents and Settings\Randy\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eightballclan.branzone.com/admi...ator/index2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [!ewido] "C:\Documents and Settings\Randy\Desktop\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126634133\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [mm_server] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: America Online 9.0 Tray Icon.lnk.disabled
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: PKZIP Attachments Status.lnk.disabled
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.eightballclan.com
O15 - Trusted Zone: *.tpgleague.org
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Logged

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
something is WRONG Guestolo
« Reply #11 on: December 25, 2006, 08:10:39 PM »
Randy - 06-12-25 20:06:54.31    Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Randy\Desktop"

(((((((((((((((((((((((((((((((   Files Created from 2006-11-25 to 2006-12-25  ))))))))))))))))))))))))))))))))))
 
 
2006-12-25   11:46   79,360   --a------   C:\WINDOWS\system32\swxcacls.exe
2006-12-25   11:46   51,200   --a------   C:\WINDOWS\system32\dumphive.exe
2006-12-25   09:17   53,248   --a------   C:\WINDOWS\system32\Process.exe
2006-12-25   09:17   40,960   --a------   C:\WINDOWS\system32\swsc.exe
2006-12-25   09:17   288,417   --a------   C:\WINDOWS\system32\SrchSTS.exe
2006-12-25   09:17   135,168   --a------   C:\WINDOWS\system32\swreg.exe
2006-12-20   05:31   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2006-12-20   05:29   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2006-12-19   21:14   10,920   --a------   C:\aolconnfix.exe


