i don't even know where to begin

This section is for XP operating system problems and requests for help.
Post Reply
paco
New FixmyXP Member
New FixmyXP Member
Posts: 6
Joined: Wed Nov 07, 2007 8:27 pm

i don't even know where to begin

Post by paco » Wed Nov 07, 2007 8:32 pm

Alright I left my computer with my little sister in June for the summer. When i got it back yesterday it was all messed up. Basically the computer won't run .exe files. Like for instance I type in cmd in run and it brings up the open with box. But if I say try to open a .txt file and I click open with firefox it will open. If i just try to open firefox it won't. I had to go into safe mode to do a system restore but the earliest possible dat was July 20th, which is after the problem had occurred. None of the programs in accesseries will run. None of the system tools. So I really don't know... any suggestions would be great.

Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

Re: i don't even know where to begin

Post by Essexboy » Wed Nov 07, 2007 10:40 pm

Could you run this analysis tool for me

Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt  -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

paco
New FixmyXP Member
New FixmyXP Member
Posts: 6
Joined: Wed Nov 07, 2007 8:27 pm

Re: i don't even know where to begin

Post by paco » Wed Nov 07, 2007 11:16 pm

main.txt

Deckard's System Scanner v20071014.68
Run by nicket on 2007-11-07 17:07:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
13: 2007-11-07 23:07:07 UTC - RP197 - Deckard's System Scanner Restore Point
12: 2007-11-07 22:07:03 UTC - RP196 - Installed Superpower 2
11: 2007-11-07 19:09:37 UTC - RP195 - Restore Operation
10: 2007-11-07 17:23:01 UTC - RP194 - Restore Operation
9: 2007-11-07 17:15:37 UTC - RP193 - Restore Operation


-- First Restore Point --
1: 2007-07-20 23:30:54 UTC - RP185 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

System Drive C: has 8.1 GiB (less than 15%) free.


-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2007-11-07 17:08:24
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Documents and Settings\nicket\Desktop\dss.exe

O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


--
End of file - 2987 bytes

-- File Associations -----------------------------------------------------------

.bat - unable to read key
.bat - unable to read key
.bat - unable to read key
.com - unable to read key
.com - unable to read key
.exe - unable to read key
.exe - unable to read key
.lnk - unable to read key
.pif - unable to read key
.reg - unable to read key
.reg - unable to read key
.reg - unable to read key
.scr - unable to read key


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 prohlp02 (StarForce Protection Helper Driver v2) - c:\windows\system32\drivers\prohlp02.sys
R0 prosync1 (StarForce Protection Synchronization Driver v1) - c:\windows\system32\drivers\prosync1.sys
R0 sfhlp01 (StarForce Protection Helper Driver) - c:\windows\system32\drivers\sfhlp01.sys
R1 prodrv06 (StarForce Protection Environment Driver v6) - c:\windows\system32\drivers\prodrv06.sys
R2 ScFBPNT (CanoScan FBP Port Driver) - c:\windows\system32\drivers\scfbpnt.sys
R3 vaxscsi - c:\windows\system32\drivers\vaxscsi.sys


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Multimedia Audio Controller
Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_00801462&REV_60\3&61AAA01&0&8D
Manufacturer:
Name: Multimedia Audio Controller
PNP Device ID: PCI\VEN_1106&DEV_3059&SUBSYS_00801462&REV_60\3&61AAA01&0&8D
Service:


-- Scheduled Tasks -------------------------------------------------------------

2007-07-22 03:09:44      272 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job
2007-06-22 02:36:50      394 --a------ C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job
2007-06-22 01:45:35      340 --a------ C:\WINDOWS\Tasks\Uniblue SpyEraser.job


