Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

EU: Rome stackhash crashing


  • This topic is locked This topic is locked
18 replies to this topic

#1 bilboy32

bilboy32

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 02 December 2011 - 10:20 AM

So I've been playing Europa Universalis: Rome for many years now, with very little concern (other than an occasional overheat). I'm running Vista x64 on an MBP in Boot Camp. However, 5 days ago I started getting a message upon clicking the icon saying the program crashed.
The log continually mentions AppCrash StackHash_fd00 as the issue for romegame.exe
Here is my HJT Log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:16:16 AM, on 12/2/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Users\Billiam\Desktop\Lubbos Fan Control\LubbosFanControl.exe
C:\Users\Billiam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Billiam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Billiam\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-541805414-318844384-2578015136-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple OS Switch Manager (AppleOSSMgr) - Unknown owner - C:\Windows\system32\AppleOSSMgr.exe (file missing)
O23 - Service: Apple Time Service (AppleTimeSrv) - Unknown owner - C:\Windows\system32\AppleTimeSrv.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5366 bytes


AND here is the DDS Log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005
Run by Billiam at 10:17:49 on 2011-12-02
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4071.2715 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Users\Billiam\Desktop\Lubbos Fan Control\LubbosFanControl.exe
C:\Windows\system32\AppleControlPanel.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Billiam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Billiam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E47F463D-651B-4067-BABB-AC3FE41438A3} : DhcpNameServer = 192.168.1.1
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\system32\AppleOSSMgr.exe --> C:\Windows\system32\AppleOSSMgr.exe [?]
R2 AppleTimeSrv;Apple Time Service;C:\Windows\system32\AppleTimeSrv.exe --> C:\Windows\system32\AppleTimeSrv.exe [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 inpoutx64;inpoutx64;C:\Windows\system32\Drivers\inpoutx64.sys --> C:\Windows\system32\Drivers\inpoutx64.sys [?]
R2 KeyAgent;KeyAgent;\??\C:\Windows\system32\drivers\KeyAgent.sys --> C:\Windows\system32\drivers\KeyAgent.sys [?]
R2 MacHALDriver;Mac HAL;\??\C:\Windows\system32\drivers\MacHALDriver.sys --> C:\Windows\system32\drivers\MacHALDriver.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-1 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 applemtm;Apple Multitouch Mouse;C:\Windows\system32\DRIVERS\applemtm.sys --> C:\Windows\system32\DRIVERS\applemtm.sys [?]
R3 applemtp;Apple Multitouch;C:\Windows\system32\DRIVERS\applemtp.sys --> C:\Windows\system32\DRIVERS\applemtp.sys [?]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\system32\DRIVERS\IRFilter.sys --> C:\Windows\system32\DRIVERS\IRFilter.sys [?]
R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\system32\DRIVERS\KeyMagic.sys --> C:\Windows\system32\DRIVERS\KeyMagic.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBIODS64;Beamz Interactive USB Controller 64 bit;C:\Windows\system32\Drivers\USBIODS64.sys --> C:\Windows\system32\Drivers\USBIODS64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-3-12 89920]
.
=============== Created Last 30 ================
.
2074-05-07 22:38:48 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-12-02 04:46:31 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{14AC7C32-EB09-4935-936F-CE62365FBAFD}\offreg.dll
2011-12-01 22:03:57 -------- d-----w- C:\Users\Billiam\AppData\Roaming\Malwarebytes
2011-12-01 22:03:52 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-01 22:03:49 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-01 22:03:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-01 21:08:15 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{14AC7C32-EB09-4935-936F-CE62365FBAFD}\mpengine.dll
2011-12-01 20:58:46 5067584 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-12-01 20:58:46 137536 ----a-w- C:\Windows\System32\nvshext.dll
2011-12-01 20:58:45 837952 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2011-12-01 20:58:45 3074368 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-12-01 20:58:45 222528 ----a-w- C:\Windows\System32\nvmctray.dll
2011-12-01 20:58:45 1640768 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-12-01 20:58:45 10406208 ----a-w- C:\Windows\System32\nvcpl.dll
2011-12-01 20:56:29 8791360 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2011-12-01 20:56:29 7581504 ----a-w- C:\Windows\System32\nvcuda.dll
2011-12-01 20:56:29 7041856 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2011-12-01 20:56:29 5578560 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2011-12-01 20:56:29 2542912 ----a-w- C:\Windows\System32\nvcuvid.dll
2011-12-01 20:56:29 24742720 ----a-w- C:\Windows\System32\nvoglv64.dll
2011-12-01 20:56:29 2458432 ----a-w- C:\Windows\SysWow64\nvapi.dll
2011-12-01 20:56:29 2401088 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2011-12-01 20:56:29 2099520 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2011-12-01 20:56:29 18871616 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2011-12-01 20:56:29 12971840 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2011-12-01 20:39:13 660072 ----a-w- C:\Windows\System32\nvudisp.exe
2011-12-01 19:55:16 -------- d-----w- C:\Windows\SysWow64\directx
2011-12-01 19:37:58 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-12-01 19:37:17 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-12-01 19:35:34 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2011-12-01 19:35:34 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-12-01 19:35:33 2808128 ----a-w- C:\Windows\System32\nvapi64.dll
2011-12-01 19:35:33 24796992 ----a-w- C:\Windows\System32\nvcompiler.dll
2011-12-01 19:35:33 2232128 ----a-w- C:\Windows\System32\nvcuvenc.dll
2011-12-01 19:35:33 17248576 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2011-12-01 19:35:33 15693120 ----a-w- C:\Windows\System32\nvd3dumx.dll
2011-12-01 19:35:33 1533248 ----a-w- C:\Windows\System32\nvdispco64.dll
2011-12-01 19:35:33 1454400 ----a-w- C:\Windows\System32\nvgenco64.dll
2011-11-29 19:59:03 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2011-11-20 03:50:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-20 03:49:57 -------- d-sh--w- C:\Users\Billiam\AppData\Local\4db361a3
2011-11-17 22:19:27 -------- d--ha-w- C:\.fseventsd
2011-11-15 20:06:41 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-15 20:06:40 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2011-11-15 20:06:38 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-11-15 20:06:38 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-11-15 20:06:33 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-15 20:06:33 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-15 20:06:33 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
.
==================== Find3M ====================
.
2011-10-15 08:53:00 13205312 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2011-10-15 05:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 10:18:02.26 ===============






