« previous next »
Pages: [1] 2

Author Topic: Time for a check up!  (Read 996 times)

Offline ep0xy

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Time for a check up!
« on: March 02, 2008, 11:06:48 PM »
hey doc,

Everything seems to be
running fine , just thought id have the pro's have a look.


( one thing i know is wrong is when i try and right click my deskto pand slect properties, i get awindows error msg saying thatfile is corupt ive known this for awhile now , and jsut deal with it )

anywayz here's my log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:29 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Excursion9.5\mIRC.ExCurSioN.exe
C:\mIRC-TPG\mirc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\ep0xy\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WIW7YLXI\INDEX_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\VQK9TBIO\GLOBAL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6QX02142\ACTION~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\PI3QGOAK\LEFT_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ME482Q8E\UPLOAD~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\G8WP4X2U\NAVBAR~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\U4JD2YC9\PERSON~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0TDT3PWU\RIGHT_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6QX02142\BOTTOM~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IYLT7VZ9\PRICIN~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ZVH9YENS\INE36B~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\VY22VHTB\GLOBAL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\1NTPR890\BUTTON~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\T363TR4K\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\T363TR4K\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SGJH9UIN\AIMTOD~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\GHKFNT6B\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X3YTGO1X\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0K2E0NUY\947_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\QNORXJ32\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ISZ0Q28G\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\9MVBS671\AIM_TE~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4IQRBNHF\953_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\CMLYAJFH\958_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0K2E0NUY\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6P5UMZWL\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMP
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7036 bytes
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Time for a check up!
« Reply #1 on: March 02, 2008, 11:26:07 PM »
Did you purposely install SpyNoMore?

It has been removed from the rogue list, I've never however used or recommended it
Just curious if you installed it purposely

Also, can you do the following
Download [color=\"#008000\"]Deckard's System Scanner (dss.exe)[/color] to your desktop.
Close all applications and windows.
Double-click on dss.exe to run it and follow the prompts.
When the scan is complete, two text files will open; main.txt, which will be maximized and extra.txt, which will be minimized.

Post back just the Whole contents of Main.txt and Extra.txt

In addition, what do you mean by this
Quote
( one thing i know is wrong is when i try and right click my deskto pand slect properties, i get awindows error msg saying thatfile is corupt ive known this for awhile now , and jsut deal with it )
What is the Exact error message you are receiving?
What file name?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ep0xy

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Time for a check up!
« Reply #2 on: March 02, 2008, 11:40:57 PM »
Here's the dss:

Deckard's System Scanner v20071014.68
Run by ep0xy on 2008-03-02 23:44:25
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
77: 2008-03-03 04:44:29 UTC - RP207 - Deckard's System Scanner Restore Point
76: 2008-03-03 01:19:06 UTC - RP206 - System Checkpoint
75: 2008-03-02 01:15:24 UTC - RP205 - System Checkpoint
74: 2008-02-29 08:25:26 UTC - RP204 - System Checkpoint
73: 2008-02-28 08:08:04 UTC - RP203 - System Checkpoint


-- First Restore Point --
1: 2007-12-04 07:59:23 UTC - RP131 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as ep0xy.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:45:11 PM, on 3/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Excursion9.5\mIRC.ExCurSioN.exe
C:\mIRC-TPG\mirc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ep0xy\Desktop\dss.exe
C:\DOCUME~1\ep0xy\Desktop\ep0xy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WIW7YLXI\INDEX_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\VQK9TBIO\GLOBAL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6QX02142\ACTION~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\PI3QGOAK\LEFT_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ME482Q8E\UPLOAD~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\G8WP4X2U\NAVBAR~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\U4JD2YC9\PERSON~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0TDT3PWU\RIGHT_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6QX02142\BOTTOM~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IYLT7VZ9\PRICIN~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ZVH9YENS\INE36B~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\VY22VHTB\GLOBAL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\1NTPR890\BUTTON~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\T363TR4K\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\T363TR4K\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SGJH9UIN\AIMTOD~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\GHKFNT6B\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X3YTGO1X\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0K2E0NUY\947_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\QNORXJ32\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ISZ0Q28G\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\9MVBS671\AIM_TE~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4IQRBNHF\953_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\CMLYAJFH\958_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0K2E0NUY\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6P5UMZWL\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMP
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7066 bytes

-- File Associations -----------------------------------------------------------

[color=\"red\"].js - JSFile - DefaultIcon - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe",2[/color]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 aslm75 - c:\windows\system32\drivers\aslm75.sys

