# my computer crashes when i play games



## Wooooop

my computer crashes when i play games
it just goes black or just freezes, dont know why
i look on internet and its all blah blah registry errors fix them now, so i go and i get a free scan, find loads of errors, but wait! i cant fix them unless i pay to buy their product, im sure theres a way i can fix this without buying sum stupid thing. help?

comp specs im not sure bit 1.7giga hertz or watever, 37 gigs of space total, 512 megs ram i think


----------



## kalisun

There's a few things you might want to look at. 

1. First check to make sure your computer has the video and sound drivers updated. Those are about the two most important things to update.

2. Check you have the correct Direct X version loaded for your particular game that your playing. 

3. Run a antivirus scan and a antispyware scan on your system to clean out any trojans and/or infected files.

4. Look at disabling some programs that might be running in the background. You can do this by: Press Ctrl-Alt-Del to bring up Task Manager. Click the Processes tab and select the program you want to stop from the list. Click the End Process button to stop the program. You'll want to stop any program that is running under your "profile" in the Process tab. "Local Service" , "Network Service" and "System" you'll want to leave alone..

5. Check with the games web sites for updates and patches...

Good Luck and hope this helps!


----------



## ~Candy~

Wooooop said:


> my computer crashes when i play games
> it just goes black or just freezes, dont know why
> i look on internet and its all blah blah registry errors fix them now, so i go and i get a free scan, find loads of errors, but wait! i cant fix them unless i pay to buy their product, im sure theres a way i can fix this without buying sum stupid thing. help?
> 
> comp specs im not sure bit 1.7giga hertz or watever, 37 gigs of space total, 512 megs ram i think


Your post was edited for foul language. If you wish to remain a member here, I would suggest a review of our forum rules.


----------



## Wooooop

where would i get those driver updates?


----------



## kalisun

Go into your Control Panel and then to the System and click on Hardware tab and click on Device Manager. Now in the Display Adapter, it should tell you who the manufacture, make and model is. Same for the sound, its under Sound,Video and Game Controller heading. It's not any of the Legacy or Audio drivers, but should be a manufactures like Creative Lab or ESS Technology or Advance Logic '97 or something to that effect..Then go to google type in the name,make and or model and do a search for the manufactures web site. 

Good Luck!


----------



## Wooooop

ok ill have a looksies


----------



## Wooooop

AcaCandy said:


> Your post was edited for foul language. If you wish to remain a member here, I would suggest a review of our forum rules.


SORRY


----------



## Wooooop

sorry for the late reply, ive been away, ok well ive updated the my video card, well i couldnt, it said it could not find any better suited to my hardware, and same with my audio one, :\ games still lock up and its becoming a real bother!
if anyone has any suggestions, please, fire away


----------



## 8dalejr.fan

What kind of video card does your computer have? How old (or how recent) are the drivers?


Click on Start
Go to Control Panel
Click on System
Click on the Hardware tab
Click on the + to expand Display Adapters
Double click on the first or only sub-entry
This is the name of your video card
Click on the drivers tab
Note what version of the drivers and what date they are from

Make sure you also end unnecessary background tasks (including antivirus software- temporarily) because they also have been known to crash games.

You mentioned about all these "registry errors, fix them all, blah blah blah". Was that a popup or something that your computer said? It wouldn't hurt to download Hijack This (do a Google search) and extract it to a PERMANENT folder (C:\Program Files\Hijack This). Do a system scan, post the log file here, but DON'T FIX ANYTHING YET!!!

You may have some malware or viruses that could be making things crash on you. Just a wild guess.

Also, make sure that your computer also meets all the minimum specs required to play these games. Hope this helps!


----------



## Wooooop

ok my display driver is a NVIDIA GeForce FX 5200, driver version 8.1.9.8 date is 10/12/2005
heres a hijack this report!

Logfile of HijackThis v1.99.1
Scan saved at 11:58:47 a.m., on 10/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Ben\My Documents\Downloads\xfire\Xfire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.nz/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

and yup i got the specs required to play my games! hope this report helps!


----------



## 8dalejr.fan

Hmm... your HJT log *looks* clean to me (are those FlashGet things intended downloads?)

And you already said that you're computer meets the specs and your video card drivers appear to be up to date, so I'm baffled right now...

Is this something new or have these games never worked on your computer, or did they just stop working?

It could be overheating, that's another possibility- if your computer is crashing during games. Have you made sure to check that the fan on the video card is spinning, that the case is clean and that there is plenty of ventilation?

What kind of power supply unit (PSU) do you have?

What games (names please) are you trying to play? Is it happening on all of them, a select few, or just one? I can look into the games and make sure that there are no conflicts with drivers or certain hardware components- I'm picking at straws right now. Don't know what else to say that will help.

Try those above suggestions, and let me know that info and we'll go from there.


----------



## Wooooop

hmm well i dont know what my power supply unit is, but i can say it hasnt frozen for about 48hours which is good, and i check the fan its all good, well maybe its fixed itself, but if it hasnt ill say and if anyone has ideas feel free to shoot, but thanks evry1 whos helped/tried!


----------



## Wooooop

well yep, wudnt ya know, its started freezing again! woo...
the last 2 times its frozen, i heard a faint crackling noise, and on the most recent one, (playing warcraft 3 frozen throne) a whole bunch of the colours on some units blended together and made a big streak :S


----------



## ~Candy~

Could be that your video card is overheating?


----------



## 8dalejr.fan

That's what I thought when I read his last post, but earlier he mentioned that the fan on the video card IS spinning which was something I had him check out. But just because that particular fan is spinning still doesn't necessarily mean that overheating couldn't occur. 

Make sure all your fans are working, that the case is clean, etc. You can even try keeping the side of the case opened and put a house fan nearby and see if that helps at all.


----------



## Wooooop

i only said my fans were working properly because i could hear things wurring, which i took as fans working, could i be wrong? if so how do i check? do i open the back and look inside or what?
and are there any other signs that its overheating? like the box being hot or anything?


----------



## jamescricket

just take the side panal off of your computer case, take off the left side panal actually (the one on your left when the computer case is faceing towards you)

find your video card

should look something like this

http://www.xbitlabs.com/misc/picture/?src=/images/video/nv31-nv34/a_5200_isom-b.jpg&1=1

make sure the fan, the one right on the card, is spinning

if its not, then buy a replacment fan, or a replacment heatsink & fan.

or if you dont want to do that, you could try and mount a case fan some how to get it to blow air directly onto the heatsink from as close as possible, and by close I dont mean half a foot away  I mean an inch, or even less


----------



## 8dalejr.fan

Follow jamescricket's advice. 

Even though you may hear fans spinning, they could be just case fans or processor fans- but not necessarily the fan on your video card.

Take a look at the fan on the card, even with a flashlight if you have to, and make sure it is spinning. It could be gunked up (clean it when the computer is OFF if you have to) or it may have just died or something.


----------



## Wooooop

8dalejr.fan said:


> Hmm... your HJT log *looks* clean to me (are those FlashGet things intended downloads?)
> 
> And you already said that you're computer meets the specs and your video card drivers appear to be up to date, so I'm baffled right now...
> 
> Is this something new or have these games never worked on your computer, or did they just stop working?
> 
> It could be overheating, that's another possibility- if your computer is crashing during games. Have you made sure to check that the fan on the video card is spinning, that the case is clean and that there is plenty of ventilation?
> 
> What kind of power supply unit (PSU) do you have?
> 
> What games (names please) are you trying to play? Is it happening on all of them, a select few, or just one? I can look into the games and make sure that there are no conflicts with drivers or certain hardware components- I'm picking at straws right now. Don't know what else to say that will help.
> 
> Try those above suggestions, and let me know that info and we'll go from there.


the games i play are, counter-strike source, (freezes the least) Warcraft 3 the Frozen Throne, ( the most ) Madden Nfl 2005 and NBA live 2005
:up:


----------



## Nurdle

May i suggest you try an earlier GFX driver for your card. The 8x.xx series of driver are really meant for the new 7 series of GFX cards. I have trouble with the latest 8x.xx series drivers. You should try downloading and installing v77.72 drivers.


----------



## Wooooop

um ok im a bit nervous at taking panels of my computer i dont want to wreck anything, im taking that to see the fan spinning i have to have the computer on while i take it off? it wont wreck anything?
and is there a way to fix the fan/ make it work good again rather than buy a new one? clean it etc.?


----------



## Wooooop

Nurdle said:


> May i suggest you try an earlier GFX driver for your card. The 8x.xx series of driver are really meant for the new 7 series of GFX cards. I have trouble with the latest 8x.xx series drivers. You should try downloading and installing v77.72 drivers.


k i went back and im now using driver version 7.7.7.7, should this be better?


----------



## Wooooop

i also looked inside the left side of my comp, there is no fan on the wall of it, but one fan at the back of the comp, and one fan sorta in the middle sticking out of sum wall on the right


----------



## jamescricket

you dont have to be so affraid, the components in the computer arent all that fragile


----------



## Wooooop

well ok, ive been trying to play with the sides of my computer off, it freezes still  so i dont think its overheating? it seems cool inside.


----------



## ~Candy~

Check the bios setup for PCHealth and see if you have system and cpu temps listed there.


----------



## Wooooop

umm whats that and how do i do it ?


----------



## ~Candy~

When the computer is first starting up, sometimes info scrolls across and says hit F1 for setup, or F 2? Sometimes it's the DEL key.


----------



## Wooooop

well ive decided to keep the sides of my computer off to stop overheating, but things still freeze, could it be my hardware giving out? and about how many processes should be running at a time, because a few of my friends say i have way too many processes going, but all of the are system processes and stuff, i stop all my processes from my user. :\


----------



## Wooooop

ahhh its freezing lots, sometimes now when im not playing games >< D:!


----------



## ~Candy~

Did you ever look in the bios for temperatures?


----------



## Wooooop

i had a look but couldnt find anything :\ ill check again


----------



## Wooooop

cant find anything :\


----------



## AdrianClarke

Download SpeedFan and check what your computer temp. is when idle (not doing anything), if it's high, then when playing a game will boost your CPU usage and then boost the amount of heat used.