So what do you suggest? I've found many people take issue with this stackhash, but usually with explorer.exe or iexplore.exe . I have found nothing of specific use for my particular problem. HELP!

Edit: Moved topic from Computer Gaming to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 07 December 2011 - 10:25 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/430379 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 bilboy32

bilboy32
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 07 December 2011 - 12:05 PM

So here is the updated DDS log. In addition, I will add the specific crash report after this behemoth of info.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6002.18005
Run by Billiam at 11:59:56 on 2011-12-07
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4071.2442 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\AppleOSSMgr.exe
C:\Windows\system32\AppleTimeSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Users\Billiam\Desktop\Lubbos Fan Control\LubbosFanControl.exe
C:\Windows\system32\AppleControlPanel.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Billiam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Billiam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Billiam\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E47F463D-651B-4067-BABB-AC3FE41438A3} : DhcpNameServer = 192.168.1.1
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\system32\AppleOSSMgr.exe --> C:\Windows\system32\AppleOSSMgr.exe [?]
R2 AppleTimeSrv;Apple Time Service;C:\Windows\system32\AppleTimeSrv.exe --> C:\Windows\system32\AppleTimeSrv.exe [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 inpoutx64;inpoutx64;C:\Windows\system32\Drivers\inpoutx64.sys --> C:\Windows\system32\Drivers\inpoutx64.sys [?]
R2 KeyAgent;KeyAgent;\??\C:\Windows\system32\drivers\KeyAgent.sys --> C:\Windows\system32\drivers\KeyAgent.sys [?]
R2 MacHALDriver;Mac HAL;\??\C:\Windows\system32\drivers\MacHALDriver.sys --> C:\Windows\system32\drivers\MacHALDriver.sys [?]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-12-1 2253120]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248]
R3 applemtm;Apple Multitouch Mouse;C:\Windows\system32\DRIVERS\applemtm.sys --> C:\Windows\system32\DRIVERS\applemtm.sys [?]
R3 applemtp;Apple Multitouch;C:\Windows\system32\DRIVERS\applemtp.sys --> C:\Windows\system32\DRIVERS\applemtp.sys [?]
R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\system32\DRIVERS\IRFilter.sys --> C:\Windows\system32\DRIVERS\IRFilter.sys [?]
R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\system32\DRIVERS\KeyMagic.sys --> C:\Windows\system32\DRIVERS\KeyMagic.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 USBIODS64;Beamz Interactive USB Controller 64 bit;C:\Windows\system32\Drivers\USBIODS64.sys --> C:\Windows\system32\Drivers\USBIODS64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-3-12 89920]
.
=============== Created Last 30 ================
.
2074-05-07 22:38:48 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-12-06 22:38:57 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{49242A59-9F85-4A46-8577-B2DB4138020F}\offreg.dll
2011-12-06 22:38:52 8822856 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{49242A59-9F85-4A46-8577-B2DB4138020F}\mpengine.dll
2011-12-01 22:03:57 -------- d-----w- C:\Users\Billiam\AppData\Roaming\Malwarebytes
2011-12-01 22:03:52 -------- d-----w- C:\ProgramData\Malwarebytes