-- Files created between 2007-10-07 and 2007-11-07 -----------------------------

2007-11-07 12:26:45        0 d-------- C:\Documents and Settings\Administrator.BILLY-4725D0832.003\Local Settings
2007-11-07 12:26:45        0 d-------- C:\Documents and Settings\Administrator.BILLY-4725D0832.003\Cookies
2007-11-07 12:26:45        0 d-------- C:\Documents and Settings\Administrator.BILLY-4725D0832.003\Application Data
2007-11-07 12:26:45        0 d-------- C:\Documents and Settings\Administrator.BILLY-4725D0832.003\Application Data\Microsoft
2007-11-07 12:26:44        0 d-------- C:\Documents and Settings\Administrator.BILLY-4725D0832.003\Templates
2007-11-07 12:26:44    524288 --ah----- C:\Documents and Settings\Administrator.BILLY-4725D0832.003\NTUSER.DAT
2007-11-07 11:21:21        0 d-------- C:\Documents and Settings\Administrator.BILLY-4725D0832.002\Cookies
2007-11-07 11:21:21        0 d-------- C:\Documents and Settings\Administrator.BILLY-4725D0832.002\Application Data
2007-11-07 11:21:21        0 d-------- C:\Documents and Settings\Administrator.BILLY-4725D0832.002\Application Data\Microsoft
2007-11-07 11:21:20        0 d-------- C:\Documents and Settings\Administrator.BILLY-4725D0832.002\Templates
2007-11-07 11:21:20    524288 --ah----- C:\Documents and Settings\Administrator.BILLY-4725D0832.002\NTUSER.DAT
2007-11-07 11:21:20        0 d-------- C:\Documents and Settings\Administrator.BILLY-4725D0832.002\Local Settings
2007-11-07 11:10:21        0 d-------- C:\Documents and Settings\Administrator.BILLY-4725D0832.001\Templates
2007-11-07 11:10:21    786432 --ah----- C:\Documents and Settings\Administrator.BILLY-4725D0832.001\NTUSER.DAT
2007-11-07 11:10:21        0 d-------- C:\Documents and Settings\Administrator.BILLY-4725D0832.001\Local Settings
2007-11-07 11:10:21        0 d-------- C:\Documents and Settings\Administrator.BILLY-4725D0832.001\Cookies
2007-11-07 11:10:21        0 d-------- C:\Documents and Settings\Administrator.BILLY-4725D0832.001\Application Data
2007-11-07 11:10:21        0 d-------- C:\Documents and Settings\Administrator.BILLY-4725D0832.001\Application Data\Microsoft


-- Find3M Report ---------------------------------------------------------------

2007-11-07 13:11:58        0 d-------- C:\Program Files\Law and Order 2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [03/24/2006 07:09 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/23/2005 10:05:26 PM]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{238a6108-f488-11db-84a0-0011095e4a67}]
AutoRun\command- G:\launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57777c0d-9ef4-11db-bc9b-0011095e4a67}]
AutoRun\command- G:\LaunchU3.exe

*Newly Created Service* - PRODRV06
*Newly Created Service* - PROHLP02
*Newly Created Service* - PROSYNC1
*Newly Created Service* - SFHLP01

paco
New FixmyXP Member
New FixmyXP Member
Posts: 6
Joined: Wed Nov 07, 2007 8:27 pm

Re: i don't even know where to begin

Post by paco » Wed Nov 07, 2007 11:16 pm

extra.txt

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP
Percentage of Memory in Use: 29%
Physical Memory (total/avail): 1023.48 MiB / 726.47 MiB
Pagefile Memory (total/avail): 2461.54 MiB / 2277.35 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1949.66 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 232.88 GiB total, 8.1 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - WDC WD2500JB-32EVA0 - 232.88 GiB - 1 partition
  \PARTITION0 (bootable) - Installable File System - 232.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: Kaspersky Anti-Virus 6.0 v6.0.0.300 (Kaspersky Lab) Outdated