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-25 19:59   --------   d--------   C:\Documents and Settings\Randy\Application Data\AVG7
2006-12-24 15:29   --------   d--------   C:\Program Files\mIRC
2006-12-23 15:14   --------   d--------   C:\Program Files\CleanUp!
2006-12-20 05:31   --------   d--------   C:\Program Files\Windows Media Player
2006-12-14 11:00   --------   d--------   C:\Program Files\WinRAR
2006-12-13 23:00   --------   d--------   C:\Program Files\Outlook Express
2006-12-13 23:00   --------   d--------   C:\Program Files\Common Files\System
2006-12-12 10:03   --------   d--------   C:\Program Files\America Online 9.0
2006-11-30 15:56   --------   d--------   C:\Program Files\Common Files\AOL
2006-11-25 21:47   --------   d--------   C:\Program Files\HLSW
2006-11-22 10:52   520192   ---------   C:\WINDOWS\system32\ati2sgag.exe
2006-11-21 22:25   2829824   --a------   C:\WINDOWS\system32\drivers\ati2mtag.sys
2006-11-21 22:25   261120   --a------   C:\WINDOWS\system32\ati2dvag.dll
2006-11-21 22:20   118784   --a------   C:\WINDOWS\system32\atipdlxx.dll
2006-11-21 22:20   106496   --a------   C:\WINDOWS\system32\Oemdspif.dll
2006-11-21 22:19   90112   --a------   C:\WINDOWS\system32\ati2evxx.dll
2006-11-21 22:19   42496   --a------   C:\WINDOWS\system32\ati2edxx.dll
2006-11-21 22:19   26112   --a------   C:\WINDOWS\system32\Ati2mdxx.exe
2006-11-21 22:18   430080   --a------   C:\WINDOWS\system32\ati2evxx.exe
2006-11-21 22:17   53248   --a------   C:\WINDOWS\system32\ATIDDC.DLL
2006-11-21 22:12   2526688   --a------   C:\WINDOWS\system32\ati3duag.dll
2006-11-21 22:11   5279744   --a------   C:\WINDOWS\system32\atioglxx.dll
2006-11-21 22:08   1090016   --a------   C:\WINDOWS\system32\ativvaxx.dll
2006-11-21 21:57   217088   --a------   C:\WINDOWS\system32\atikvmag.dll
2006-11-21 21:56   17408   --a------   C:\WINDOWS\system32\atitvo32.dll
2006-11-21 21:51   294912   --a------   C:\WINDOWS\system32\ati2cqag.dll
2006-11-21 21:50   6684672   --a------   C:\WINDOWS\system32\atioglx1.dll
2006-11-21 21:49   307200   --a------   C:\WINDOWS\system32\atiiiexx.dll
2006-11-21 21:21   303104   --a------   C:\WINDOWS\system32\ATIDEMGR.dll
2006-11-16 11:44   33592   --a------   C:\WINDOWS\system32\drivers\atwpkt264.sys
2006-11-16 11:44   25136   --a------   C:\WINDOWS\system32\drivers\atwpkt2.sys
2006-11-16 11:44   103984   --a------   C:\WINDOWS\system32\AOLDial.dll
2006-11-13 01:20   --------   d--------   C:\Program Files\Internet Explorer
2006-11-08 00:06   679424   --a------   C:\WINDOWS\system32\inetcomm.dll
2006-11-04 16:28   --------   d--------   C:\Program Files\Grisoft
2006-11-04 12:14   --------   d--------   C:\Program Files\Logitech
2006-11-04 09:57   --------   d--------   C:\Program Files\Spybot - Search & Destroy
2006-11-02 12:29   816672   --a------   C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-28 22:23   --------   d--------   C:\Program Files\SpywareBlaster
2006-10-27 15:09   6049280   ---------   C:\WINDOWS\system32\ieframe.dll
2006-10-27 15:09   50688   ---------   C:\WINDOWS\system32\msfeedsbs.dll
2006-10-27 15:09   458752   ---------   C:\WINDOWS\system32\msfeeds.dll
2006-10-27 15:09   413696   --a------   C:\WINDOWS\system32\vbscript.dll
2006-10-27 15:09   231424   --a------   C:\WINDOWS\system32\webcheck.dll
2006-10-27 15:09   180736   ---------   C:\WINDOWS\system32\ieui.dll
2006-10-27 15:09   156160   --a------   C:\WINDOWS\system32\msls31.dll
2006-10-27 02:44   71680   --a------   C:\WINDOWS\system32\admparse.dll
2006-10-27 02:44   55296   --a------   C:\WINDOWS\system32\iesetup.dll
2006-10-27 02:44   54784   --a------   C:\WINDOWS\system32\ie4uinit.exe
2006-10-27 02:44   43008   --a------   C:\WINDOWS\system32\iernonce.dll
2006-10-27 02:44   382976   --a------   C:\WINDOWS\system32\iedkcs32.dll
2006-10-27 02:44   229376   --a------   C:\WINDOWS\system32\ieaksie.dll
2006-10-27 02:44   152064   --a------   C:\WINDOWS\system32\ieakeng.dll
2006-10-27 02:44   13312   --a------   C:\WINDOWS\system32\ieudinit.exe
2006-10-27 02:44   123904   --a------   C:\WINDOWS\system32\advpack.dll
2006-10-27 02:42   161792   --a------   C:\WINDOWS\system32\ieakui.dll
2006-10-19 08:56   713216   --a------   C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58   8704   --a------   C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:47   99840   --a------   C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47   991744   --a------   C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47   937984   --a------   C:\WINDOWS\system32\WMNetMgr.dll
2006-10-18 21:47   8231936   --a------   C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47   767488   ---------   C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47   757248   --a------   C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47   7168   --a------   C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47   656896   ---------   C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47   63488   --a------   C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47   629760   --a------   C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47   613376   ---------   C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47   603648   --a------   C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47   542720   --a------   C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47   535040   ---------   C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47   429056   --a------   C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47   414208   --a------   C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47   38400   ---------   C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47   37376   --a------   C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47   35840   --a------   C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47   356352   --a------   C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47   348672   --a------   C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47   33792   --a------   C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47   321536   --a------   C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47   317440   ---------   C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47   314880   --a------   C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47   295936   ---------   C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47   284160   ---------   C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47   276992   --a------   C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47   27136   --a------   C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47   2603008   ---------   C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47   259072   ---------   C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47   259072   ---------   C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47   2450944   --a------   C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47   242688   --a------   C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47   229376   --a------   C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47   222208   --a------   C:\WINDOWS\system32\WMASF.dll
2006-10-18 21:47   212992   ---------   C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47   211456   --a------   C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47   204288   --a------   C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47   199168   ---------   C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47   179712   --a------   C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47   175616   --a------   C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47   166912   ---------   C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47   1661440   --a------   C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47   1574912   ---------   C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47   157184   --a------   C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47   154624   --a------   C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47   1543680   ---------   C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47   1382912   ---------   C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47   133632   ---------   C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47   1329152   --a------   C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47   132096   ---------   C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47   130048   ---------   C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47   11264   --a------   C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47   1117696   --a------   C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47   101888   ---------   C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03   100864   --a------   C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00   249856   ---------   C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00   17408   ---------   C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-17 13:06   78336   --a------   C:\WINDOWS\system32\ieencode.dll
2006-10-17 13:05   40960   --a------   C:\WINDOWS\system32\licmgr10.dll
2006-10-17 13:05   206336   ---------   C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 13:05   105984   --a------   C:\WINDOWS\system32\url.dll
2006-10-17 13:04   101376   --a------   C:\WINDOWS\system32\occache.dll
2006-10-17 13:03   17408   --a------   C:\WINDOWS\system32\corpol.dll
2006-10-17 12:58   61952   ---------   C:\WINDOWS\system32\icardie.dll
2006-10-17 12:58   12288   ---------   C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 12:57   36352   --a------   C:\WINDOWS\system32\imgutil.dll
2006-10-17 12:57   266752   ---------   C:\WINDOWS\system32\iertutil.dll
2006-10-17 12:56   45568   --a------   C:\WINDOWS\system32\mshta.exe
2006-10-17 12:28   48128   --a------   C:\WINDOWS\system32\mshtmler.dll
2006-10-17 12:27   380928   ---------   C:\WINDOWS\system32\ieapfltr.dll
2006-10-13 07:35   142336   --a------   C:\WINDOWS\system32\nwprovau.dll
2006-10-02 15:28   312128   ---------   C:\WINDOWS\system32\msdelta.dll
2006-09-28 20:13   95344   ---------   C:\WINDOWS\system32\WUDFCoinstaller.dll
2006-09-28 18:56   55808   ---------   C:\WINDOWS\system32\WudfSvc.dll
2006-09-28 18:56   316416   ---------   C:\WINDOWS\system32\WUDFx.dll
2006-09-28 18:56   165376   ---------   C:\WINDOWS\system32\WudfPlatform.dll
2006-09-28 18:56   146432   ---------   C:\WINDOWS\system32\WudfHost.exe
2006-09-25 17:58   23856   --a------   C:\WINDOWS\system32\spupdsvc.exe
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Steam"="\"c:\\program files\\valve\\steam\\steam.exe\" -silent"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
@=""
"LDM"="\\Program\\"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Norton SystemWorks"="\"C:\\Program Files\\Norton SystemWorks\\cfgwiz.exe\" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz"
"Registry Cleaner"="\"C:\\Program Files\\TPT Registry_Cleaner (Trial)\\regclean.exe\""
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
@=""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"!ewido"="\"C:\\Documents and Settings\\Randy\\Desktop\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"AOL Spyware Protection"="\"C:\\PROGRA~1\\COMMON~1\\AOL\\AOLSPY~1\\AOLSP Scheduler.exe\""
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1126634133\\ee\\AOLSoftware.exe"
"Launch LCDMon"="\"C:\\Program Files\\Logitech\\G-series Software\\LCDMon.exe\""
"Launch LGDCore"="\"C:\\Program Files\\Logitech\\G-series Software\\LGDCore.exe\" /SHOWHIDE"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~2\\mimboot.exe"
"mm_server"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_server.exe\""
"mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
"MMTray"="C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe"
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"nwiz"="nwiz.exe /install"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SoundMan"="SOUNDMAN.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDriveAutoRun"=hex:ff,ff,ff,03
"NoDrives"=dword:00000000
"NoViewOnDrive"=dword:00000000
"NoLogoff"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL TopSpeedMonitor"=dword:00000002