2011-12-01 22:03:49 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-12-01 22:03:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-12-01 20:58:46 5067584 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-12-01 20:58:46 137536 ----a-w- C:\Windows\System32\nvshext.dll
2011-12-01 20:58:45 837952 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2011-12-01 20:58:45 3074368 ----a-w- C:\Windows\System32\nvsvcr.dll
2011-12-01 20:58:45 222528 ----a-w- C:\Windows\System32\nvmctray.dll
2011-12-01 20:58:45 1640768 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-12-01 20:58:45 10406208 ----a-w- C:\Windows\System32\nvcpl.dll
2011-12-01 20:56:29 8791360 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2011-12-01 20:56:29 7581504 ----a-w- C:\Windows\System32\nvcuda.dll
2011-12-01 20:56:29 7041856 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2011-12-01 20:56:29 5578560 ----a-w- C:\Windows\SysWow64\nvcuda.dll
2011-12-01 20:56:29 2542912 ----a-w- C:\Windows\System32\nvcuvid.dll
2011-12-01 20:56:29 24742720 ----a-w- C:\Windows\System32\nvoglv64.dll
2011-12-01 20:56:29 2458432 ----a-w- C:\Windows\SysWow64\nvapi.dll
2011-12-01 20:56:29 2401088 ----a-w- C:\Windows\SysWow64\nvcuvid.dll
2011-12-01 20:56:29 2099520 ----a-w- C:\Windows\SysWow64\nvcuvenc.dll
2011-12-01 20:56:29 18871616 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2011-12-01 20:56:29 12971840 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2011-12-01 20:39:13 660072 ----a-w- C:\Windows\System32\nvudisp.exe
2011-12-01 19:55:16 -------- d-----w- C:\Windows\SysWow64\directx
2011-12-01 19:37:58 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-12-01 19:37:17 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-12-01 19:35:34 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2011-12-01 19:35:34 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-12-01 19:35:33 2808128 ----a-w- C:\Windows\System32\nvapi64.dll
2011-12-01 19:35:33 24796992 ----a-w- C:\Windows\System32\nvcompiler.dll
2011-12-01 19:35:33 2232128 ----a-w- C:\Windows\System32\nvcuvenc.dll
2011-12-01 19:35:33 17248576 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2011-12-01 19:35:33 15693120 ----a-w- C:\Windows\System32\nvd3dumx.dll
2011-12-01 19:35:33 1533248 ----a-w- C:\Windows\System32\nvdispco64.dll
2011-12-01 19:35:33 1454400 ----a-w- C:\Windows\System32\nvgenco64.dll
2011-11-29 19:59:03 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2011-11-20 03:50:14 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-20 03:49:57 -------- d-sh--w- C:\Users\Billiam\AppData\Local\4db361a3
2011-11-17 22:19:27 -------- d--ha-w- C:\.fseventsd
2011-11-15 20:06:41 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-15 20:06:40 40448 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2011-11-15 20:06:38 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-11-15 20:06:38 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-11-15 20:06:33 893440 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-15 20:06:33 707584 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-15 20:06:33 50688 ----a-w- C:\Program Files\Windows Mail\wabimp.dll
.
==================== Find3M ====================
.
2011-10-15 08:53:00 13205312 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2011-10-15 05:54:52 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
============= FINISH: 12:00:21.36 ===============


