Jump to content

Explorer.exe and Stackhash issues


Recommended Posts

Hi,

A few weeks ago I got a nasty virus which virtually crashed my computer. I was able to remove it, I think, using malware bytes in safe mode along with a system restore, though I can't remember which I did first, I think it was the malware scan. Since then, I have been having irregular explorer.exe crashes on startup. I would get the message "explorer.exe has stopped working" with a prompt to close and restart it, which I always did. Afterwards the icons would come back and everything seemed to be working fine. At the suggestion of a friend I did a scan of the hard drive looking for errors and since then the explorer.exe crashes have stopped, but when I try to open certain programs that were working before I contracted the virus, I get a similar error and this report:

Problem signature:

Problem Event Name: APPCRASH

Application Name: RomeTW.exe

Application Version: 1.0.0.0

Application Timestamp: 438afb5a

Fault Module Name: StackHash_fd00

Fault Module Version: 0.0.0.0

Fault Module Timestamp: 00000000

Exception Code: c0000005

Exception Offset: 00000010

OS Version: 6.0.6002.2.2.0.768.3

Locale ID: 1033

Additional Information 1: fd00

Additional Information 2: ea6f5fe8924aaa756324d57f87834160

Additional Information 3: fd00

Additional Information 4: ea6f5fe8924aaa756324d57f87834160

This report is specific to an old game called Total War: Rome. All the programs are older, but all were working on my computer just prior to my getting this virus and I haven't changed drivers or updated windows or anything like that. The virus had made many files and folders hidden and read-only, but after I enabled view hidden files and changed them back to the way they were they would start working again. I am having issues with 3 other programs that I know of. There was another older game that erased some of its saved files, but I think that is an unrelated event. I may have gone overboard with unchecking the hidden and read-only properties but since then I haven't had any other viruses I'm aware of. I just ran all of the programs in the driections as instructed. I believe everything showed up negative. I am running Vista 64-bit with a 2.66 ghz intel quad-core, 4-gigs of dvr2 1066 ram in 2 sticks and a 500 gig Seagrams harddrive with an Nvidia 260 gtx not the latest drivers but the same drivers I was using before the virus. If anyone can help me fix windows without reinstalling it I would be very grateful. Could I still be infected? Is there any way to repair Vista without deleting my memory? Thanks for your time!

Problem signature:

Problem Event Name: APPCRASH

Application Name: engine.exe

Application Version: 2.0.0.0

Application Timestamp: 417bc6c6

Fault Module Name: StackHash_fd00

Fault Module Version: 0.0.0.0

Fault Module Timestamp: 00000000

Exception Code: c0000005

Exception Offset: 00000010

OS Version: 6.0.6002.2.2.0.768.3

Locale ID: 1033

Additional Information 1: fd00

Additional Information 2: ea6f5fe8924aaa756324d57f87834160

Additional Information 3: fd00

Additional Information 4: ea6f5fe8924aaa756324d57f87834160

Total War: Medieval II Kingdoms (possibly unrelated, I haven't used this game in some time)

Could not write license data!

Please contact Customer Support for further instructions.

Mechwarrior 4 Mercenaries (Downloaded with MTX from Mektek)

STOP: You do not have the correct video codec installed to play 'Content\movies\clan_pack.avi'

and if I click 'more info' there's a few pages of it.

if I click continue it goes into windowed mode and gives the same error over again.

.

DDS (Ver_2011-06-23.01) - NTFSAMD64

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_23

Run by Pheobus at 17:38:33 on 2011-06-25

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2006 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG10\avgchsva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\AVG\AVG10\avgnsa.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\AVG\AVG10\avgtray.exe

C:\Program Files (x86)\iPod\bin\iPodService.exe

C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Windows\system32\wuauclt.exe

C:\PROGRA~2\AVG\AVG10\avgrsa.exe

C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\taskeng.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = my.daemon-search.com

uInternet Settings,ProxyServer = http=127.0.0.1:62869

uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

StartupFolder: C:\Users\Pheobus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{ADAB05C4-376F-4FF9-B4A3-204C66024A3E} : DhcpNameServer = 192.168.0.1

Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\PKMCDO.DLL

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll

TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Pheobus\AppData\Roaming\Mozilla\Firefox\Profiles\p1et278b.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 62869

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-4-18 7398752]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 GEST Service;GEST Service for program management.;C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2009-9-12 68136]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-3-18 89920]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

.

=============== Created Last 30 ================

.

2011-06-25 19:21:18 -------- d-----w- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}

2011-06-24 04:28:57 -------- dc-h--w- C:\ProgramData\~0

2011-06-24 04:28:48 -------- d-----w- C:\Users\Pheobus\AppData\Local\PackageAware

2011-06-23 21:57:41 -------- d-----w- C:\Users\Pheobus\AppData\Roaming\AVG10

2011-06-23 21:55:33 -------- d-----w- C:\Windows\SysWow64\drivers\AVG

2011-06-23 21:54:36 -------- d-----w- C:\Windows\System32\drivers\AVG

2011-06-23 21:54:36 -------- d-----w- C:\ProgramData\AVG10

2011-06-23 21:53:24 -------- d-----w- C:\Program Files (x86)\AVG

2011-06-23 21:32:26 -------- d--h--w- C:\ProgramData\Common Files

2011-06-23 21:32:14 -------- d-----w- C:\ProgramData\MFAData

2011-06-15 19:30:01 847360 ----a-w- C:\Windows\System32\oleaut32.dll

2011-06-15 19:30:01 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll

2011-06-15 19:29:23 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-06-15 19:29:23 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-06-15 19:29:04 405504 ----a-w- C:\Windows\System32\drivers\afd.sys