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]   
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

 
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Spybot - Search & Destroy -  Scheduled Task.job

Completion time: 06-12-25 20:09:53.89
C:\ComboFix.txt ... 06-12-25 20:09
C:\ComboFix2.txt ... 06-12-25 14:30
Logged

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
something is WRONG Guestolo
« Reply #12 on: December 25, 2006, 08:13:27 PM »
LOL my task bar looks like a Christmas tree. Hope this gives you a full look and see:)

After I rebooted a bunch of errors popped up:

error loading C:\window\system32\NvCpl.dll

error C:\windows32\NvMctray.dll

Real player error

And Java wanted to update but it failed.

Wow, guess I screwed up all this time by shutting all that stuff off. I take my online gaming very seriously so I just want full power running my game.
« Last Edit: December 25, 2006, 08:38:48 PM by Mr Bell »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
something is WRONG Guestolo
« Reply #13 on: December 25, 2006, 08:33:09 PM »
It appears that some entries you had disabled no longer are installed

Can you do the following
Check and see if this folder exists
C:\Program Files\TPT Registry_Cleaner (Trial) <-folder

Also appears you uninstalled everything to do with Symantec's
This includes AV>>System Works>>CleanSweep
Can you verify that please

Also appears you uninstalled Ewido and/or AVG anti-spyware
Can you verify that
Then we'll clean some of those entries from startup
Just let me know the above
Again, at this point DON'T use msconfig or Spybot
« Last Edit: December 25, 2006, 08:34:25 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
something is WRONG Guestolo
« Reply #14 on: December 25, 2006, 08:46:27 PM »
No TPT Registry_Cleaner in there brother.