----------



## Swiper

What motherboard do you have ?
are you overclocking at all ??

Have you updated your AGP drivers as well ( especially with via chipsets )


----------



## Wooooop

ok i downloaded speedfan, heres a screeny of it running because im a bit :S, and swiper i dont know what a motherboard or overclocking is or agp drivers 

http://img150.imageshack.us/my.php?image=speedfan5en.jpg]


----------



## Wooooop

also, to get down to low cpu usage, i often have to end explorer.exe because it takes up 99 then run it again and it runs at 0, hope this isnt bad?
also it seems that often things like explorer.exe and net browsers perform and illegal operation or something and it brings up that thing with send error report or not etc.


----------



## AdrianClarke

Wooooop said:


> ok i downloaded speedfan, heres a screeny of it running because im a bit :S, and swiper i dont know what a motherboard or overclocking is or agp drivers


Extremely hard to see the link, but i figured it out.

http://img150.imageshack.us/img150/9356/speedfan5en.jpg

Anyways, the fire means your temps. are HOT. And for some reason, it says your fans are at 0%. Hmmm...You need to end some background processes and maybe it's time to get a new Heatskin & Fan. For some reason, my Speedfan shows my temp as temp.2 and shows your to be temp 1, but you are still running at almost 50 which is too high for my liking. Are you sure your fans are running in your computer?
Edit // I want you to do this.

1. Go into device manager (Right click my computer ---> properties ---> Hardware (Tab)---> Device Manager)
2. Hit the little cross under "system devices" and find either "PCI Standard PCI-to-PCI Bridge" or VIA CPU to AGP Controller". If it is "VIA CPU to AGP2.0/AGP3.0 Controller" Then do NOT continue these steps!!!!
3. Right Click it and "update driver" it, if you cannot update it anymore then do this:

You need to download the newest driver

1.Put it on a location on your harddrive (I recommend put it in the C:/ drive) 
2.Then updating, " force " it. (Choose "Install From A List Or Specific Location (Advanced)", Then choose "Search for the best driver in these locations" and make SURE that "Include This Location In The Search:" is checked and THEN click Browse and go to where you saved the download AGP file I provided, (i told u drive C:/ was a good place to save it) and then click next and it will search and update.
3.Reboot.

I have provided the updated AGP drivers here: (AGP V4.43h)

(Credit To Swiper For This)


----------



## ~Candy~

That fan program doesn't look very reliable:

-94C?  I don't think so.


----------



## Wooooop

in devide manager, system devices i have VIA Standard CPU to PCI Bridge, i update this?

and also, after one of those windows explorer errors i sent the error report and i got to this link, i dont really understand it so heres what it has

Error caused by a device driver

Thank you for sending an error report to Microsoft.

Error report summary

Error type : Windows stop error (A message appears on a blue screen with error code information)
Solution available? : No (see Next steps)
What does this error mean? : Windows has encountered an error from which it cannot recover and needs to restart
Cause : Unknown device driver
Computer symptoms : A message appears on a blue screen with error code information (for example: e.g. 0x0000001E, KMODE_EXCEPTION_NOT_HANDLED)
Additional steps for you to take : Important: Please continue to send error reports so analysts at Microsoft can study and try to correct the problem as quickly as possible

Information about this error

You received this message because a device driver installed on your computer caused the Windows operating system to stop unexpectedly. This type of error is referred to as a "stop error." A stop error requires you to restart your computer.

Next steps

We have analyzed your error report and at this time are unable to determine the exact cause of the error. However, Microsoft will continue to analyze this error report to try to determine the specific cause of the error. If we are able to find the cause and correct it, and you encounter the same problem, you will receive an updated response that includes instructions for resolving the problem.


----------



## ~Candy~

Write down the stop error code. And any file name that may be identified with it.


----------



## Wooooop

ok adrian, i got that driver update thingymabob and hasnt frozen as of yet (20mins)  *crosses fingers*


----------



## Wooooop

ok well it took longer than usual for it to freeze this time! in the middle of a warcraft game the screen froze and i got the faint crackling noise coming into my headset again


----------



## Wooooop

error codes from what?
and is it ok for me to be ending explorer.exe because its at 99 usage all the time then starting it again and it stays at 0 usage?


----------



## ~Candy~

http://www.liutilities.com/products/wintaskspro/processlibrary/explorer/


----------



## Wooooop

>< just before after a crash i got the thing to send error report, which i only get sometimes :| and i sent it and got an error message aswell saying something, which just as i took a screeny of it, comp restarted and i lost it! ahhh sorry guys, ill try and get that error message again, :| but the error report says its some driver failure which caused a stop error, so it sounds like a driver thing?


----------



## Wooooop

hey, I tried to use windows update, but when it started to search for updates, i got an error and i cant find the solution on the site, here it is

[Error number: 0x80070424] 
The website has encountered a problem and cannot display the page you are trying to view. 
:|


----------



## ~Candy~

http://www.fermu.com/content/view/156/37/lang,us/

Try that suggestion, appears to have worked for others.


----------



## Wooooop

awesome that got windows update going again cheers, hopefully these updates help something


----------



## Wooooop

><>< 
updates didnt seem to help
i get errors every now and then saying that things need to close etc. and sometimes when im sending error reports, the sending the stops responding and everything is going slow often and ahhhh D:


----------



## ~Candy~

Overheating.


----------



## Wooooop

mmm  
here are some errors ive been getting on startup, 

Connections tray explorere.exe

in the instruction at "0x77d4bpa" referenced memory at "0x6c9bccbD" the memory could not be "read"

ok to terminate programme
cancel to debug

and the attached.

also after sending an error report i got this page 

Corrupted error report

Thank you for submitting an error report.

Problem description

Unfortunately, the error report you submitted is corrupted and cannot be analyzed. Corrupted error reports are rare. They can be caused by hardware or software problems, and they usually indicate a serious problem with your computer.

Troubleshooting

Scenario 1: If this is the first corrupted error report for this computer

* Note any programs you have recently added your computer.

To check for recently added programs:

1. Click Start, click Control Panel, and then click Add or Remove Programs.

2. In the Sort by drop-down box, select Date Last Used, and then select Show updates.

3. The Last Used On date typically shows when you installed a program. If you installed an update to a program, you will see an Installed on date. 

* Note any hardware you have recently added to your computer, including random access memory (RAM), video cards, sound cards, or hard drives.
* Make sure that you have a good backup copy of your files. To make a backup of your files, you can use the Backup or Restore Wizard.

To start the Backup or Restore Wizard:

1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click Backup.

2. Follow the wizard to back up your files.

Scenario 2: If the corrupted error reports are persistent

* Note any changes made to your computer, including both hardware devices and software programs, that preceded the onset of crashes and persistent error reports.

To check for recently added programs:

1. Click Start, click Control Panel, and then click Add or Remove Programs.

2. In the Sort by drop-down box, select Date Last Used, and then select Show updates.

3. The Last Used On date typically shows when you installed a program. If you installed an update to a program, you will see an Installed on date. 

* Run any diagnostic tests supplied by the hardware manufacturer to verify that recently added hardware devices are operating properly. This is especially important if you recently added or changed random access memory (RAM) in your system. New or changed memory should also be tested with the Windows memory diagnostic test after using the manufacturer's test.
* If there are recent software changes to your computer, you can use System Restore to restore your computer's system files to an earlier point in time. This provides a way to undo system changes to your computer without affecting your personal files, such as e-mail, documents, or photos.

To run the System Restore wizard:

1. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
2. Follow the directions in the wizard.


Microsoft is interested in your opinions about Windows Error Reporting so that we can continue to serve you better. Please take a few minutes to complete the following anonymous survey.
GoTake Survey

You can track this error report by clicking the Track this error report link. If you choose to track your error report, you will be notified of resolutions to this problem as they are identified.
GoTrack this error report

it takes me quite a few restarts to get the computer going with out it freezing straight away D:     :down: 
so overheating you think?


----------



## ~Candy~

If this happens only when you are playing games, my bet is on overheating.

If it happens while you are doing nothing, then we have another issue.


----------



## Wooooop

yeah it happens with anything :\, i think i said it earlier, if not, my apologies.


----------



## ~Candy~

Are you able to take the side off the case and check fans, etc.?


----------



## Wooooop

yeah the sides are off right now, the 2 fans are going.


----------



## ~Candy~

And you double checked your bios setup, and there is no setting there for PCHealth to see the cpu temp? 

How old is the computer?


----------



## Wooooop

well im not really sure if im gettin to the right thing when i try to check, i dont know what button to press, ive tried pressing a varity of buttons and i get to different things, one of them is a blue box comes up saying what drive i want to load or something?


----------



## Wooooop

CPU temp 67 c / 113 F (cant do that little o thing)
CPU Fan Speed 5200rpm changing around to 5400rpm from what i saw
System Fan Speed 0rpm

thats all the stuff i could find that had to do with temperature.


----------



## ~Candy~

I think 67 C is a tad too hot. As an example, my P4 2.8 is running around 40ish. I know AMDs run hotter, but I seriously think that is your problem.

You probably should replace the cooling compound ontop of the cpu.


----------



## Wooooop

your right, it is probably overheating, but it seems really that only warcraft 3 frozen throne makes it freeze, others very rarly but wc3 very often, heres an error log from the errors folder of tft.

==============================================================================
Warcraft III (build 6065)

Exe: c:\program files\warcraft iii\war3.exe
Time: Feb 11, 2006 12:28:17.906 PM
User: Ben
Computer: ABRAHAM5
------------------------------------------------------------------------------

This application has encountered a critical error:

FATAL ERROR!