S2 PSTRIP - c:\windows\system32\drivers\pstrip.sys (file missing)
S3 bainigne - c:\documents and settings\ep0xy\desktop\wowglider\bainigne.sys (file missing)
S3 flt - c:\documents and settings\ep0xy\desktop\wowglider\flt.sys (file missing)
S3 gkhapfhdp - c:\documents and settings\ep0xy\desktop\wowglider\gkhapfhdp.sys (file missing)
S3 glgwukb - c:\documents and settings\ep0xy\desktop\wowglider\glgwukb.sys (file missing)
S3 jrf - c:\documents and settings\ep0xy\desktop\wowglider\jrf.sys (file missing)
S3 uuhu - c:\documents and settings\ep0xy\desktop\wowglider\uuhu.sys (file missing)
S3 vhndlqwivh - c:\documents and settings\ep0xy\desktop\wowglider\vhndlqwivh.sys (file missing)
S3 ydzodmzw - c:\documents and settings\ep0xy\desktop\wowglider\ydzodmzw.sys (file missing)
S3 ztb - c:\documents and settings\ep0xy\desktop\wowglider\ztb.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Network Controller
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00131737&REV_02\4&13699180&0&3848
Manufacturer:
Name: Network Controller
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00131737&REV_02\4&13699180&0&3848
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1102&DEV_0007&SUBSYS_10061102&REV_00\4&13699180&0&4048
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1102&DEV_0007&SUBSYS_10061102&REV_00\4&13699180&0&4048
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_81671043&REV_02\4&13699180&0&5048
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_81671043&REV_02\4&13699180&0&5048
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\74C63211D800
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\74C63211D800
Service: NIC1394

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-03-02 05:32:00       300 --a------ C:\WINDOWS\Tasks\Ad-Aware SE Personal.job
2008-03-02 03:19:31       356 --a------ C:\WINDOWS\Tasks\McQcTask.job
2008-02-29 06:35:00       264 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy.job
2008-02-15 01:46:43       350 --a------ C:\WINDOWS\Tasks\McDefragTask.job


-- Files created between 2008-02-02 and 2008-03-02 -----------------------------

2008-02-23 16:49:51         0 d-------- C:\World of Warcraft
2008-02-16 00:02:49         0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-02-14 20:25:17         0 d-------- C:\Documents and Settings\ep0xy\Application Data\skypePM
2008-02-14 20:25:17        32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-14 20:20:45         0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-02-07 19:39:45         0 d-------- C:\Program Files\SmartFTP Client 2.5 Setup Files