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"="C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe:*:Enabled:Star Wars: Empire at War"
"C:\\Documents and Settings\\nicket\\Desktop\\utorrent.exe"="C:\\Documents and Settings\\nicket\\Desktop\\utorrent.exe:*:Enabled:µTorrent"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\nicket\Application Data
CLASSPATH=C:\Program Files\PhotoDeluxe 2.0\AdobeConnectables
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BILLY-4725D0832
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\nicket
LOGONSERVER=\\BILLY-4725D0832
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 6 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0602
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_10\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\nicket\LOCALS~1\Temp
TMP=C:\DOCUME~1\nicket\LOCALS~1\Temp
USERDOMAIN=BILLY-4725D0832
USERNAME=nicket
USERPROFILE=C:\Documents and Settings\nicket
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

nicket (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent --> "C:\Program Files\uTorrent\uninstall.exe"
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
ACE-HIGH MP3 WAV WMA OGG Converter --> C:\PROGRA~1\ACE-HI~1\UNWISE.EXE C:\PROGRA~1\ACE-HI~1\INSTALL.LOG
Ad-Aware SE Professional --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe PhotoDeluxe 2.0 --> C:\WINDOWS\uninst.exe -f"C:\Program Files\PhotoDeluxe 2.0\DeIsL1.isu"
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Advanced DVD Player --> "C:\Program Files\AdvancedDVDPlayer\unins000.exe"
Amazing DVD Player --> "C:\Program Files\Amazing DVD Player\unins000.exe"
AOL Instant Messenger --> C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Artisan DVD/DivX Player --> "C:\Program Files\ArtisanDVDPlayer\unins000.exe"
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x6974
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVS DVD Player version 2.4 --> "C:\Program Files\AVS4YOU\AVSDVDPlayer\unins000.exe"
Baldur's Gate(TM) II - Shadows of Amn(TM) --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAE4336-2B71-11D4-9A6C-006067325E47}\setup.exe"
CDisplay 1.8 --> "C:\Program Files\CDisplay\unins000.exe"
DeepBurner v1.8.0.224 --> "C:\Program Files\Astonsoft\DeepBurner\Uninstall.exe" "C:\Program Files\Astonsoft\DeepBurner\install.log"
DivX Codec --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy DVD Player 2.0 --> "C:\Program Files\Easy DVD Player\unins000.exe"
Easy DVD/CD Burner --> C:\PROGRA~1\EASYDV~2\UNWISE.EXE C:\PROGRA~1\EASYDV~2\INSTALL.LOG
Express Rip Uninstall --> C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe"
Freeciv 2.0.8 (GTK+ client) --> "C:\Program Files\Freeciv-2.0.8-gtk2\uninstall.exe"
GTA2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}\Setup.exe" -l0x9
iTunes --> MsiExec.exe /I{553E56C3-7AA1-45FE-A2FC-2C43DC27F765}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Anti-Virus 6.0 --> MsiExec.exe /I{75193929-9A52-4CA4-98DE-8C7296940920}
Lavasoft Reghance 2.1 --> C:\PROGRA~1\LAVASO~1\UNWISE.EXE C:\PROGRA~1\LAVASO~1\INSTALL.LOG
Law & Order II: Double or Nothing --> C:\Program Files\Law and Order 2\uninstall\uninstall.exe
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5) --> C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (en-US)"
PlaneShift Crystal Blue - Tech Demo --> C:\Program Files\PlaneShift Crystal Blue\Uninstall.exe
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
ScanCraft CS-P --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ScanCraft CS-P\Uninst.isu" -c"C:\Program Files\Canon\ScanCraft CS-P\scuninst.dll"
Sid Meier's Civilization 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9  -removeonly
SimIsle --> C:\WINDOWS\uninst.exe -f"C:\Program Files\Maxis\SimIsle\DeIsL1.isu"
smplayer --> "C:\Program Files\smplayer\Uninstall.exe"
Snowball Pack v1.0 for Pocket Tanks Deluxe --> "C:\Program Files\Pocket Tanks Deluxe\unins000.exe"
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
Star Wars Empire at War --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99AE7207-8612-4DBA-A8F8-BAE5C633390D}\Setup.exe" -l0x9  -removeonly
Superpower 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{CFB9F7A0-A7ED-43A9-9551-EC1F319F971A}
Switch --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Tales of Pirates Online 1.33 --> "C:\Program Files\Tales of Pirates Online\unins000.exe"
The Weather Channel Desktop --> C:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe
Uniblue RegistryBooster 2 --> "C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Uniblue SpeedUpMyPC 3 --> "C:\Program Files\Uniblue\SpeedUpMyPC 3\unins000.exe"
Uniblue SpyEraser --> "C:\Program Files\Uniblue\SpyEraser\unins000.exe"
Vampire - The Masquerade Bloodlines --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{C4E2A4A7-B623-40CB-8EEA-72F577E49D56} /l2057
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\Framework\wxfw.cpl,4
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip 11.1 --> MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1215 / Error
Event Submitted/Written: 11/07/2007 01:18:16 PM
Event ID/Source: 3001 / LoadPerf
Event Description:
The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 4820, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Event Record #/Type1214 / Warning
Event Submitted/Written: 11/07/2007 01:18:16 PM
Event ID/Source: 2006 / LoadPerf
Event Description:
LastCounter and LastHelp values of performance registry is corrupted and
needs to be updated. The first and second DWORDs in Data Section are the
original values while the third and forth DWORDs in Data Section are the
updated new values.