Program:	c:\program files\warcraft iii\war3.exe
Exception:	0xC0000090 (FLT_INVALID_OPERATION) at 001B:77C54E31

Played Maps\Download\Footmen Frenzy v4.2.w3x
Player 0 DriftX Race Human	StartLoc 0
Player 1 Steelmill Race Human	StartLoc 1
Player 2 Wooooop Race Human	StartLoc 2
Player 3 killer-ofwc Race Human	StartLoc 3
Player 4 DontHackMe Race Human	StartLoc 4
Player 5 carter12 Race Human	StartLoc 5
Player 6 chu12ch Race Human	StartLoc 6
Player 7 Mr.Deadman06923 Race Human	StartLoc 7
Player 8 footlord Race Human	StartLoc 8
Player 9 KiLlA.4 Race Human	StartLoc 9
Player 10 LifesButAShadow Race Human	StartLoc 10
Player 11 ReaperofDeath Race Human	StartLoc 11
------------------------------------------------------------------------------

----------------------------------------
x86 Registers
----------------------------------------

EAX=0000177F EBX=0000027F ECX=0000027F EDX=00000000 ESI=0000FFFF
EDI=0FCF1C0C EBP=0012F118 ESP=0012F100 EIP=77C54E41 FLG=00210202
CS =001B DS =0023 ES =0023 SS =0023 FS =003B GS =0000

----------------------------------------
Stack Trace (Manual)
----------------------------------------

Address Frame Logical addr Module

77C54E41 0012F118 0001:00043E41 C:\WINDOWS\system32\msvcrt.dll
6F0D89F4 0012F158 0001:000D79F4 c:\program files\warcraft iii\Game.dll
6F02E22E 0012F1B0 0001:0002D22E c:\program files\warcraft iii\Game.dll
6F02EA79 0012F1F8 0001:0002DA79 c:\program files\warcraft iii\Game.dll
6F02E9D3 0012F284 0001:0002D9D3 c:\program files\warcraft iii\Game.dll
6F00C239 0012F2F8 0001:0000B239 c:\program files\warcraft iii\Game.dll
6F00BF53 0012F310 0001:0000AF53 c:\program files\warcraft iii\Game.dll
6F03D652 0012F3C4 0001:0003C652 c:\program files\warcraft iii\Game.dll
00447ACB 0012F3F8 0001:00046ACB c:\program files\warcraft iii\war3.exe
004448CF 0012F468 0001:000438CF c:\program files\warcraft iii\war3.exe
00444451 0012F57C 0001:00043451 c:\program files\warcraft iii\war3.exe
00401219 0012F628 0001:00000219 c:\program files\warcraft iii\war3.exe
00401D68 0012F6C4 0001:00000D68 c:\program files\warcraft iii\war3.exe
0012FFB0 0012FF34 0000:00000000 <unknown>
004DF148 0012FFC0 0004:0007C148 c:\program files\warcraft iii\war3.exe
7C816D4F 0012FFF0 0001:00015D4F C:\WINDOWS\system32\kernel32.dll

----------------------------------------
Stack Trace (Using DBGHELP.DLL)
----------------------------------------

77C54E41 msvcrt.dll modf+17921 (0xF0000000,0x3FEDF03D,0x0FCF1C0C,0x15751404)
6F0D89F4 Game.dll <unknown symbol>+0 (0xC37A1CBE,0x43DF03DF,0xC2725D2F,0x15751404)
6F02E22E Game.dll <unknown symbol>+0 (0x0FCF1C0C,0x00000000,0x0000006C,0xFFFFFFFF)
6F02EA79 Game.dll <unknown symbol>+0 (0x0B0300B0,0x6F02DBB4,0x6F17C841,0x6F84BB30)
6F02E9D3 Game.dll <unknown symbol>+0 (0x00000000,0x04040098,0x00000000,0x00F80128)
6F00C239 Game.dll <unknown symbol>+0 (0x00000000,0x04040080,0x80000000,0x3F800000)
6F00BF53 Game.dll <unknown symbol>+0 (0x04040098,0x3D7DF3B7,0x0012F3D8,0x00F80128)
6F03D652 Game.dll <unknown symbol>+0 (0x00F600C8,0x00F600B8,0x00000000,0x00F80128)
00447ACB war3.exe <unknown symbol>+0 (0x00000000,0x00000102,0x00F600B8,0x00000000)
004448CF war3.exe <unknown symbol>+0 (0x00000000,0x6F006007,0x705C3A63,0x72676F72)
00444451 war3.exe <unknown symbol>+0 (0x6F000000,0x00403000,0x001423A1,0x00000000)
00401219 war3.exe Ordinal12+4618 (0x00400000,0x00000000,0x001423A1,0x0000000A)
00401D68 war3.exe II+2248 (0x004630C0,0x77D4FD38,0x00000000,0x7FFDB000)
0012FFB0 <unknown module> <unknown symbol>+0 (0x00400000,0x00000000,0x001423A1,0x0000000A)
004DF148 war3.exe <unknown symbol>+0 (0x77D4FD38,0x00000000,0x7FFDB000,0x8054A938)
7C816D4F kernel32.dll RegisterWaitForInputIdle+73 (0x004DF07A,0x00000000,0x78746341,0x00000020)

----------------------------------------
Loaded Modules
----------------------------------------

0x00400000 - 0x0057D000 war3.exe
0x0FFD0000 - 0x0FFF8000 rsaenh.dll
0x10000000 - 0x10016000 CmdLineExt02.dll
0x15000000 - 0x15067000 storm.dll
0x20000000 - 0x202C5000 xpsp2res.dll
0x21100000 - 0x2115F000 mss32.dll
0x22600000 - 0x22616000 Mssfast.m3d
0x22700000 - 0x22717000 Mssdolby.m3d
0x22C00000 - 0x22C18000 Msseax2.m3d
0x24600000 - 0x24611000 Reverb3.flt
0x26F00000 - 0x26F2A000 Mp3dec.asi
0x4D4F0000 - 0x4D548000 WINHTTP.dll
0x59A60000 - 0x59B01000 dbghelp.dll
0x5AD70000 - 0x5ADA8000 uxtheme.dll
0x5B0A0000 - 0x5B0A7000 umdmxfrm.dll
0x5B860000 - 0x5B8B4000 netapi32.dll
0x5CD70000 - 0x5CD77000 serwvdrv.dll
0x5D090000 - 0x5D127000 COMCTL32.dll
0x5ED00000 - 0x5EDCC000 OPENGL32.dll
0x60000000 - 0x6005D000 ijl15.dll
0x605D0000 - 0x605D9000 mslbui.dll
0x662B0000 - 0x66308000 hnetcfg.dll
0x68B20000 - 0x68B40000 GLU32.dll
0x6D990000 - 0x6D996000 d3d8thk.dll
0x6D9A0000 - 0x6DAC8000 d3d8.dll
0x6F000000 - 0x6F924000 Game.dll
0x71A50000 - 0x71A8F000 mswsock.dll
0x71A90000 - 0x71A98000 wshtcpip.dll
0x71AA0000 - 0x71AA8000 WS2HELP.dll
0x71AB0000 - 0x71AC7000 WS2_32.dll
0x71AD0000 - 0x71AD9000 wsock32.dll
0x71BF0000 - 0x71C03000 SAMLIB.dll
0x722B0000 - 0x722B5000 SensApi.dll
0x72D10000 - 0x72D18000 msacm32.drv
0x72D20000 - 0x72D29000 wdmaud.drv
0x73760000 - 0x737A9000 DDRAW.dll
0x73BC0000 - 0x73BC6000 DCIMAN32.dll
0x73F10000 - 0x73F6C000 DSOUND.DLL
0x74720000 - 0x7476B000 MSCTF.dll
0x75E60000 - 0x75E73000 cryptnet.dll
0x76390000 - 0x763AD000 imm32.dll
0x763B0000 - 0x763F9000 comdlg32.dll
0x769C0000 - 0x76A73000 userenv.dll
0x76B40000 - 0x76B6D000 winmm.dll
0x76C30000 - 0x76C5E000 WINTRUST.dll
0x76C90000 - 0x76CB8000 IMAGEHLP.dll
0x76F20000 - 0x76F47000 DNSAPI.dll
0x76F60000 - 0x76F8C000 WLDAP32.dll
0x76FB0000 - 0x76FB8000 winrnr.dll
0x76FC0000 - 0x76FC6000 rasadhlp.dll
0x76FD0000 - 0x7704F000 CLBCATQ.DLL
0x77050000 - 0x77115000 COMRes.dll
0x77120000 - 0x771AC000 OLEAUT32.dll
0x771B0000 - 0x77256000 wininet.dll
0x773D0000 - 0x774D2000 comctl32.dll
0x774E0000 - 0x7761D000 ole32.dll
0x77690000 - 0x776B1000 NTMARTA.DLL
0x77A80000 - 0x77B14000 CRYPT32.dll
0x77B20000 - 0x77B32000 MSASN1.dll
0x77BD0000 - 0x77BD7000 midimap.dll
0x77BE0000 - 0x77BF5000 MSACM32.dll
0x77C00000 - 0x77C08000 VERSION.dll
0x77C10000 - 0x77C68000 msvcrt.dll
0x77D40000 - 0x77DD0000 user32.dll
0x77DD0000 - 0x77E6B000 ADVAPI32.dll
0x77E70000 - 0x77F01000 RPCRT4.dll
0x77F10000 - 0x77F57000 GDI32.dll
0x77F60000 - 0x77FD6000 SHLWAPI.dll
0x77FE0000 - 0x77FF1000 secur32.dll
0x7C800000 - 0x7C8F4000 kernel32.dll
0x7C900000 - 0x7C9B0000 ntdll.dll
0x7C9C0000 - 0x7D1D5000 SHELL32.dll

----------------------------------------
Memory Dump
----------------------------------------

Code: 16 bytes starting at (EIP = 77C54E41)

77C54E41: DD 45 F8 59 59 EB 22 F6 C3 20 75 ED DD 45 F8 53 .E.YY.".. u..E.S

Stack: 1024 bytes starting at (ESP = 0012F100)