-- Find3M Report ---------------------------------------------------------------

2008-03-02 22:24:25         0 d-------- C:\Program Files\Steam
2008-03-02 21:23:18         0 d-------- C:\Program Files\HLSW
2008-02-16 00:02:49         0 d-------- C:\Program Files\Common Files
2008-02-13 22:25:41         0 d-------- C:\Program Files\Winamp
2008-02-07 19:40:12         0 d-------- C:\Program Files\SmartFTP Client
2008-01-22 16:12:30         8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-01-22 01:35:22     13668 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-01-21 22:27:06         0 d-------- C:\Documents and Settings\ep0xy\Application Data\Adobe
2008-01-21 22:27:04      1158 --a------ C:\WINDOWS\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"Logitech Utility"="Logi_MwX.Exe" [11/07/2003 04:50 AM C:\WINDOWS\LOGI_MWX.EXE]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [01/15/2008 05:54 PM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 02:32 PM C:\WINDOWS\KHALMNPR.Exe]
"SNM"="C:\Program Files\SpyNoMore\SNM.exe" []
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 02:32 PM C:\WINDOWS\KHALMNPR.Exe]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/04/2007 01:33 AM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 04:22 PM]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [08/13/2007 04:14 PM]
"nwiz"="nwiz.exe" [08/13/2007 04:14 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [08/13/2007 04:14 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [10/13/2004 11:24 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 02:56 AM]
"Steam"="c:\program files\steam\steam.exe" [11/29/2007 07:05 PM]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" []
"DelayShred"="C:\Program Files\McAfee\MSHR\ShrCL.exe" [07/25/2007 02:10 PM]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 03:35 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]
"DelayShred"="c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\T363TR4K\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\T363TR4K\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SGJH9UIN\AIMTOD~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\GHKFNT6B\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X3YTGO1X\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0K2E0NUY\947_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\QNORXJ32\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ISZ0Q28G\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\9MVBS671\AIM_TE~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4IQRBNHF\953_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\CMLYAJFH\958_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0K2E0NUY\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6P5UMZWL\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IHBKB3OC\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\QNORXJ32\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6P5UMZWL\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\7XJZ016Z\INDEX_~3.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\KXGIKGRM\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\NOE230T4\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\NOE230T4\955_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\EXCHSH0M\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\7XJZ016Z\974_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\EXCHSH0M\CS_5_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\F0AH2DGF\CS_45_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TBU6FADW\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5VVTD208\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TBU6FADW\985_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\MOTD_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ZVELPOSX\INDEX_~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5GTANJ7K\ADS_4_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5GTANJ7K\@MIDDL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\@MIDDL~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\273792~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X18WK7X1\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5GTANJ7K\988_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\AIM_TE~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5GTANJ7K\972_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X18WK7X1\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\2DW2YSJO\IN591D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\2DW2YSJO\CS_19_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\EXCHSH0M\INDEX_~3.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OYMEGBP2\INDEX_~4.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0B9ONMV3\1005_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WH2RX6IW\INAFAD~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\G5JCMA5L\IN552D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\KXGIKGRM\SEBFA6~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IL2DD3OF\JAVASC~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OB8VQPZ3\V_2_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\I2C9RPLU\IN592D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5GTANJ7K\IN5D1D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\2SBIRV2N\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WH2RX6IW\IN592D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ZVELPOSX\1009_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WH2RX6IW\SHOWTH~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0B9ONMV3\BRUCEL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X18WK7X1\INDEX_~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\76LUWPN1\INDEX_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\JQP3UBLD\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SHV22XQ0\1018_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4VQ7VX0J\1020_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\NDHTJ08F\INDEX_~3.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\JLYZA6CU\1025_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\EJ3YMDTL\IFRAME~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N8MSQYMN\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IR6BBB9J\UPDATE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\1MU9FQND\A37119~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\THVBVFOF\1026_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\47Y30XDT\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WWKK71WC\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\1MU9FQND\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\JLYZA6CU\1030_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\MJC9LK0Y\DOC_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N4ANSA8G\DOC_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WWKK71WC\GOOGLE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\THVBVFOF\INDEXC~3.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\KPR4Q6L3\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N8MSQYMN\PBEULA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N8MSQYMN\@MIDDL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\THVBVFOF\@MIDDL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\C2BBMXAK\WIRELE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WWKK71WC\V_3_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N4ANSA8G\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4VQ7VX0J\IFPC_R~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\HREAZS89\IFPC_R~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N8MSQYMN\IFPC_R~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TXABJ59G\SHOWTH~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\OYPNQ4ZN\IFPC_R~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TXABJ59G\IN5D1D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\32XOB6AV\CS_5_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\NDHTJ08F\1064_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\JXHNFUHS\CS_5_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TXABJ59G\CONTEN~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\R2EVCQ81\CS_5_2~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SD43F0W8\1067_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\TXABJ59G\CS_5_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\1MU9FQND\1077_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4VQ7VX0J\CS_44_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SD43F0W8\IN512D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\32XOB6AV\IFPC_R~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\NDHTJ08F\IN11F1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\R2EVCQ81\ITEM-D~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N4ANSA8G\CS_21_~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\47Y30XDT\1101_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0YYMU162\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\E7W4IVR3\1106_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\KDRFHVY7\INF496~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0YYMU162\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\G3B2DKXF\1108_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\754NDAGZ\1119_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\C2I2ZT03\AIM_UA~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\N7JRQFH9\CS_46_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\7I7MMF4F\LM_INF~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5C7TSVE1\1130_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\QZRIV274\INDEX_~3.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\G8WP4X2U\CS_14_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6B3AQLME\1136_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IYLT7VZ9\IND3E3~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ZVH9YENS\1140_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\5C7TSVE1\1136_1~1.SH!

C:\Documents and Settings\ep0xy\Start Menu\Programs\Startup\
Loadout Manager.lnk - C:\Program Files\Belkin\Nostromo\nost_LM.exe [6/24/2003 1:31:35 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [7/28/2007 9:31:30 PM]
MultiMon Taskbar.lnk - C:\Program Files\MMTaskbar\MultiMon.exe [2/20/2007 6:17:39 PM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
"C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE




-- End of Deckard's System Scanner: finished at 2008-03-02 23:45:59 ------------



heres my error msg:

The appliction or DLL C:\WINDOWS\System32\themeui.dll is not a valid Windows image. Please check this against your installation diskette.


(now ive down what it said before and itsfixed it. sweet NO what happened after was i rebooted and its got stuck in a loop to loop back to back crashes and would never reboot windows again.


Intill i to thecomp in bio's to load the last cfg thatworked and it would reboot , sweet .. NO no the error was back..


soo yeah ive just left it anywayz let me know what you think.