Here is the crash log:

Product
Rome

Problem
Stopped working

Date
12/5/2011 5:35 PM

Status
Report Sent

Problem signature
Problem Event Name: APPCRASH
Application Name: RomeGame.exe
Application Version: 1.0.0.0
Application Timestamp: 48a19fbc
Fault Module Name: StackHash_fd00
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Code: c0000005
Exception Offset: 41545045
OS Version: 6.0.6002.2.2.0.256.1
Locale ID: 1033
Additional Information 1: fd00
Additional Information 2: ea6f5fe8924aaa756324d57f87834160
Additional Information 3: fd00
Additional Information 4: ea6f5fe8924aaa756324d57f87834160

Extra information about the problem
Bucket ID: 908449694



So again, any help would be wonderful. Please let me know if anything more is necessary. I am running a 64 bit Vista, so I didn't do the GMER. I do have the original Windows disk as well. What seems odd is that the game worked perfectly fine for years, and very suddenly stopped working. If I recall it seemed it happened after a windows update.

Edited by bilboy32, 07 December 2011 - 12:06 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:12 PM

Posted 07 December 2011 - 03:26 PM

Hello, what makes you think this problem is malware related?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 bilboy32

bilboy32
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 07 December 2011 - 05:39 PM

Well I didn't necessarily think it at first, but once I looked around at common stackhash fails, many of which led to malware issues. Have I missed the mark entirely? If so, where should I post this problem? At first it was in the game section, but the mods moved it so I trusted their judgement. Anything else I should post to clear this up?

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:12 PM

Posted 08 December 2011 - 03:30 AM

I see no evidence of malware, but that doesn't automatically mean it isn't involved, which is why I asked you about possible symptoms aside from the game crash. :)

Have you tried to disable MS Security Essentials and see if that makes a difference? Sometimes security products interfere with other programs and can cause crashes.

Please post me also attach.txt, created by DDS.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 bilboy32

bilboy32
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 08 December 2011 - 10:21 AM

I have not had other problems, other than a one-time false positive on malwarebytes. It identified the icons of LOTR:BFME2 and the expansion as rogue.securityshield. However, I left the icons in quarantine for a day and then returned them, scanned again, and found no problems. I have not tried disabling MSE, but as I mentioned, this has never happened before. I have used MSE on this OS since I installed it, with no issues to anything. Here is the attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 3/9/2010 5:05:35 PM
System Uptime: 12/7/2011 1:02:55 AM (11 hours ago)
.
Motherboard: Apple Inc. | | Mac-F42D86C8
Processor: Intel® Core™2 Duo CPU T9400 @ 2.53GHz | U2E1 | 2527/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 63 GiB total, 3.016 GiB free.
D: is CDROM (UDF)
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP321: 12/1/2011 3:57:23 PM - Device Driver Package Install: NVIDIA Display adapters
RP322: 12/2/2011 3:22:51 PM - Windows Update
RP323: 12/3/2011 3:37:20 PM - Windows Update
RP324: 12/4/2011 3:52:49 PM - Windows Update
RP325: 12/5/2011 3:56:25 PM - Windows Update
RP326: 12/6/2011 5:38:41 PM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
1602 A.D.
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Age of Empires III
Apple Software Update
Beamz Player
Beamz Songs (Model C4) Volume 1
Beamz Songs (Model C4) Volume 2
DAEMON Tools Lite
Europa Universalis - Rome
Eusing Free Registry Cleaner
Google Chrome
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
League of Legends
LodeRunner2
Magic ISO Maker v5.5 (build 0281)
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Play System (Patching)
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Octoshape add-in for Adobe Flash Player
Pando Media Booster
Pandora
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Windows Media Encoder (KB2447961)
ShadowBeamz
The Battle for Middle-earth ™ II
The Lord of the Rings, The Rise of the Witch-king
Tropico 3: Absolute Power
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
12/1/2011 4:21:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/1/2011 3:16:29 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
12/1/2011 3:09:41 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
12/1/2011 10:51:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:12 PM

Posted 08 December 2011 - 10:44 AM

Hi, I see you installed new video drivers 1 December. However, from your description it looks like this was after you encountered the problem. Any other program/driver you installed around the same time?