* = addr ** * 
0012F100: 7F 02 00 00 7F 02 ED 3F 00 00 00 00 00 00 00 00 .......?........
0012F110: 00 00 00 00 00 00 00 00 58 F1 12 00 F4 89 0D 6F ........X......o
0012F120: 00 00 00 F0 3D F0 ED 3F 0C 1C CF 0F 04 14 75 15 ....=..?......u.
0012F130: C4 56 3D 04 6C 59 72 08 00 00 00 00 C0 00 56 01 .V=.lYr.......V.
0012F140: B8 00 53 01 E1 8B 00 00 08 00 00 00 00 00 00 00 ..S.............
0012F150: 98 F1 12 00 E2 ED 02 6F B0 F1 12 00 2E E2 02 6F .......o.......o
0012F160: BE 1C 7A C3 DF 03 DF 43 2F 5D 72 C2 04 14 75 15 ..z....C/]r...u.
0012F170: 0C 1C CF 0F 01 00 00 00 01 00 00 00 0B 00 00 00 ................
0012F180: 01 00 00 00 01 00 00 00 E4 1A CF 0F 48 C6 EB 12 ............H...
0012F190: 24 00 00 00 C4 56 3D 04 00 00 00 00 6B 00 00 00 $....V=.....k...
0012F1A0: FF FF FF FF BE 1C 7A C3 DF 03 DF 43 2F 5D 72 C2 ......z....C/]r.
0012F1B0: F8 F1 12 00 79 EA 02 6F 0C 1C CF 0F 00 00 00 00 ....y..o........
0012F1C0: 6C 00 00 00 FF FF FF FF 00 00 80 3F 00 00 00 00 l..........?....
0012F1D0: 00 00 00 00 00 00 00 00 00 00 80 3F BC C5 F2 0F ...........?....
0012F1E0: DC F0 12 00 00 00 00 00 B4 F6 12 00 72 70 63 6F ............rpco
0012F1F0: A8 7F 70 6F 00 00 00 00 84 F2 12 00 D3 E9 02 6F ..po...........o
0012F200: B0 00 03 0B B4 DB 02 6F 41 C8 17 6F 30 BB 84 6F .......oA..o0..o
0012F210: B0 00 03 0B 9A 99 19 3F 0B C2 00 6F 30 BB 84 6F .......?...o0..o
0012F220: B0 00 02 0B 74 57 2A 04 00 00 00 00 B8 1E 05 3E ....tW*........>
0012F230: CD CC 4C 3F E2 7A 14 3F 00 00 00 00 00 00 00 00 ..L?.z.?........
0012F240: E2 7A 14 3F CD CC 4C 3F 00 00 00 00 00 00 00 00 .z.?..L?........
0012F250: 9A 99 19 3F CD CC 4C 3F 00 00 00 00 00 00 00 00 ...?..L?........
0012F260: 9A 99 19 3F CD CC 4C 3F 00 00 00 00 00 00 00 00 ...?..L?........
0012F270: 00 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 ................
0012F280: 00 00 80 3F F8 F2 12 00 39 C2 00 6F 00 00 00 00 ...?....9..o....
0012F290: 98 00 04 04 00 00 00 00 28 01 F8 00 00 00 00 00 ........(.......
0012F2A0: 00 00 00 00 CD CC 4C 3F 9A 99 19 3F 00 00 00 00 ......L?...?....
0012F2B0: 00 00 00 00 9A 99 19 3F CD CC 4C 3F 00 00 00 00 .......?..L?....
0012F2C0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0012F2D0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0012F2E0: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 ................
0012F2F0: 01 00 00 00 00 00 80 3F 10 F3 12 00 53 BF 00 6F .......?....S..o
0012F300: 00 00 00 00 80 00 04 04 00 00 00 80 00 00 80 3F ...............?
0012F310: C4 F3 12 00 52 D6 03 6F 98 00 04 04 B7 F3 7D 3D ....R..o......}=
0012F320: D8 F3 12 00 28 01 F8 00 00 00 80 3F 00 00 00 00 ....(......?....
0012F330: 00 00 00 00 00 00 00 00 00 00 80 3F 00 00 00 00 ...........?....
0012F340: 00 00 00 00 00 00 00 00 00 00 80 3F 00 00 00 00 ...........?....
0012F350: 00 00 00 00 00 00 00 00 00 00 20 40 00 00 00 00 .......... @....
0012F360: 00 00 00 00 00 00 00 00 00 00 00 00 55 55 55 40 [email protected]
0012F370: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0012F380: 6F 12 83 3B 00 00 00 00 00 00 80 BF 00 00 80 BF o..;............
0012F390: 00 00 80 BF 00 00 80 3F 00 00 00 00 00 00 00 00 .......?........
0012F3A0: 00 00 80 3F 00 00 80 3F 00 00 80 3F 00 00 00 00 ...?...?...?....
0012F3B0: 00 00 80 3F 00 00 00 00 00 00 80 3F 00 00 00 00 ...?.......?....
0012F3C0: 65 38 FB 0A F8 F3 12 00 CB 7A 44 00 C8 00 F6 00 e8.......zD.....
0012F3D0: B8 00 F6 00 00 00 00 00 28 01 F8 00 1B FE 09 FF ........(.......
0012F3E0: C0 00 00 00 CB 0B A7 00 00 00 00 00 01 00 00 00 ................
0012F3F0: 11 00 00 00 E0 01 F6 00 68 F4 12 00 CF 48 44 00 ........h....HD.
0012F400: 00 00 00 00 02 01 00 00 B8 00 F6 00 00 00 00 00 ................
0012F410: D1 45 44 00 77 1D 80 7C 00 00 00 6F 28 AC 80 7C .ED.w..|...o(..|
0012F420: 45 6E 67 69 6E 65 20 63 37 30 00 00 10 B1 44 00 Engine c70....D.
0012F430: 72 6F 67 72 94 20 00 00 58 F4 12 00 07 60 00 6F rogr. ..X....`.o
0012F440: 02 00 00 00 B4 F6 12 00 77 1D 80 7C 94 EB 90 7C ........w..|...|
0012F450: 7C E5 90 7C 7C E5 90 7C 38 9C 80 7C 94 20 00 00 |..||..|8..|. ..
0012F460: 6C 5A 61 00 00 00 00 00 7C F5 12 00 51 44 44 00 lZa.....|...QDD.
0012F470: 00 00 00 00 07 60 00 6F 63 3A 5C 70 72 6F 67 72 .....`.oc:\progr
0012F480: 61 6D 20 66 69 6C 65 73 5C 77 61 72 63 72 61 66 am files\warcraf
0012F490: 74 20 69 69 69 5C 4C 6F 67 73 00 65 78 65 00 7F t iii\Logs.exe..
0012F4A0: F0 34 24 00 58 E4 80 7C 00 21 7E 6F F8 E5 80 7C .4$.X..|.!~o...|
0012F4B0: 00 35 24 00 84 F5 12 00 00 00 00 6F 00 00 00 00 .5$........o....
0012F4C0: D8 F4 12 00 D8 F4 12 00 00 00 00 00 44 00 00 00 ............D...
0012F4D0: F0 34 24 00 A0 5F 00 6F 00 00 47 61 6D 65 4D 61 .4$.._.o..GameMa
0012F4E0: 69 6E 00 7C FF FF FF FF 6D 05 91 7C E6 1B 80 7C in.|....m..|...|
0012F4F0: 00 00 14 00 00 00 00 00 F6 1B 80 7C 77 1D 80 7C ...........|w..|

------------------------------------------------------------------------------

get anything from that? i sure dont but i thought maybe you could read something into it.


----------



## ~Candy~

Mostly Greek to me, but a similar error posted here:

http://67.19.39.135/forums/printthread.php?t=28180

suggested that reverting back to older video drivers fixed the problem.


----------



## Wooooop

it seems most crashes have settled down, except for warcraft! ahhh


----------



## Wooooop

alright, i turned off the automatic restart option so i could get some blue screens with some info you guys might be able to use. 
I just got one and heres the technical stuff it had

DRIVER_IRQL_NOT_LOSS_OR_EQUAL

***Stop:0x000000D1 (0x0007FFF4, 0x00000002, 0x00000000, 0xF7878F3F)

USBPORT.SYS ADRESS F7878F3R BASE AT F7860000 DATESTAMP 41107D62

the rest was english talking about restarting to stop further damage, i think something about a driver maybe?

help with my evergoing struggle
cheers guys and/or gals


----------



## nekros

how about a memory problem to do some basic tests try 3d mark 2001 and after that on internet try to find HIRENS BOOT CD 8.0...and pray that you dont have some kind of hardware prob


----------



## Wooooop

I had a look at nvidiea faq and there was something about preferred bios settings for nvidea graphics cards or something, so i wrote down the settings and went to bios in hope to change something, but looking down the list of preferred settings i couldn't find any of the settings anywhere in the bios so i couldn't change anything. 
Do I have a bad bios or something of the kind?


----------



## Wooooop

As for updating my sound drivers I'm not sure what do to, I cant use this windows thing where you right click on the device and go update driver, as that NEVER finds an update for anything even If i search myself and find one. Under sound, video and game controllers (which sounds like sound stuff)I have a have a range of things:
Audio Codecs, Legacy Audio Drivers, Legacy Capture Video Devices, Media Control Devices, MPU-401 Compatible MIDI Device, Standard Game Port, Unimodem Half-Duplex Audio Device, Video Codecs and Vinyl AC'97 Codec Combo Driver.
Whats my sound driver and where do i go to update it?


----------



## kalisun

If you have a brand name sound card like Creative Sound Blaster you can go to thier web site. If the sound is intergrated in your board then you might have better luck at the motherboard web site...


----------



## ~Candy~

Looks like the USB port is doing the crashing...........

Perhaps?

http://support.microsoft.com/?kbid=822603


----------



## Wooooop

ok i dled 3dmark 2001, but i don't understand it, help?
And how does a USB port crash? What can i do about it?