Edit: ooo i almost forgot no i never wanted that spyware cleaner i didnt even know i had it , never seen it before in my life
Thanks a bunch
« Last Edit: March 02, 2008, 11:42:14 PM by ep0xy »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Time for a check up!
« Reply #3 on: March 03, 2008, 12:00:18 AM »
Did you get a log for Extra.txt
If so, post it please

If not, can you do the following
Please supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ep0xy

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Time for a check up!
« Reply #4 on: March 03, 2008, 12:04:54 AM »
i didnt get the extra.txt , i recvived a yes or no box i clicked yes and recived that one txt i pasted.

Heres what yourasked for:

Ad-Aware SE Personal
Adobe Flash Player ActiveX
AOL Instant Messenger
ASUS Probe V2.24.10
AsusUpdate
BitTornado 0.3.17
Cabela's Trophy Bucks
Call of Duty 4: Modern Warfare
CDDRV_Installer
Counter-Strike
Excursion 9.5
Fraps (remove only)
Google Talk (remove only)
Half-Life 2: Deathmatch
HijackThis 2.0.2
HLSW v1.1.5
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Indeo® software
iTunes
KhalInstallWrapper
K-Lite Codec Pack 3.01 Basic
Logitech MouseWare 9.79
Logitech SetPoint
Macromedia Dreamweaver 8
Macromedia Extension Manager
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (2.0.0.12)
MultiMon TaskBar 2.1
Nostromo Array Programming Software
NVIDIA Drivers
NVIDIA WDM Drivers
NVTweak
Realtek AC'97 Audio
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SmartFTP Client
SmartFTP Client 2.0 Setup Files (remove only)
SmartFTP Client 2.5 Setup Files (remove only)
Sony Media Manager 2.0
Sony Vegas 6.0
Spybot - Search & Destroy 1.4
Steam
Team Fortress 2
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Ventrilo Client
VideoMach 4.0.4
Winamp
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
World of Warcraft
Xvid 1.1.2 final uninstall



EDIT found theextra .txt MY bad :




Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
CPU 1: AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
Percentage of Memory in Use: 22%
Physical Memory (total/avail): 3071.48 MiB / 2375.19 MiB
Pagefile Memory (total/avail): 9904.48 MiB / 9331.55 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.46 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 74.52 GiB total, 23.11 GiB free.
D: is CDROM (No Media)
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD800BB-00CAA1 - 74.53 GiB - 1 partition
  \PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

AntivirusOverride is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\ExcursionXBeta\\mIRC.exe"="C:\\ExcursionXBeta\\mIRC.exe:*:Enabled:mIRC"
"C:\\Documents and Settings\\ep0xy\\Local Settings\\Temp\\nskE9.tmp\\utorrent.exe"="C:\\Documents and Settings\\ep0xy\\Local Settings\\Temp\\nskE9.tmp\\utorrent.exe:*:Enabled:µTorrent"
"C:\\mIRC-TPG\\mirc.exe"="C:\\mIRC-TPG\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\source sdk base\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\source sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\HLSW\\hlsw.exe"="C:\\Program Files\\HLSW\\hlsw.exe:*:Enabled:hlsw"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\dirtstarEmail Removed\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\dirtstarEmail Removed\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\[email protected]\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"="C:\\Program Files\\BitTornado\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\day of defeat source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\day of defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\roundnycEmail Removed\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\roundnycEmail Removed\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"="C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\counter-strike\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\opposing force\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\opposing force\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\steamapps\\redrockEmail Removed\\day of defeat\\hl.exe"="C:\\Program Files\\Steam\\steamapps\\redrockEmail Removed\\day of defeat\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\team fortress 2\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nihilistpropaganda\\team fortress 2\\hl2.exe:*:Enabled:hl2"
"C:\\Excursion9.5\\mIRC.ExCurSioN.exe"="C:\\Excursion9.5\\mIRC.ExCurSioN.exe:*:Enabled:mIRC"
"C:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"="C:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe:*:Enabled:iw3mp"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\ep0xy\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JASON
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\ep0xy
LOGONSERVER=\\JASON
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 35 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2302
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ep0xy\LOCALS~1\Temp
TMP=C:\DOCUME~1\ep0xy\LOCALS~1\Temp
USERDOMAIN=JASON
USERNAME=ep0xy
USERPROFILE=C:\Documents and Settings\ep0xy
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