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


Also, one never knows, a disk check may be in order. Click Start > All programs > Accessories, right click on Command Prompt and select Run As Administrator.
At the command prompt, type chkdsk /r and press enter.
When asked to confirm, please do so by typing Y.
Restart your computer. The disk check should now start automatically. Please let it run unhindered.

Afterwards see if anything has changed.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 bilboy32

bilboy32
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 08 December 2011 - 07:52 PM

So, I did the chkdsk. After two crashes (presumably from overheating, solved by laying laptop on an icepack) it completed, and nothing is different. The game still crashes, and the disabled MSE changed nothing. As for utorrent, it hasn't been used in a long time and was for .rar from friends, not a constant illegal download fest.

Apologies if this seems odd or unsolvable.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:12 PM

Posted 09 December 2011 - 02:26 AM

If you experience overheating, I would look into that first. It could well cause the crashes (when playing games usually a lot more resources are used and thus more heat is produced) and if not remedied, it can cause extensive, irreparable damage to your computer.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 bilboy32

bilboy32
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 09 December 2011 - 12:34 PM

Well the overheating I have done several things about, including fan controls and cooling pads. Its a rare occurrence that my MBP overheats anymore, unless I forget to put the fan controller on. Also, I just tried putting my Vista install disk in and attempted to repair. Didn't work. This is a very sudden failure of the program, and shouldn't be an OS issue or malware related, but I really cannot figure out what else to do.

Could it be related to the graphics driver updates? If so, should I remove them and move it back to an older version? That doesn't seem to make sense to me, but I'm near the end of my rope.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:12 PM

Posted 09 December 2011 - 12:51 PM

It is possible, yes. You can try to uninstall the old ones (roll back driver). Graphics drivers can do strange things sometimes. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 bilboy32

bilboy32
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 09 December 2011 - 03:20 PM

Well that didn't work either. I guess this is just hopeless, which sucks because its one of my favorite games.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,313 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:12 PM

Posted 09 December 2011 - 03:24 PM

What you can do is try to create another hardware profile and see if you can play it from there.

Lets also if there is somehow something malicious that escaped previous scans.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 bilboy32