----------



## Wooooop

Update:
I dled the latest nvidiea display driver forceware 84.21 i think, tried it and still crashed. My computer is pretty old and maybe the latest driver is too much for my video card? are there any drivers that are supposed to be about right for gefore fx 5200 or will all the drivers be fine?
Note:
Warcraft 3 crashes the most frequently, it FREEZES rather than restarting the computer / blue screen, and often some of the colours onscreen blur or smudge.
NBA Live 2006 playing with a usb game controller crashes 2nd most, it mostly restarts / blue screen but sometimes freezes, never with colour smudge.
Counter Strike source freezes very infrequently, and it is pretty much always freeze, but no colour smudge, rarely it does a restart / blue screen.
Age of Wonders : Shadow Magic, (run in a window) same as cs:s
Maybe this helps, dunno hope it does, cheers for help so far guys.


----------



## Wooooop

Ok, i ran the benchmark test with 3dmark 2001 and it froze part way through, i rebooted and after reading another thread i went to the event viewer and found the error, or an error at the excat time It crashed.
it reads:

The COM+ Event System detected a bad return code during its internal processing. HRESULT was C0000005 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

hope it helps.


----------



## Wooooop

OK more news,
I dled HD Tune 2.52 and ran the error scan, it completed and it had about 10 red blocks, about 0.4%, is that a problem? it didnt't say anything bad or to fix it.
I then ran the benchmark and at about 70% on the X axis an error came up
Read Error!
Test aborted

and the test stopped.
Just keeping you informed! hope this helps


----------



## Wooooop

Okiedokie
I just ran memtest for about 40-45mins and came up with no errors.


----------



## Wooooop

Wooooop said:


> Ok, i ran the benchmark test with 3dmark 2001 and it froze part way through, i rebooted and after reading another thread i went to the event viewer and found the error, or an error at the excat time It crashed.
> it reads:
> 
> The COM+ Event System detected a bad return code during its internal processing. HRESULT was C0000005 from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
> 
> For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
> 
> hope it helps.


 i got one for cs:s, nba live 2006, wc3 tft and rc3 RoC and they were all identical to this one. That message is my problem perhaps?

I don't believe it is overheating causing the problem, when i run with case sides off it still freezes and when i run a game in a window and have motherboard monitor running the temp is around 60 or a little below and when it freezes the temp is not the max that it has been.


----------



## Wooooop

actually scratch that theory that thats the problem, i found that was an error caused when you restart / boot up with msn messenger set to start up apon windows starting so i fixed that.


----------



## ssabfoeca

ok im not sure if you have a good reg cleaner as i skipped from page 1 to 4 but a good reg cleaner to use is Tweaknow RegCleaner

that should solve what ever problems you have with the registery and as for cpu temp that is extremely hot,

my 1800+ is clocked to 2100+ and its only running at 51oc, and i know my computer dies if it hits 65 so i would advise on a new cooler or more case fans. hope this helps

EDIT: maybe i should have realised that there was 6 pages :/


----------



## Wooooop

hah cheers, that reg cleaner apparantly safely deleted 106 errors, that's gotta be good for you, doubt that will stop the freezing though.


----------



## Wooooop

heres a htj log, because im gettin some annoying things in task manager when i start up.
freezing .... >_< probably overheating, should try to get a fan or something

Logfile of HijackThis v1.99.1
Scan saved at 11:13:02 p.m., on 16/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ejeslajtej.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\gebcbyw.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Recylinder Check] ejeslajtej.exe
O4 - HKLM\..\RunServices: [Windows Recylinder Check] ejeslajtej.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145230815890
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: gebcbyw - C:\WINDOWS\SYSTEM32\gebcbyw.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


----------



## ssabfoeca

i take it you are on about "C:\WINDOWS\system32\ejeslajtej.exe" ?

to make sure that this isnt loading at start up, go to run on the start menu, one it has loaded type "msconfig" go to the "start up" and uncheck the check box next to this file, you can check that this is the file by looking at the directory next to the file name. 

hope this helps


----------



## Wooooop

cheers, when i went there, that ejeslajtej and a bunch of other annoying ones that comes up sometimes were all there under the same directory HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

a bunch of the good normal ones where under SOFTWARE\Microsoft\Windows\CurrentVersion\Run.... no HKLM, so I'm thinking these are baddies, do you reccomend deleting them? or how to find the HKLM folder?
Infact the whole thing looks very confusing, lots of directories that are :SSSSS
Is there anyway to maximize that little window so i can see all of it at once and take a screeny for you?


----------



## ssabfoeca

no i would not suggest deleteing them lol HKLM is referring to registery keys and they should not be deleted. if you want to delete the annoyances the easiest way to do so is to do a search for each of their names and once found, delete the file. alot of them may be found in the C:\windows\system32 folder like the one i pointed out before. 

but dont delete any registeries lol.


----------



## Wooooop

lol k


----------



## ~Candy~

O4 - HKLM\..\Run: [Windows Recylinder Check] ejeslajtej.exe
O4 - HKLM\..\RunServices: [Windows Recylinder Check] ejeslajtej.exe

I don't recall seeing that in your earlier log.

I've asked someone else to take a look.

Edited for typo only.


----------



## Cookiegal

Please download *VundoFix.exe* to your desktop.
Double-click *VundoFix.exe* to run it.
Put a check next to *Run VundoFix as a task.*
You will receive a message saying vundofix will close and re-open in a minute or less. Click *OK*
When VundoFix re-opens, click the *Scan for Vundo* button.
Once it's done scanning, click the *Remove Vundo* button.
You will receive a prompt asking if you want to remove the files, click *YES*
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click *OK*.
Turn your computer back on.
Please post the contents of C:\*vundofix.txt* and a new HijackThis log.

When you post your next log, be sure everything is checked in msconfig. We have to see the bad guys to be able to kill them.


----------



## Wooooop

OkieDokie, I think this is what you asked for.. I already did what ssabfoeca said and went to system32 folder and deleted ejeslajtej.exe. But here it is.

Checking Java version...

Java version is 1.5.0.6

Scan started at 11:22:02 a.m. 18/06/2006

Listing files found while scanning....

C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak2
C:\WINDOWS\system32\ilnmp.ini
C:\WINDOWS\system32\pmnli.dll
Attempting to delete C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilnmp.bak2
C:\WINDOWS\system32\ilnmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilnmp.ini
C:\WINDOWS\system32\ilnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnli.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 11:28:09 a.m., on 18/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\AIM\AIMWDI~1.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {C4DFD831-057E-4970-A7AB-AEFCBD8C4129} - C:\WINDOWS\system32\pmnli.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [winupdt] RUNDLL32.EXE c:\windows\pftwain.dll,_mainRD
O4 - HKLM\..\Run: [Windows Recylinder Check] ejeslajtej.exe
O4 - HKLM\..\Run: [WebControl Media] C:\WINDOWS\system32\dplatpus.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [csrss] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\RunServices: [Windows Recylinder Check] ejeslajtej.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1145230815890
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)


----------



## Cookiegal

Download the trial version of Ewido Anti-Malware *here*.
Install ewido.
During the installation, under "Additional Options" *uncheck* "Install background guard" and "Install scan via context menu".
Launch ewido
It will prompt you to update click the OK button and it will go to the main screen
On the left side of the main screen click *update*
Click on *Start* and let it update.
*DO NOT* run a scan yet. You will do that later in safe mode.

If you are having problems with the updater, you can use this link to manually update ewido:

ewido manual updates

*Click here* for info on how to boot to safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:

Run Ewido:
Click on *scanner*
Click *Complete System Scan* and the scan will begin.
During the scan it will prompt you to clean files, click *OK*
When the scan is finished, look at the bottom of the screen and click the *Save report* button.
Save the report to your desktop

Restart back into Windows normally now.

Run ActiveScan online virus scan *here*

When the scan is finished, save the results from the scan!

*Come back here and post a new HijackThis log, as well as the logs from the Ewido and Panda scans.*


----------



## Wooooop

Ok I'll do that, but one thing is confusing me, I believe the cause for the crashes is overheating, but its strange. My Bios settings when im booting up say that temp is about 60-70 degrees celcius, but when i download motherboard monitor it says about 50, and various other programmes all say various things from 45 to 70 celcius, what is more likely to be correct?


----------



## Cookiegal

I'm afraid I can't advise you about those temperatures and which is most accurate but there definitely is infection in your log so we need to take care of that.


----------



## ~Candy~

60 to 70C is WAY too hot, especially if you have an Intel chip. I'd believe my bios first over any downloaded software.


----------



## Wooooop

Ok heres the hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 7:07:14 p.m., on 20/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

Heres ewido scan results:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:31:38 p.m., 19/06/2006
+ Report-Checksum: FB88D40A

+ Scan result:

C:\Documents and Settings\Cliff\Local Settings\Temporary Internet Files\Content.IE5\12UMTU7T\spread[1].exe -> Trojan.VB.abv : Cleaned with backup
C:\Documents and Settings\Phillippa\Local Settings\Temporary Internet Files\Content.IE5\G1O54N6L\spread[1].exe -> Trojan.VB.abv : Cleaned with backup
C:\Documents and Settings\Ryan\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Ryan\Local Settings\Application Data\Mozilla\Firefox\Profiles\default.2bi\Cache\9E50ABB3d01 -> Backdoor.Rbot : Cleaned with backup
C:\Documents and Settings\The Queen\Cookies\the [email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\The Queen\Cookies\the [email protected][1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\The Queen\Cookies\the [email protected][1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\The Queen\My Documents\HijackThis\backups\backup-20060403-193152-748.dll -> Downloader.Zlob.kk : Cleaned with backup
C:\myspac.exe -> Trojan.VB.abv : Cleaned with backup
C:\Program Files\Cowabanga\Cowabanga.exe -> Adware.MediaTicket : Cleaned with backup
C:\Program Files\Media-Codec -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup
 C:\WINDOWS\system32\csrsview.dll -> Backdoor.PPdoor.bq : Cleaned with backup

::Report End

Heres the Panda activescan results:

Incident Status Location

Adware:adware/securityerror Not disinfected C:\Documents and Settings\Ben\Favorites\Antivirus Test Online.url 
Adware:adware/spyaxe Not disinfected Windows Registry 
Adware:adware/cws Not disinfected Windows Registry 
Adware:adware/ncase Not disinfected Windows Registry 
Adware:Adware/PurityScan Not disinfected C:\insllre.exe 
Adware:Adware/PurityScan Not disinfected C:\Program Files\Cowabanga\uninstaller.exe 
Virus:Trj/SrchSpy.G Disinfected C:\WINDOWS\system32\gdqjxxcy.exe 
Virus:Trj/SrchSpy.G Disinfected C:\WINDOWS\system32\gnucgfpv.exe 
Virus:Trj/SrchSpy.G Disinfected C:\WINDOWS\system32\pkpukcwg.exe 
Virus:Trj/SrchSpy.G Disinfected C:\WINDOWS\system32\pnaeibur.exe 
Virus:Trj/SrchSpy.G  Disinfected C:\WINDOWS\system32\puneeslu.exe 
Virus:Trj/SrchSpy.G Disinfected C:\WINDOWS\system32\sidwkntu.exe 
Virus:Trj/SrchSpy.G Disinfected C:\WINDOWS\system32\sxjaaaaa.exe

There you go, hope that helps.