ep0xy (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
ASUS Probe V2.24.10 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Asus Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Asus Probe\probunis.dll"
AsusUpdate --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\AsusUpdate\Uninst.isu"
BitTornado 0.3.17 --> C:\Program Files\BitTornado\uninst.exe
Cabela's Trophy Bucks --> MsiExec.exe /I{D17C4B85-A12C-442F-81A6-21EAB64F014A}
Call of Duty 4: Modern Warfare --> "C:\Program Files\Steam\steam.exe" steam://uninstall/7940
CDDRV_Installer --> MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Counter-Strike --> "C:\Program Files\Steam\steam.exe" steam://uninstall/10
Day of Defeat --> "C:\Program Files\Steam\steam.exe" steam://uninstall/30
Excursion 9.5 --> C:\WINDOWS\unvise32.exe C:\Excursion9.5\uninstal.log
Fraps (remove only) --> "C:\Fraps\uninstall.exe"
Google Talk (remove only) --> "C:\Program Files\Google\Google Talk\uninstall.exe"
Half-Life 2: Deathmatch --> "C:\program files\steam\steam.exe" steam://uninstall/320
HijackThis 2.0.2 --> "C:\Documents and Settings\ep0xy\Desktop\HijackThis.exe" /uninstall
HLSW v1.1.5 --> "C:\Program Files\HLSW\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Indeo® software --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll"
iTunes --> MsiExec.exe /I{E0219810-16E4-437D-9165-93D7B22524F9}
K-Lite Codec Pack 3.01 Basic --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
KhalInstallWrapper --> MsiExec.exe /I{56918C0C-0D87-4CA6-92BF-4975A43AC719}
Logitech MouseWare 9.79 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech SetPoint --> C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 --> "C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) --> MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
mIRC --> "C:\mIRC-TPG\mirc.exe" -uninstall
Mozilla Firefox (2.0.0.12) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MultiMon TaskBar 2.1 --> "C:\Program Files\MMTaskbar\unins000.exe"
Nostromo Array Programming Software --> MsiExec.exe /X{0F3A1C5A-DA6A-4536-A058-CBB857CAC20C}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA WDM Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\setup.exe"
NVTweak --> MsiExec.exe /I{39D385DF-53BA-4792-BED3-68132EEB488F}
Opposing Force --> "C:\program files\steam\steam.exe" steam://uninstall/50
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Sid Meier's Civilization IV --> "C:\Program Files\Steam\steam.exe" steam://uninstall/3900
SmartFTP Client --> MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
SmartFTP Client 2.0 Setup Files (remove only) --> "C:\Program Files\SmartFTP Client 2.0 Setup Files\uninst-sftp.exe"
SmartFTP Client 2.5 Setup Files (remove only) --> C:\Program Files\SmartFTP Client 2.5 Setup Files\uninst-sftp.exe
Sony Media Manager 2.0 --> MsiExec.exe /X{C589B6DE-F7BF-4E22-8524-53E115EF6AB4}
Sony Vegas 6.0 --> MsiExec.exe /X{5FCE0BF9-A1AA-4FA3-A28C-F62431CD52C4}
Source SDK Base --> "C:\Program Files\Steam\steam.exe" steam://uninstall/215
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam --> C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
Team Fortress 2 --> "C:\Program Files\Steam\steam.exe" steam://uninstall/440
Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
VideoMach 4.0.4 --> C:\Program Files\VideoMach-4.0.4\uninstall.exe
Winamp --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
World of Warcraft --> C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type1701 / Error
Event Submitted/Written: 02/26/2008 03:32:07 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application explorer.exe, version 6.0.2900.3156, faulting module explorer.exe, version 6.0.2900.3156, fault address 0x000238fa.
Processing media-specific event for [explorer.exe!ws!]

Event Record #/Type1700 / Error
Event Submitted/Written: 02/25/2008 09:15:18 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application ventrilo.exe, version 3.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x4b435553.
Processing media-specific event for [ventrilo.exe!ws!]

Event Record #/Type1696 / Error
Event Submitted/Written: 02/20/2008 08:19:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application aim.exe, version 5.9.6089.0, faulting module unknown, version 0.0.0.0, fault address 0x1221254f.
Processing media-specific event for [aim.exe!ws!]

Event Record #/Type1690 / Warning
Event Submitted/Written: 02/17/2008 01:03:28 AM
Event ID/Source: 19011 / MSSQL$SONY_MEDIAMGR
Event Description:
(SpnRegister) : Error 1355

Event Record #/Type1685 / Error
Event Submitted/Written: 02/14/2008 00:48:43 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application iexplore.exe, version 7.0.6000.16608, hang module hungapp, version 0.0.0.0, hang address 0x00000000.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type1618 / Error
Event Submitted/Written: 03/02/2008 06:13:01 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
The PSTRIP service failed to start due to the following error:
%%2

Event Record #/Type1613 / Warning
Event Submitted/Written: 03/02/2008 06:10:57 PM
Event ID/Source: 1005 / Dhcp
Event Description:
Your computer has detected that the IP address 192.168.1.101 for the Network Card
with network address 0015F22A7644 is already in use on the network.
Your computer will automatically attempt to obtain a different address.