Event Record #/Type1213 / Error
Event Submitted/Written: 11/07/2007 01:18:13 PM
Event ID/Source: 3011 / LoadPerf
Event Description:
Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The
Error code is the first DWORD in Data section.

Event Record #/Type1212 / Error
Event Submitted/Written: 11/07/2007 01:18:13 PM
Event ID/Source: 3001 / LoadPerf
Event Description:
The performance counter name string value in the registry is incorrectly
formatted. The bogus string is 4820, the bogus index value is the first
DWORD in Data section while the last valid index values are the second and
third DWORD in Data section.

Event Record #/Type1207 / Error
Event Submitted/Written: 11/07/2007 00:34:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application game.exe, version 1.0.0.1, faulting module game.exe, version 1.0.0.1, fault address 0x00011af8.
Processing media-specific event for [game.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2443 / Error
Event Submitted/Written: 11/07/2007 01:09:39 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type2442 / Error
Event Submitted/Written: 11/07/2007 01:09:20 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type2441 / Error
Event Submitted/Written: 11/07/2007 01:09:10 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type2389 / Error
Event Submitted/Written: 11/07/2007 00:27:22 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type2388 / Error
Event Submitted/Written: 11/07/2007 00:27:07 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}



-- End of Deckard's System Scanner: finished at 2007-11-07 17:09:16 ------------

Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

Re: i don't even know where to begin

Post by Essexboy » Thu Nov 08, 2007 8:47 pm

Move Dss to desktop if it's not there now.

After that:

Go to start -> run.
type this in box and click ok

"%userprofile%\desktop\dss.exe" /daft

* Place a checkmark next to the following entries if they are shown after the scan:
.bat
.bat
.bat
.com
.com
.exe
.exe
.lnk
.pif
.reg
.reg
.reg
.scr

* Click the Fix button.
* Re-scan and save a logfile to your Desktop. By default, it will save as daft.txt
* Post that log in your next post.

Also your Antivirus is out of date if you need guidance as to a new Antivirus then let me know
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

paco
New FixmyXP Member
New FixmyXP Member
Posts: 6
Joined: Wed Nov 07, 2007 8:27 pm

Re: i don't even know where to begin

Post by paco » Thu Nov 08, 2007 9:11 pm

DAFT Log saved on 2007-11-08 15:13:35
-------------------------------------------
All associations OK!

Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

Re: i don't even know where to begin

Post by Essexboy » Thu Nov 08, 2007 10:16 pm

Now we have that done

Download ComboFix from [url=http://"http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe"]Here[/url] or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Also how is the system running now
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

paco
New FixmyXP Member
New FixmyXP Member
Posts: 6
Joined: Wed Nov 07, 2007 8:27 pm

Re: i don't even know where to begin

Post by paco » Thu Nov 08, 2007 10:27 pm

i'm about to run combofix right now. The file associations seemed to be fixed though

paco
New FixmyXP Member
New FixmyXP Member
Posts: 6
Joined: Wed Nov 07, 2007 8:27 pm

Re: i don't even know where to begin

Post by paco » Thu Nov 08, 2007 11:09 pm

ComboFix 07-11-08.1 - nicket 2007-11-08 16:52:38.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.688 [GMT -6:00]
Running from: C:\Documents and Settings\nicket\Desktop\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((  Files Created from 2007-10-08 to 2007-11-08  )))))))))))))))))))))))))))))))
.

2007-11-08 16:51 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 17:06 d-------- C:\Deckard
2007-11-07 16:35 154,512 --a------ C:\WINDOWS\system32\sfdrvrem.exe

.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-08 21:26 --------- d-----w C:\Program Files\Tales of Pirates Online
2007-11-08 21:20 --------- d-----w C:\Program Files\Freeciv-2.0.8-gtk2
2007-11-08 21:20 --------- d-----w C:\Program Files\Easy DVD Player
2007-11-08 21:20 --------- d-----w C:\Program Files\Amazing DVD Player
2007-11-08 21:20 --------- d-----w C:\Program Files\AdvancedDVDPlayer
2007-11-07 19:11 --------- d-----w C:\Program Files\Law and Order 2
2006-07-03 20:42 356,864 ----a-w C:\Program Files\TrueCrypt Setup.exe
2006-07-03 16:39 4,769 ----a-w C:\Program Files\Readme.txt
.

(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 16:29]
"Uniblue SpyEraser"="C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe" [2007-06-13 09:31]

R2 ScFBPNT;CanoScan FBP Port Driver;\??\C:\WINDOWS\system32\drivers\ScFBPNT.SYS
R3 cwrwdm;SoundFusion(tm) WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{57777c0d-9ef4-11db-bc9b-0011095e4a67}]
\Shell\AutoRun\command - G:\LaunchU3.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PRODRV06
*Newly Created Service* - PROHLP02
*Newly Created Service* - PROSYNC1
*Newly Created Service* - SFHLP01
.
Contents of the 'Scheduled Tasks' folder
"2007-07-22 09:09:44 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-06-22 08:36:50 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-06-22 07:45:35 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.

Essexboy
Administrator
Administrator
Posts: 903
Joined: Wed Sep 14, 2005 11:20 am
Location: Helston - Cornwall
Contact:

Re: i don't even know where to begin

Post by Essexboy » Fri Nov 09, 2007 6:34 pm

Looks clean, if everything works as specified then you are good to go.  But I would recommend resetting your restore points

There are several ways to reset your your restore point but this is my method:

1. Select Start > All Programs > Accessories > System tools > System Restore.
2. On the dialogue box that appears select Create a Restore Point
3. Click NEXT
4. Enter a name e.g. Clean
5. Click CREATE

You now have a clean restore point, to get rid of the bad ones:

1. Select Start > All Programs > Accessories > System tools > Disk Cleanup.
2. In the Drop down box that appears select your main drive e.g. C
3. Click OK
4. The System will do some calculation and the display a dialogue box with TABS
5. Select the More Options Tab.
6. At the bottom will be a system restore box with a CLEANUP button click this
7. Accept the Warning and select OK again, the program will close and you are done
 
VISTA
XPsp2
Avast (of course)
Image


http://spaces.msn.com/members/essexboymkn/

If ignorance is bliss  why aren't more people happy?

Post Reply