----------



## Cookiegal

Run this uninstaller:

http://www.outerinfo.com/OiUninstaller.exe

Please download *SmitfraudFix* (by *S!Ri*)

Extract (unzip) the content (a folder named *SmitfraudFix*) to your Desktop. *This is imperative for the tool to function properly.* If using a utility such as winzip you will have to direct it there as it will not unzip to the desktop by default. The desination location should look like this (C: being your primary drive): *C:\Documents and Settings\User\Desktop\SmitfraudFix*

Open the *SmitfraudFix* folder and double-click *smitfraudfix.cmd*
Select option #1 - *Search* by typing *1* and press "*Enter*"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

*Note* : *process.exe* is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm


----------



## Wooooop

Ok Cookiegal here you go

SmitFraudFix v2.63

Scan done at 17:26:42.70, Wed 21/06/2006
Run from C:\Documents and Settings\Ben\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ben\Application Data

C:\Documents and Settings\Ben\Application Data\Install.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ben\FAVORI~1

C:\DOCUME~1\Ben\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\SpywareQuake.com\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://oz.games-workshop.com/warhammerworld/images/leather-background-2.gif"
"SubscribedURL"="http://oz.games-workshop.com/warhammerworld/images/leather-background-2.gif"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}"="Reload Browse"

[HKEY_CLASSES_ROOT\CLSID\{E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}\InProcServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}"="XenaDot Software"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End


----------



## Nurdle

OK something is definatley wrong here. Regarding temps tho...... When was the last time you cleaned out your computer of all dust?

Also make sure all fans and heatsinks are clean and blowing in the correct direction. For example I had a computer to repair the other week that had the CPU fan blowing the wrong way.


----------



## Cookiegal

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in *Safe Mode* by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the *SmitfraudFix* folder again and double-click *smitfraudfix.cmd*
Select option #2 - *Clean* by typing *2* and press "*Enter*" to delete infected files.

You will be prompted: "Registry cleaning - Do you want to clean the registry?"; answer "Yes" by typing *Y* and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if *wininet.dll* is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing *Y* and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.

A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply along with a new HijackThis log.

The report can also be found at the root of the system drive, usually at *C:\rapport.txt*

Warning: running option #2 on a non infected computer will remove your Desktop background.


----------



## Jrand26

I dont know if this will help but you said before you ran memtest for 20-25 mins and it did'nt get any errors. I ran mine for 3hours before it detected my faulty ram.You should leave it run while you sleep one night. Hope this helps


----------



## ~Candy~

After 3 hours you probably overheated it


----------



## Wooooop

yeah aca candy is right. I recently got in there and cleaned some dust off the heatsink and off lots of other stuff. I can now play for a good 2 hours before it overheats which is a start. then i have to turn it off for a while and let it cool down again. and yeah ill try to run memtest for longer. Cookiegal ill get to you soon with that report, im very busy at moment, speaking of which i g2g for now!
Cheers guys and/or girls


----------



## Cookiegal

:up:


----------



## Wooooop

Okiedokie here we go Cookiegal,
Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 9:50:10 a.m., on 25/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

Rapport:

SmitFraudFix v2.63

Scan done at 9:44:03.96, Sun 25/06/2006
Run from C:\Documents and Settings\Ben\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}"="Reload Browse"

[HKEY_CLASSES_ROOT\CLSID\{E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E802FFFF-8E58-4d2c-A435-8BEEFB10AB77}\InProcServer32]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D}"="USB Ware"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A}"="XenaDot Software"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\Documents and Settings\Ben\Application Data\Install.dat Deleted
C:\DOCUME~1\Ben\FAVORI~1\Antivirus Test Online.url Deleted
C:\Program Files\SpywareQuake.com\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

hope this helps!


----------



## Cookiegal

Download *WinPFind*
*Right Click* the Zip Folder and Select "*Extract All*"
Extract it somewhere you will remember like the *Desktop*
Dont do anything with it yet!

*Click here* for info on how to boot to safe mode if you don't already know how.

Reboot into Safe Mode.

Double click *WinPFind.exe*
Click "*Start Scan*"
*It will scan the entire System, so please be patient and let it complete.*

Reboot back to Normal Mode!


Go to the *WinPFind folder*
Locate *WinPFind.txt*
Copy and paste WinPFind.txt in your next post here please.


----------



## Wooooop

Hey guys, i just got another fan installed into my computer, and now the temp stays below 50!  So hopefully that helps bigtime, ill tell you if it still crashes. And heres the WinPFind.txt:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
qoologic 6/01/2006 12:22:24 p.m. 12638725 C:\AVG7QT.DAT
PTech 6/01/2006 12:22:24 p.m. 12638725 C:\AVG7QT.DAT
SAHAgent 6/01/2006 12:22:24 p.m. 12638725 C:\AVG7QT.DAT
abetterinternet.com 6/01/2006 12:22:24 p.m. 12638725 C:\AVG7QT.DAT
web-nex 6/01/2006 12:22:24 p.m. 12638725 C:\AVG7QT.DAT
ad-w-a-r-e.com 6/01/2006 12:22:24 p.m. 12638725 C:\AVG7QT.DAT

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
FSG! 5/02/2004 10:24:14 p.m. 4557555 C:\WINDOWS\theoffice.scr

Checking %System% folder...
PEC2 19/03/2003 3:05:48 p.m. 2052096 C:\WINDOWS\SYSTEM32\atl71.pdb
PEC2 30/08/2002 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 23/05/2006 5:26:00 p.m. 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PEC2 19/03/2003 5:20:00 p.m. 10357760 C:\WINDOWS\SYSTEM32\mfc71.pdb
PEC2 19/03/2003 4:28:40 p.m. 8252416 C:\WINDOWS\SYSTEM32\MFC71d.pdb
PEC2 19/03/2003 5:12:12 p.m. 10333184 C:\WINDOWS\SYSTEM32\mfc71u.pdb
PEC2 19/03/2003 4:31:58 p.m. 8293376 C:\WINDOWS\SYSTEM32\mfc71ud.pdb
PECompact2 9/06/2006 1:19:50 p.m. 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/06/2006 1:19:50 p.m. 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/08/2004 7:56:36 p.m. 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 4/08/2004 7:56:44 p.m. 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 16/09/2003 1:19:48 a.m. 10240 C:\WINDOWS\SYSTEM32\virport.dll
winsync 30/08/2002 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 23/05/2006 5:25:52 p.m. 285488 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...
UPX! 24/05/2006 10:36:42 a.m. 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 24/05/2006 10:36:42 a.m. 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 24/05/2006 10:36:42 a.m. 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 24/05/2006 10:36:42 a.m. 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech 4/08/2004 5:41:38 p.m. 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS
127.0.0.1 download1.shopathomeselect.com #[ADW_SAHAGENT.A]
127.0.0.1 www.shopathomeselect.com #[Adware.SAHAgent]
127.0.0.1 web-nexus.net #[Adw.Web-Nexus.WebNexusAdServer]
127.0.0.1 dl.web-nexus.net #[eTrust.Win32.Qoologic]
127.0.0.1 dl.web-nexus.net #[eTrust.Win32.Qoologic]
127.0.0.1 stech.web-nexus.net
127.0.0.1 www.web-nexus.net
127.0.0.1 agentq.vpptechnologies.com
127.0.0.1 main.vpptechnologies.com #[IE-SpyAd]
127.0.0.1 media-0.vpptechnologies.com
127.0.0.1 media-1.vpptechnologies.com
127.0.0.1 media-4.vpptechnologies.com
127.0.0.1 media-5.vpptechnologies.com
127.0.0.1 media-6.vpptechnologies.com
127.0.0.1 media-a.vpptechnologies.com
127.0.0.1 media-b.vpptechnologies.com
127.0.0.1 media-c.vpptechnologies.com
127.0.0.1 media-d.vpptechnologies.com
127.0.0.1 media-e.vpptechnologies.com
127.0.0.1 media-f.vpptechnologies.com
127.0.0.1 msxml.vpptechnologies.com
127.0.0.1 static.vpptechnologies.com #[hotsearchbar.com]
127.0.0.1 thumbs.vpptechnologies.com
127.0.0.1 xml.vpptechnologies.com #[BlazeFind]
127.0.0.1 ad-w-a-r-e.com #[Win32.Canbede]
127.0.0.1 www.ad-w-a-r-e.com #[AdWare.Win32.Look2Me.ab]
127.0.0.1 abetterinternet.com #[Downloader.Stubby.A][Adware.Aurora]
127.0.0.1 belt.abetterinternet.com
127.0.0.1 c.abetterinternet.com #[Adware-BetterInet application]
127.0.0.1 download.abetterinternet.com #[Adware.StopPopupAdsNow]
127.0.0.1 download2.abetterinternet.com #[Parasite.Transponder]
127.0.0.1 s.abetterinternet.com
127.0.0.1 st.abetterinternet.com
127.0.0.1 static.abetterinternet.com
127.0.0.1 thinstall.abetterinternet.com
127.0.0.1 www.abetterinternet.com #[Trojan-Downloader.Win32.Stubby.d]