Event Record #/Type1612 / Warning
Event Submitted/Written: 03/02/2008 06:10:57 PM
Event ID/Source: 1005 / Dhcp
Event Description:
Your computer has detected that the IP address 192.168.1.101 for the Network Card
with network address 0015F22A7644 is already in use on the network.
Your computer will automatically attempt to obtain a different address.

Event Record #/Type1611 / Warning
Event Submitted/Written: 03/02/2008 06:10:55 PM
Event ID/Source: 1005 / Dhcp
Event Description:
Your computer has detected that the IP address 192.168.1.101 for the Network Card
with network address 0015F22A7644 is already in use on the network.
Your computer will automatically attempt to obtain a different address.

Event Record #/Type1610 / Warning
Event Submitted/Written: 03/02/2008 06:10:55 PM
Event ID/Source: 1005 / Dhcp
Event Description:
Your computer has detected that the IP address 192.168.1.101 for the Network Card
with network address 0015F22A7644 is already in use on the network.
Your computer will automatically attempt to obtain a different address.



-- End of Deckard's System Scanner: finished at 2008-03-02 23:45:59 ------------
« Last Edit: March 03, 2008, 12:08:06 AM by ep0xy »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Time for a check up!
« Reply #5 on: March 03, 2008, 12:49:35 AM »
I'm unsure why there's so many extra items under McAfee's scheduled disk defragger and shredder

Can you try the following
As from the following link
http://forums.mcafeehelp.com/showthread.php?p=509008

double-clicking the taskbar icon to open McAfee's  Security Center
Click Advanced Menu (bottom mid-left)
Click Tools (lower left)
Click Start in Task Scheduler (lower right)
 remove shredder task and the defrag task

Afterwards
Download [color=\"#FF0000\"]ATF-Cleaner[/color] by Atribune.
Save it to your desktop
Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

If you use Firefox browser
      Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

========================================

Do a "System scan only" with Hijackthis and put a check next to these entries:

O4 - HKCU\..\Run: [DelayShred] "C:\Program Files\McAfee\MSHR\ShrCL.EXE" /P7 /q C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\WIW7YLXI\INDEX_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\VQK9TBIO\GLOBAL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6QX02142\ACTION~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\PI3QGOAK\LEFT_1~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ME482Q8E\UPLOAD~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\G8WP4X2U\NAVBAR~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\U4JD2YC9\PERSON~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0TDT3PWU\RIGHT_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6QX02142\BOTTOM~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\IYLT7VZ9\PRICIN~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ZVH9YENS\INE36B~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\VY22VHTB\GLOBAL~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\1NTPR890\BUTTON~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1

O4 - HKCU\..\RunOnce: [DelayShred] "c:\program files\mcafee\mshr\ShrCL.EXE" /P7 /q C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\T363TR4K\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\T363TR4K\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\SGJH9UIN\AIMTOD~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\GHKFNT6B\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\X3YTGO1X\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0K2E0NUY\947_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\QNORXJ32\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\ISZ0Q28G\AIM_TE~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\9MVBS671\AIM_TE~2.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\4IQRBNHF\953_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\CMLYAJFH\958_1_~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\0K2E0NUY\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMPOR~1\Content.IE5\6P5UMZWL\AIM_UA~1.SH! C:\DOCUME~1\ep0xy\LOCALS~1\TEMP

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)


After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer
Back in Windows, you can go back and enable the tasks set by McAfee's or run manually

Post back a fresh hijackthis log afterwards

In addition, can you explain the following
Quote
(now ive down what it said before and itsfixed it. sweet NO what happened after was i rebooted and its got stuck in a loop to loop back to back crashes and would never reboot windows again.
What did you try before?

Can you also do the following
Go to the following link
http://billsway.com/vbspage/
Scroll down to Find File Information
and use the download button on the right >>The harddisk with arrow icon
Save to desktop and unzip the contents to desktop

Double click on FileInfo.vbs to run it, allow this to run if prompted by your AntiVirus software
We are just collecting information
Under "Enter drive letter to Search...."
Type in
*
Then hit OK

In the next box under  file name to search for
type or copy>>paste the following

themeui
Then click OK

Let it finish it's scan, a text file will open, can you copy>paste back here the Whole contents please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ep0xy