bilboy32
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:12 PM

Posted 09 December 2011 - 03:54 PM

ComboFix 11-12-09.02 - Billiam 12/09/2011 15:46:41.1.2 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.4071.2699 [GMT -5:00]
Running from: c:\users\Billiam\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
.
.
((((((((((((((((((((((((( Files Created from 2011-11-09 to 2011-12-09 )))))))))))))))))))))))))))))))
.
.
2074-05-07 22:38 . 2006-11-22 00:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
2011-12-09 20:51 . 2011-12-09 20:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-09 20:39 . 2011-12-09 20:39 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{893CC5E8-1D02-4277-946F-0DA248E114AC}\offreg.dll
2011-12-09 17:59 . 2009-09-04 22:44 517960 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-12-09 17:59 . 2009-09-04 22:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-12-09 17:59 . 2009-09-04 22:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll
2011-12-09 17:59 . 2009-09-04 22:44 176968 ----a-w- c:\windows\system32\xactengine3_5.dll
2011-12-09 17:59 . 2009-09-04 22:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-12-09 17:59 . 2009-09-04 22:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-12-09 15:24 . 2011-12-09 20:37 -------- d---a-w- C:\.fseventsd
2011-12-09 00:45 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{893CC5E8-1D02-4277-946F-0DA248E114AC}\mpengine.dll
2011-12-01 22:03 . 2011-12-01 22:03 -------- d-----w- c:\users\Billiam\AppData\Roaming\Malwarebytes
2011-12-01 22:03 . 2011-12-01 22:03 -------- d-----w- c:\programdata\Malwarebytes
2011-12-01 22:03 . 2011-12-01 22:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-12-01 22:03 . 2011-08-31 22:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-01 20:58 . 2011-10-15 08:53 137536 ----a-w- c:\windows\system32\nvshext.dll
2011-12-01 20:58 . 2011-10-15 08:53 837952 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-12-01 20:56 . 2010-03-10 01:04 1063016 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-12-01 20:39 . 2010-07-09 22:38 660072 ----a-w- c:\windows\system32\nvudisp.exe
2011-12-01 19:38 . 2011-12-01 20:59 -------- d-----w- c:\users\UpdatusUser
2011-12-01 19:37 . 2011-12-01 20:59 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-12-01 19:37 . 2011-12-09 20:17 -------- d-----w- c:\programdata\NVIDIA
2011-12-01 19:37 . 2011-12-01 20:58 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-12-01 19:35 . 2011-10-15 08:53 68928 ----a-w- c:\windows\system32\OpenCL.dll
2011-12-01 19:35 . 2011-10-15 08:53 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-12-01 19:35 . 2011-10-15 08:53 24796992 ----a-w- c:\windows\system32\nvcompiler.dll
2011-12-01 19:35 . 2011-10-15 08:53 2232128 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-12-01 19:35 . 2011-10-15 08:53 17248576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2011-12-01 19:35 . 2011-10-15 08:53 1533248 ----a-w- c:\windows\system32\nvdispco64.dll
2011-12-01 19:35 . 2011-10-15 08:53 1454400 ----a-w- c:\windows\system32\nvgenco64.dll
2011-12-01 19:35 . 2010-03-10 01:04 9613416 ----a-w- c:\windows\system32\nvd3dumx.dll
2011-12-01 19:35 . 2010-03-10 01:04 1313896 ----a-w- c:\windows\system32\nvapi64.dll
2011-11-29 19:59 . 2011-11-29 19:59 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-11-20 03:50 . 2011-11-20 03:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-20 03:49 . 2011-11-20 03:49 -------- d-sh--w- c:\users\Billiam\AppData\Local\4db361a3
2011-11-15 20:06 . 2011-09-20 21:06 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-15 20:06 . 2011-09-20 14:04 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-11-15 20:06 . 2011-10-17 11:41 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-11-15 20:06 . 2011-10-17 11:41 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-11-15 20:06 . 2011-09-30 16:16 893440 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-15 20:06 . 2011-09-30 16:16 50688 ----a-w- c:\program files\Windows Mail\wabimp.dll
2011-11-15 20:06 . 2011-09-30 15:57 707584 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-21 11:40 . 2010-03-12 18:25 8822856 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-21 20:29 . 2011-10-21 20:32 917840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D0213FEC-7F95-4600-A978-6547ACE16444}\gapaengine.dll
2011-10-15 05:54 . 2011-10-15 05:54 321856 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 USBIODS64;Beamz Interactive USB Controller 64 bit;c:\windows\system32\Drivers\USBIODS64.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [x]
S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [x]
S2 inpoutx64;inpoutx64;c:\windows\system32\Drivers\inpoutx64.sys [x]
S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [x]
S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [x]
S3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [x]
S3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [x]
S3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-541805414-318844384-2578015136-1000Core.job
- c:\users\Billiam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-09 14:47]
.
2011-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-541805414-318844384-2578015136-1000UA.job
- c:\users\Billiam\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-09 14:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-01-20 6962720]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-01-20 1833504]
"Apple_KbdMgr"="c:\program files\Boot Camp\KbdMgr.exe" [2009-11-15 626464]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-05 16395880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{8BCAFB73-49AE-4AC4-00A1-70E4EC38BD4E} - c:\program files (x86)\Electronic Arts\The Lord of the Rings
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-12-09 15:52:48
ComboFix-quarantined-files.txt 2011-12-09 20:52
.
Pre-Run: 673,280,000 bytes free
Post-Run: 3,278,381,056 bytes free
.
- - End Of File - - 775BF01D31CDD5D67636747EFA34B5DF




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users