SAHAgent 12/08/2004 5:49:30 p.m. RHS 160892 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.msn
abetterinternet.com 12/08/2004 5:49:30 p.m. RHS 160892 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.msn

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
5/07/2006 9:46:10 a.m. S 2048 C:\WINDOWS\bootstat.dat
6/05/2006 2:00:26 p.m. RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme
6/05/2006 2:00:26 p.m. RH 0 C:\WINDOWS\assembly\pubpol1.dat
6/05/2006 7:27:08 p.m. RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1b.dat
6/05/2006 7:27:18 p.m. RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat
16/06/2006 7:19:24 p.m. HS 39437 C:\WINDOWS\system32\gebcbyw.dll
16/06/2006 8:13:34 p.m. HS 39437 C:\WINDOWS\system32\jkkijif.dll
16/06/2006 7:32:10 p.m. HS 39437 C:\WINDOWS\system32\nnnkhgg.dll
16/06/2006 10:00:22 p.m. HS 39437 C:\WINDOWS\system32\nnnlkkh.dll
16/06/2006 7:56:20 p.m. HS 39437 C:\WINDOWS\system32\opnkigg.dll
16/06/2006 7:37:30 p.m. HS 39437 C:\WINDOWS\system32\qomjkjj.dll
16/06/2006 11:15:06 p.m. HS 39437 C:\WINDOWS\system32\rqrrpop.dll
16/06/2006 9:48:28 p.m. HS 39437 C:\WINDOWS\system32\yayxuuv.dll
16/06/2006 8:27:22 p.m. HS 39437 C:\WINDOWS\system32\yayxxyw.dll
14/05/2006 10:21:52 p.m. S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
30/05/2006 4:16:00 a.m. S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
18/05/2006 7:15:12 p.m. S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
2/06/2006 8:28:56 a.m. S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
10/05/2006 6:02:54 a.m. S 65308 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem24.CAT
23/05/2006 5:27:00 p.m. S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
9/05/2006 10:42:46 p.m. S 26352 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WMFDist11.cat
5/07/2006 9:46:00 a.m. H 8192 C:\WINDOWS\system32\config\default.LOG
5/07/2006 9:46:40 a.m. H 1024 C:\WINDOWS\system32\config\SAM.LOG
5/07/2006 9:46:12 a.m. H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
5/07/2006 9:46:42 a.m. H 57344 C:\WINDOWS\system32\config\software.LOG
5/07/2006 9:46:42 a.m. H 1171456 C:\WINDOWS\system32\config\system.LOG
16/06/2006 9:26:52 a.m. H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
17/06/2006 10:04:30 a.m. HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3B7Z7X3O\desktop.ini
17/06/2006 10:04:30 a.m. HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B2P0IENI\desktop.ini
17/06/2006 10:04:30 a.m. HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PB6JYQ4J\desktop.ini
17/06/2006 10:04:30 a.m. HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YIW4V1AD\desktop.ini
16/06/2006 6:46:20 p.m. H 0 C:\WINDOWS\system32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
15/05/2006 6:12:16 p.m. HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\c281c3ac-d031-4766-a072-66d5722fbc4a
15/05/2006 6:12:16 p.m. HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
7/06/2006 10:00:58 p.m. HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1939ab3b-ca13-4d00-9692-af18d4076a6f
7/06/2006 10:00:58 p.m. HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
5/07/2006 9:43:54 a.m. H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 4/08/2004 7:56:58 p.m. 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 10/11/2005 12:03:50 p.m. 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 30/08/2002 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 30/08/2002 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
9/03/2006 3:29:00 p.m. 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems 21/02/2002 8:19:06 a.m. 45148 C:\WINDOWS\SYSTEM32\plugincpl131_03.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 23/09/2004 7:57:44 p.m. 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
5/05/2000 8:57:38 a.m. 303104 C:\WINDOWS\SYSTEM32\scmgrcpl50.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 30/08/2002 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 4:16:30 a.m. 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 30/08/2002 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 30/08/2002 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 30/08/2002 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 26/05/2005 4:16:30 a.m. 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Avance Logic, Inc. 21/03/2002 2:41:28 p.m. 544768 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\ALSNDMGR.CPL

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
17/01/2003 8:13:34 a.m. HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
17/01/2003 12:06:12 a.m. HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
17/01/2003 8:13:34 a.m. HS 84 C:\Documents and Settings\Ben\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
17/01/2003 12:06:12 a.m. HS 62 C:\Documents and Settings\Ben\Application Data\desktop.ini
25/09/2005 12:30:42 p.m. 26912 C:\Documents and Settings\Ben\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\QuickLoad
{0f0a4d40-adf0-4e8f-98d8-7208b98be01e} = 
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}
IeCatch2 Class = C:\PROGRA~1\FlashGet\jccatch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
ButtonText = FlashGet	: C:\PROGRA~1\FlashGet\flashget.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
= 
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}
&Discuss = shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address	: %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links	: %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = : 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar	: 
{DE9C389F-3316-41A7-809B-AA305ED9D922} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
VTTimer	VTTimer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL	Installed = 1
MAPI	Installed = 1
MSFS	Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe	C:\WINDOWS\system32\ctfmon.exe
Steam	
SpybotSD TeaTimer	C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
NISUM	3
ewido security suite control	2
UserAccess7	2
SDhelper	2
NVSvc	2
IDriverT	3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	
hkey	HKLM
command	
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	NvCpl
hkey	HKLM
command	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	NvCpl
hkey	HKLM
command	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	NvMcTray
hkey	HKLM
command	RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	NvMcTray
hkey	HKLM
command	RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	nwiz
hkey	HKLM
command	nwiz.exe /install
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	nwiz
hkey	HKLM
command	nwiz.exe /install
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RegistryMechanic
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	
hkey	HKLM
command	
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	
hkey	HKLM
command	
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMC_AutoUpdate
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	
hkey	HKLM
command	
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	
hkey	HKLM
command	
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini	0
win.ini	0
bootini	0
services	2
startup	2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700}	1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\msonsext.dll
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key	ÆÚáþ´-Kéudž8Êt«
FileName0	C:\WINDOWS\System32\RSACi.rat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns	0
PleaseMom	1
Enabled	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
v	4
s	0
n	0
l	4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
NumSys	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername	0
legalnoticecaption	
legalnoticetext	
shutdownwithoutlogon	1
undockwithoutlogon	1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun	145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools	1
NoAdminPage	1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = 
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit	= C:\WINDOWS\SYSTEM32\Userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1	- Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 5/07/2006 9:54:31 a.m.

Cheers guys and/or gals


----------



## Cookiegal

*Click Here* and download Killbox and save it to your desktop but dont run it yet.

Then boot to safe mode:

 *How to restart to safe mode*

Double-click on Killbox.exe to run it. 

Put a tick by *Standard File Kill*. 
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

*C:\WINDOWS\system32\gebcbyw.dll

C:\WINDOWS\system32\jkkijif.dll

C:\WINDOWS\system32\nnnkhgg.dll

C:\WINDOWS\system32\nnnlkkh.dll

C:\WINDOWS\system32\opnkigg.dll

C:\WINDOWS\system32\qomjkjj.dll

C:\WINDOWS\system32\rqrrpop.dll

C:\WINDOWS\system32\yayxuuv.dll

C:\WINDOWS\system32\yayxxyw.dll

C:\WINDOWS\SYSTEM32\drivers\etc\hosts.msn

*

Click on the button that has the red circle with the X in the middle after you enter each file. 
It will ask for confirmation to delete the file. 
Click Yes. 
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Killbox may tell you that one or more files do not exist. 
If that happens, just continue on with all the files. Be sure you don't miss any.
Next in Killbox go to *Tools > Delete Temp Files*
In the window that pops up, put a check by *ALL* the options there *except* these three:
XP Prefetch
Recent
History

Now click the *Delete Selected Temp Files* button.
Exit the Killbox.

Boot back to Windows normally and post another HijackThis log please.


----------



## Wooooop

Ok Cookie heres you log!

Logfile of HijackThis v1.99.1
Scan saved at 4:59:46 p.m., on 5/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

?


----------



## Cookiegal

The log looks fine but you should have your anti-virus program running at start-up.

Please post a new WinpFind so I can see if those files were all deleted.