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Time for a check up!
« Reply #6 on: March 03, 2008, 01:40:52 AM »
ok heres the new hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:38:40 AM, on 3/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\MMTaskbar\MultiMon.exe
C:\Program Files\Belkin\Nostromo\nost_LM.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\ep0xy\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Loadout Manager.lnk = C:\Program Files\Belkin\Nostromo\nost_LM.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MultiMon Taskbar.lnk = C:\Program Files\MMTaskbar\MultiMon.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 4635 bytes



Also i never mentioned this almost forgot:

each and every time i reboot my PC i get this message:

The application or DLL C:\WINDOWS\IME\sptip.dll is not a valid Windows image. Please check this against your installation diskette.


heres the fileinfo.vbs when i searched themeeui:

c:\windows\$ntservicepackuninstall$\themeui.dll
Version: 6.0.2800.1106
Created: 2/1/2007 7:09:13 PM
Modified: 8/29/2002 7:00:00 AM
Size: 384,000 bytes
Attributes: Compressed

c:\windows\servicepackfiles\i386\themeui.dll
Version: 6.0.2900.2180
Created: 8/4/2004 2:56:46 AM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Compressed

c:\windows\system32\dllcache\themeui.dll
Version: 6.0.2900.2180
Created: 8/29/2002 7:00:00 AM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Archive Compressed

c:\windows\system32\themeui.dll
Version:
Created: 8/8/2007 1:45:42 PM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Archive


and in reguards to what i tryed that made the pc loop to loop reboot crash , well it wasa whileago i read if you type a certain command in the run tab it searchs against your windows disk and fixes problems i did and it prompted meto insert thewindows disk i did and it ran the scan found theproblem andit was over . i then was able to right click my desk top and slect properites it worked fine.

BUT when i rebooted thats what happened intill i slected last cfg thatworked and i was able to get back on windows corupt file was there again.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Time for a check up!
« Reply #7 on: March 03, 2008, 09:25:57 PM »
Can you try this again
This time do the following

Double click on FileInfo.vbs to run it, allow this to run if prompted by your AntiVirus software
We are just collecting information
Under "Enter drive letter to Search...."
Type in
*
Then hit OK

In the next box under  file name to search for
type or copy>>paste the following

sptip
Then click OK

Let it finish it's scan, a text file will open, can you copy>paste back here the Whole contents please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ep0xy

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Time for a check up!
« Reply #8 on: March 03, 2008, 09:33:14 PM »
c:\windows\$ntservicepackuninstall$\sptip.dll
Version: 5.1.2600.1106
Created: 2/1/2007 7:09:27 PM
Modified: 8/29/2002 7:00:00 AM
Size: 235,520 bytes
Attributes: Compressed

c:\windows\ime\sptip.dll
Version:
Created: 8/8/2007 1:45:20 PM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive

c:\windows\servicepackfiles\i386\sptip.dll
Version: 5.1.2600.2180
Created: 8/4/2004 2:56:45 AM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
c:\windows\system32\dllcache\sptip.dll
Version: 5.1.2600.2180
Created: 8/29/2002 7:00:00 AM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive Compressed
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Time for a check up!
« Reply #9 on: March 03, 2008, 10:25:18 PM »
There is definitely a problem with the 2 file names you posted
As seen here
c:\windows\system32\themeui.dll
Version:
Created: 8/8/2007 1:45:42 PM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Archive

and here
c:\windows\ime\sptip.dll
Version:
Created: 8/8/2007 1:45:20 PM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive

Do you notice the creation date are the same time line and Version is empty on both
Something has corrupted both those files

Can you try the following

EDIT>>Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Navigate to the following file
c:\windows\system32\dllcache\sptip.dll
right click on it and choose copy
Then paste it to the following folder
c:\windows\system32
Allow to overwrite at the prompt

Then navigate to this file
c:\windows\system32\dllcache\themeui.dll
Copy and paste to this folder
c:\windows\system32

Afterwards, run Fileinfo.vbs on both the following
sptip

then on
themeui
and post back both results
« Last Edit: March 03, 2008, 10:26:19 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ep0xy

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Time for a check up!
« Reply #10 on: March 03, 2008, 11:06:15 PM »
ok first those boxes were already were unchecked.