Yes removed all Symantec's

AVG anti-spyware was removed because you had me install Spyblaster and the free version of AVG virus detection.

Didn't think I needed Ewido anylonger. LOL do I?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
something is WRONG Guestolo
« Reply #15 on: December 25, 2006, 09:16:51 PM »
Let's do some clearing and see what we're left with afterwards
Let's get you the latest version of Sun Java
==Download the latest version of  Java Runtime Environment (JRE) 6
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement[/i]".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation Multi-language
Save the file to your Desktop.
Don't install it yet

Open your Windows control panel and double click to open the Java icon
Under the General tab, Select Delete Files>>Keep all 3 selections checked and hit OK
Exit out of Java afterwards

Access your add/remove programs and remove
J2SE Runtime Environment 5.0 Update 9

Afterwards
Can you do the following
Create a .reg file for me
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

 
Code: [Select]
REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"LDM"=-
"Norton SystemWorks"=-
"Registry Cleaner"=-
"LogitechSoftwareUpdate"=-
"updateMgr"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"!AVG Anti-Spyware"=-
"!ewido"=-
"ccApp"=-
"MimBoot"=-
"mm_server"=-
"mmtask"=-
"MMTray"=-
"NvCplDaemon"=-
"NvMediaCenter"=-
"nwiz"=-
"QuickTime Task"=-
"Symantec NetDriver Monitor"=-
"TkBellExe"=-
"RealTray"=-

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=-

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ALUAlert"=-

Double click on fix.reg and allow to add/merge to the registry at the prompt

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: America Online 9.0 Tray Icon.lnk.disabled
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk.disabled
O4 - Global Startup: Logitech Desktop Messenger.lnk.disabled
O4 - Global Startup: Logitech SetPoint.lnk.disabled
O4 - Global Startup: Microsoft Office.lnk.disabled
O4 - Global Startup: PKZIP Attachments Status.lnk.disabled


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis


Reboot the computer
Back in Windows

Double click on the JAVA installer and follow the prompts for installation
After it is installed, you can delete the installer from desktop
The updater to Java is not that reliable
Go into your windows control panel and double click to open the Java Icon
Under the Updater tab
Uncheck "Check for Updates Automatically"
Select NEVER when prompting when to check
Apply it and exit out of there
Check for updates manually about every month

Post back a fresh hijackthis log
Let's see what it looks like
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
something is WRONG Guestolo
« Reply #16 on: December 25, 2006, 11:17:32 PM »
Can not locate JAVA installer in windows. If its the one on my desk top it wants to know what program to open with.

Also I made a bit of mistake. When I ticked those entries I forgot to close open windows including this one.
« Last Edit: December 26, 2006, 12:00:32 AM by Mr Bell »
Logged

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
something is WRONG Guestolo
« Reply #17 on: December 26, 2006, 07:37:44 AM »
Bump

Morning Guestolo
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
something is WRONG Guestolo
« Reply #18 on: December 26, 2006, 12:07:32 PM »
Can you verify that the installer for Java on desktop is
jre-6-windows-i586.exe

That exact name please

Also, can you ensure you rebooted the computer and post a fresh hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Mr Bell

  • Sr. Member
  • ****
  • Posts: 300
  • Karma: +0/-0
    • View Profile
something is WRONG Guestolo
« Reply #19 on: December 26, 2006, 12:27:56 PM »
This is what is on my desk top as description: 1167101224923-integrated.jnlp

Here is new log:

Logfile of HijackThis v1.99.1
Scan saved at 12:20:54 PM, on 12/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\AOL\1126634133\ee\AOLSoftware.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\America Online 9.0\wEmail Removedexe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Documents and Settings\Randy\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adb...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eightballclan.branzone.com/admi...ator/index2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1126634133\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.eightballclan.com
O15 - Trusted Zone: *.tpgleague.org
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

I'm some what on the deressed side today. I couldn't get on my game last night for one thing. And I think one of these sticks of ram is bad (not sure though). I removed two of them (256) and left the 512 ones in and started computer and it went blue screen. Course then I just put them all back and here we are. So how do I tell which one is bad when we get to that point if thats the problem?
Logged
Pages: [1] 2 3
« previous next »