----------



## Wooooop

OKieDokie

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
qoologic 6/01/2006 12:22:24 p.m. 12638725 C:\AVG7QT.DAT
PTech 6/01/2006 12:22:24 p.m. 12638725 C:\AVG7QT.DAT
SAHAgent 6/01/2006 12:22:24 p.m. 12638725 C:\AVG7QT.DAT
abetterinternet.com 6/01/2006 12:22:24 p.m. 12638725 C:\AVG7QT.DAT
web-nex 6/01/2006 12:22:24 p.m. 12638725 C:\AVG7QT.DAT
ad-w-a-r-e.com 6/01/2006 12:22:24 p.m. 12638725 C:\AVG7QT.DAT

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
FSG! 5/02/2004 10:24:14 p.m. 4557555 C:\WINDOWS\theoffice.scr

Checking %System% folder...
PEC2 19/03/2003 3:05:48 p.m. 2052096 C:\WINDOWS\SYSTEM32\atl71.pdb
PEC2 30/08/2002 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 19/06/2006 4:19:42 p.m. 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PEC2 19/03/2003 5:20:00 p.m. 10357760 C:\WINDOWS\SYSTEM32\mfc71.pdb
PEC2 19/03/2003 4:28:40 p.m. 8252416 C:\WINDOWS\SYSTEM32\MFC71d.pdb
PEC2 19/03/2003 5:12:12 p.m. 10333184 C:\WINDOWS\SYSTEM32\mfc71u.pdb
PEC2 19/03/2003 4:31:58 p.m. 8293376 C:\WINDOWS\SYSTEM32\mfc71ud.pdb
PECompact2 9/06/2006 1:19:50 p.m. 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/06/2006 1:19:50 p.m. 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/08/2004 7:56:36 p.m. 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 4/08/2004 7:56:44 p.m. 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 16/09/2003 1:19:48 a.m. 10240 C:\WINDOWS\SYSTEM32\virport.dll
winsync 30/08/2002 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 19/06/2006 4:19:26 p.m. 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...
UPX! 24/05/2006 10:36:42 a.m. 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 24/05/2006 10:36:42 a.m. 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PEC2 24/05/2006 10:36:42 a.m. 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 24/05/2006 10:36:42 a.m. 776096 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech 4/08/2004 5:41:38 p.m. 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS
127.0.0.1 download1.shopathomeselect.com #[ADW_SAHAGENT.A]
127.0.0.1 www.shopathomeselect.com #[Adware.SAHAgent]
127.0.0.1 web-nexus.net #[Adw.Web-Nexus.WebNexusAdServer]
127.0.0.1 dl.web-nexus.net #[eTrust.Win32.Qoologic]
127.0.0.1 dl.web-nexus.net #[eTrust.Win32.Qoologic]
127.0.0.1 stech.web-nexus.net
127.0.0.1 www.web-nexus.net
127.0.0.1 agentq.vpptechnologies.com
127.0.0.1 main.vpptechnologies.com #[IE-SpyAd]
127.0.0.1 media-0.vpptechnologies.com
127.0.0.1 media-1.vpptechnologies.com
127.0.0.1 media-4.vpptechnologies.com
127.0.0.1 media-5.vpptechnologies.com
127.0.0.1 media-6.vpptechnologies.com
127.0.0.1 media-a.vpptechnologies.com
127.0.0.1 media-b.vpptechnologies.com
127.0.0.1 media-c.vpptechnologies.com
127.0.0.1 media-d.vpptechnologies.com
127.0.0.1 media-e.vpptechnologies.com
127.0.0.1 media-f.vpptechnologies.com
127.0.0.1 msxml.vpptechnologies.com
127.0.0.1 static.vpptechnologies.com #[hotsearchbar.com]
127.0.0.1 thumbs.vpptechnologies.com
127.0.0.1 xml.vpptechnologies.com #[BlazeFind]
127.0.0.1 ad-w-a-r-e.com #[Win32.Canbede]
127.0.0.1 www.ad-w-a-r-e.com #[AdWare.Win32.Look2Me.ab]
127.0.0.1 abetterinternet.com #[Downloader.Stubby.A][Adware.Aurora]
127.0.0.1 belt.abetterinternet.com
127.0.0.1 c.abetterinternet.com #[Adware-BetterInet application]
127.0.0.1 download.abetterinternet.com #[Adware.StopPopupAdsNow]
127.0.0.1 download2.abetterinternet.com #[Parasite.Transponder]
127.0.0.1 s.abetterinternet.com
127.0.0.1 st.abetterinternet.com
127.0.0.1 static.abetterinternet.com
127.0.0.1 thinstall.abetterinternet.com
127.0.0.1 www.abetterinternet.com #[Trojan-Downloader.Win32.Stubby.d]

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
14/07/2006 9:54:42 a.m. S 2048 C:\WINDOWS\bootstat.dat
13/07/2006 8:44:36 a.m. H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2f5091478db83d722d22c4811bef3fca\BIT4.tmp
13/07/2006 8:44:36 a.m. H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\38a59c1e879dafc6440d36b2ce245280\BIT6.tmp
13/07/2006 8:44:36 a.m. H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\76264d26d12a4446f379953ddeb75721\BIT5.tmp
13/07/2006 8:44:36 a.m. H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8ac62a9d2e9d52e6ea908a91aec665f9\BIT7.tmp
13/07/2006 8:44:36 a.m. H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\dedad02453c401d4af20cf4075752c5f\BIT8.tmp
16/06/2006 7:32:10 p.m. HS 39437 C:\WINDOWS\system32\nnnkhgg.dll
30/05/2006 4:16:00 a.m. S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
18/05/2006 7:15:12 p.m. S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
2/06/2006 8:28:56 a.m. S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
8/06/2006 4:12:18 a.m. S 29771 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem25.CAT
19/06/2006 4:20:58 p.m. S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
14/07/2006 9:54:32 a.m. H 8192 C:\WINDOWS\system32\config\default.LOG
14/07/2006 9:55:12 a.m. H 1024 C:\WINDOWS\system32\config\SAM.LOG
14/07/2006 9:54:42 a.m. H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
14/07/2006 9:55:14 a.m. H 65536 C:\WINDOWS\system32\config\software.LOG
14/07/2006 9:55:16 a.m. H 1175552 C:\WINDOWS\system32\config\system.LOG
16/06/2006 9:26:52 a.m. H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
17/06/2006 10:04:30 a.m. HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3B7Z7X3O\desktop.ini
17/06/2006 10:04:30 a.m. HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\B2P0IENI\desktop.ini
17/06/2006 10:04:30 a.m. HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\PB6JYQ4J\desktop.ini
17/06/2006 10:04:30 a.m. HS 67 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YIW4V1AD\desktop.ini
16/06/2006 6:46:20 p.m. H 0 C:\WINDOWS\system32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
15/05/2006 6:12:16 p.m. HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\c281c3ac-d031-4766-a072-66d5722fbc4a
15/05/2006 6:12:16 p.m. HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
7/06/2006 10:00:58 p.m. HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1939ab3b-ca13-4d00-9692-af18d4076a6f
7/06/2006 10:00:58 p.m. HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
14/07/2006 9:53:32 a.m. H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 4/08/2004 7:56:58 p.m. 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 10/11/2005 12:03:50 p.m. 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 30/08/2002 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 30/08/2002 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 1/06/2006 5:22:00 p.m. 69632 C:\WINDOWS\SYSTEM32\nvcpl.cpl
1/06/2006 5:22:00 p.m. 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems 21/02/2002 8:19:06 a.m. 45148 C:\WINDOWS\SYSTEM32\plugincpl131_03.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 23/09/2004 7:57:44 p.m. 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
5/05/2000 8:57:38 a.m. 303104 C:\WINDOWS\SYSTEM32\scmgrcpl50.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 30/08/2002 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 4/08/2004 7:56:58 p.m. 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 4:16:30 a.m. 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 30/08/2002 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 30/08/2002 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 30/08/2002 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 26/05/2005 4:16:30 a.m. 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Avance Logic, Inc. 21/03/2002 2:41:28 p.m. 544768 C:\WINDOWS\SYSTEM32\ReinstallBackups\0004\DriverFiles\ALSNDMGR.CPL

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
17/01/2003 8:13:34 a.m. HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
17/01/2003 12:06:12 a.m. HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
17/01/2003 8:13:34 a.m. HS 84 C:\Documents and Settings\Ben\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
17/01/2003 12:06:12 a.m. HS 62 C:\Documents and Settings\Ben\Application Data\desktop.ini
25/09/2005 12:30:42 p.m. 26912 C:\Documents and Settings\Ben\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\QuickLoad
{0f0a4d40-adf0-4e8f-98d8-7208b98be01e} = 
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A5366673-E8CA-11D3-9CD9-0090271D075B}
IeCatch2 Class = C:\PROGRA~1\FlashGet\jccatch.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM	: C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3}
ButtonText = FlashGet	: C:\PROGRA~1\FlashGet\flashget.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
= 
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}
&Discuss = shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address	: %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links	: %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = : 
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar	: 
{DE9C389F-3316-41A7-809B-AA305ED9D922} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
VTTimer	VTTimer.exe
QuickTime Task	"C:\Program Files\QuickTime\qttask.exe" -atboottime
NvCplDaemon	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz	nwiz.exe /install
NvMediaCenter	RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL	Installed = 1
MAPI	Installed = 1
MSFS	Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe	C:\WINDOWS\system32\ctfmon.exe
Steam	
SpybotSD TeaTimer	C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
NISUM	3
ewido security suite control	2
UserAccess7	2
SDhelper	2
NVSvc	2
IDriverT	3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	
hkey	HKLM
command	
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ASM
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	ASMonitor
hkey	HKLM
command	"C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	ASMonitor
hkey	HKLM
command	"C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe"
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	NvCpl
hkey	HKLM
command	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	NvCpl
hkey	HKLM
command	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvMediaCenter
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	NvMcTray
hkey	HKLM
command	RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	NvMcTray
hkey	HKLM
command	RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\nwiz
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	nwiz
hkey	HKLM
command	nwiz.exe /install
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	nwiz
hkey	HKLM
command	nwiz.exe /install
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RegistryMechanic
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	
hkey	HKLM
command	
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	
hkey	HKLM
command	
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WMC_AutoUpdate
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	
hkey	HKLM
command	
inimapping	0
key	SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item	
hkey	HKLM
command	
inimapping	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini	0
win.ini	0
bootini	0
services	2
startup	2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700}	1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\msonsext.dll
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key	ÆÚáþ´-Kéudž8Êt«
FileName0	C:\WINDOWS\System32\RSACi.rat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns	0
PleaseMom	1
Enabled	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
v	4
s	0
n	0
l	4

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
NumSys	0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername	0
legalnoticecaption	
legalnoticetext	
shutdownwithoutlogon	1
undockwithoutlogon	1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun	145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools	1
NoAdminPage	1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = 
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit	= C:\WINDOWS\SYSTEM32\Userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1	- Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 14/07/2006 10:04:40 a.m.

Also, after getting a new fan to stop the crashes, i still occasionaly got a black screen which forces a restart, but we fixed that buy taking out our fx5200 and putting in our old card the mx420. It just means this older card cannot handle some of our games very well.
Cheers guys and or girls.


----------



## Cookiegal

Reboot to safe mode and run Killbox on this file:

*C:\WINDOWS\system32\nnnkhgg.dll*

Reboot and post a new WinpFind log please.


----------