heres te logs:

c:\windows\$ntservicepackuninstall$\sptip.dll
Version: 5.1.2600.1106
Created: 2/1/2007 7:09:27 PM
Modified: 8/29/2002 7:00:00 AM
Size: 235,520 bytes
Attributes: Compressed

c:\windows\ime\sptip.dll
Version:
Created: 8/8/2007 1:45:20 PM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive

c:\windows\servicepackfiles\i386\sptip.dll
Version: 5.1.2600.2180
Created: 8/4/2004 2:56:45 AM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
c:\windows\system32\dllcache\sptip.dll
Version: 5.1.2600.2180
Created: 8/29/2002 7:00:00 AM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive Compressed

c:\windows\system32\sptip.dll
Version: 5.1.2600.2180
Created: 3/3/2008 11:14:35 PM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive



c:\windows\$ntservicepackuninstall$\themeui.dll
Version: 6.0.2800.1106
Created: 2/1/2007 7:09:13 PM
Modified: 8/29/2002 7:00:00 AM
Size: 384,000 bytes
Attributes: Compressed

c:\windows\servicepackfiles\i386\themeui.dll
Version: 6.0.2900.2180
Created: 8/4/2004 2:56:46 AM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Compressed

c:\windows\system32\dllcache\themeui.dll
Version: 6.0.2900.2180
Created: 8/8/2007 1:45:42 PM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Archive Compressed

c:\windows\system32\themeui.dll
Version: 6.0.2900.2180
Created: 8/8/2007 1:45:42 PM
Modified: 8/4/2004 2:56:46 AM
Size: 385,536 bytes
Attributes: Archive
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Time for a check up!
« Reply #11 on: March 03, 2008, 11:12:49 PM »
Did you do the following?
Quote
Navigate to the following file
c:\windows\system32\dllcache\sptip.dll
right click on it and choose copy
Then paste it to the following folder
c:\windows\system32
Allow to overwrite at the prompt

also, can you try the following
Right click an empty spot on the desktop and select Properties, do you still get an error message?
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ep0xy

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Time for a check up!
« Reply #12 on: March 03, 2008, 11:17:31 PM »
yep i did a search for this string c:\windows\system32\dllcache\sptip.dll

copyed thefile when into thewindows folder fould windows32.. and over wrote ran theprogram serchfor both posted logs


wow i can right click again !!!!!!! i bet i dont get tha tsptip msg on reboot either!!!


Very nice questolo you sure know yourstuff
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Time for a check up!
« Reply #13 on: March 03, 2008, 11:23:25 PM »
You should reboot and ensure you don't get the error, by the last search with FileInfo
The file looked as if it wasn't replaced
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Time for a check up!
« Reply #14 on: March 03, 2008, 11:27:35 PM »
Woops, I made a mistake
Can you see what I said here
Navigate to the following file
c:\windows\system32\dllcache\sptip.dll
right click on it and choose copy
Then paste it to the following folder
c:\windows\system32
Allow to overwrite at the prompt

I meant to have you do this
Navigate to the following file
c:\windows\system32\dllcache\sptip.dll
right click on it and choose copy
Then paste it to the following folder
c:\windows\ime
Allow to overwrite at the prompt

See if that helps
You can delete sptip.dll in this folder
c:\windows\system32
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ep0xy

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Time for a check up!
« Reply #15 on: March 03, 2008, 11:36:31 PM »
ok did it, rebooted error is gone! thats been baffling me for months couldnt fix it. soo nice to not see those msg anymore
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Time for a check up!
« Reply #16 on: March 03, 2008, 11:39:00 PM »
Can we just double check
run Fileinfo.vbs on  the following
sptip

Post the contents
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ep0xy

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Time for a check up!
« Reply #17 on: March 03, 2008, 11:43:34 PM »
c:\windows\$ntservicepackuninstall$\sptip.dll
Version: 5.1.2600.1106
Created: 2/1/2007 7:09:27 PM
Modified: 8/29/2002 7:00:00 AM
Size: 235,520 bytes
Attributes: Compressed

c:\windows\ime\sptip.dll
Version: 5.1.2600.2180
Created: 8/8/2007 1:45:20 PM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive

c:\windows\servicepackfiles\i386\sptip.dll
Version: 5.1.2600.2180
Created: 8/4/2004 2:56:45 AM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
c:\windows\system32\dllcache\sptip.dll
Version: 5.1.2600.2180
Created: 8/8/2007 1:45:20 PM
Modified: 8/4/2004 2:56:45 AM
Size: 250,880 bytes
Attributes: Archive Compressed
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Time for a check up!
« Reply #18 on: March 03, 2008, 11:51:01 PM »
That looks better
Go ahead and delete
on desktop

dss.exe
FileInfo.zip and Fileinfo.vbs

Also, you can delete the folder that dss.exe created, located here
C:\deckard

Everything ok, should I lock this topic
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline ep0xy

  • Newbie
  • *
  • Posts: 34
  • Karma: +0/-0
    • View Profile
Time for a check up!
« Reply #19 on: March 03, 2008, 11:59:02 PM »
Yep were good , Thanks soo much.

 cheers!
Logged
Pages: [1] 2
« previous next »