2011-06-15 19:28:53 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-06-15 19:28:53 135680 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-06-15 19:28:53 107008 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-06-15 19:28:35 2762752 ----a-w- C:\Windows\System32\win32k.sys

2011-06-15 19:27:42 97792 ----a-w- C:\Windows\System32\drivers\dfsc.sys

2011-06-15 19:26:12 975360 ----a-w- C:\Windows\System32\inetcomm.dll

2011-06-15 19:26:11 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-06-12 18:29:49 505104 ----a-w- C:\Windows\SysWow64\msxml.dll

2011-06-12 18:29:49 115016 ----a-w- C:\Windows\SysWow64\MSINET.OCX

2011-06-12 18:29:46 89360 ----a-w- C:\Windows\SysWow64\VB5DB.DLL

2011-06-12 18:29:46 69632 ----a-w- C:\Windows\SysWow64\xmltok.dll

2011-06-12 18:29:46 36864 ----a-w- C:\Windows\SysWow64\xmlparse.dll

2011-06-12 18:29:46 35840 ----a-w- C:\Windows\SysWow64\comdlg32.oca

2011-06-12 18:29:46 29184 ----a-w- C:\Windows\SysWow64\MSINET.oca

2011-06-12 18:29:46 28432 ----a-w- C:\Windows\SysWow64\msxmlr.dll

2011-06-12 18:29:46 26096 ----a-w- C:\Windows\SysWow64\xmlinst.exe

2011-06-12 18:29:46 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2011-06-12 18:29:46 140488 ----a-w- C:\Windows\SysWow64\comdlg32.ocx

2011-06-07 16:34:46 -------- d-----w- C:\Users\Pheobus\AppData\Local\Oblivion

2011-06-07 16:08:48 254528 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2011-06-07 16:08:41 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Toolbar

2011-06-07 16:08:24 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite

2011-06-07 16:07:58 -------- d-----w- C:\Users\Pheobus\AppData\Roaming\DAEMON Tools Lite

2011-06-07 16:07:58 -------- d-----w- C:\ProgramData\DAEMON Tools Lite

2011-06-07 02:18:11 -------- d-----w- C:\Program Files (x86)\uTorrentBar

2011-06-07 02:17:41 -------- d-----w- C:\Program Files (x86)\uTorrent

2011-06-07 02:16:17 -------- d-----w- C:\Users\Pheobus\AppData\Roaming\uTorrent

2011-06-02 04:24:40 61440 ----a-w- C:\Program Files (x86)\Microsoft Games\Crimson Skies\csfix.dll

2011-06-01 19:46:45 -------- d-----w- C:\Users\Pheobus\AppData\Roaming\OpenOffice.org

2011-06-01 19:44:06 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2011-05-30 02:50:24 -------- d-----w- C:\ProgramData\GameHouse

2011-05-30 02:50:16 -------- d-----w- C:\Users\Pheobus\AppData\Roaming\Oberon Media

2011-05-30 02:50:08 -------- d-----w- C:\Program Files (x86)\Common Files\Oberon Media

2011-05-30 02:50:05 -------- d-----w- C:\ProgramData\Oberon Media

2011-05-30 02:50:03 -------- d-----w- C:\Program Files (x86)\Yahoo! Games

2011-05-30 02:50:03 -------- d-----w- C:\Program Files (x86)\Oberon Media

2011-05-29 06:18:22 -------- d-----w- C:\Users\Pheobus\AppData\Roaming\go

2011-05-29 06:18:20 -------- d-----w- C:\ProgramData\Easybits GO

.

==================== Find3M ====================

.

2011-06-25 19:20:30 25640 ----a-w- C:\Windows\gdrv.sys

2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-04-15 01:28:12 117328 ----a-w- C:\Windows\System32\drivers\AVGIDSDriver.sys

2011-04-05 04:59:54 377936 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

.

============= FINISH: 17:38:49.89 ===============

mbam-log-2011-06-24 (04-09-56).txt

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

I ran CCleaner which fixed the stackhash erros. I assume it was the windows explorer cache but I guess you guys would know better. Now I'm getting ntdll.dll errors when certain cutscenes try to run. Thanks again.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6983

Windows 6.0.6002 Service Pack 2

Internet Explorer 7.0.6002.18005

6/29/2011 9:29:01 PM

mbam-log-2011-06-29 (21-29-01).txt

Scan type: Quick scan

Objects scanned: 167619

Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

log.txt

Link to post
Share on other sites

The error happens when a video tries to play in the game Rome: Total War. The video occurs after you conquer the last town of a faction and the video basically just announces the end of the faction. Instead, after I click the checkmark after having won the battle, the game crashes and goes to the error, the rest of the screen is black. I could select other apps that were running, but it wouldn't let me take a screenshot. I copied the text of the error though. The top was just a standard "this program has stopped working" error with the "close this program" and "close this program and check online for a solution" options. The rest of it was this:

Problem signature:

Problem Event Name: APPCRASH

Application Name: RomeTW.exe

Application Version: 1.0.0.0

Application Timestamp: 438afb5a

Fault Module Name: ntdll.dll

Fault Module Version: 6.0.6002.18327

Fault Module Timestamp: 4cb7341c

Exception Code: c0000005

Exception Offset: 0001e582

OS Version: 6.0.6002.2.2.0.768.3

Locale ID: 1033

Additional Information 1: c3d2

Additional Information 2: 021e85e3d153160cdf0843d4f445ebe9

Additional Information 3: 5d4d

Additional Information 4: 4d6950015ca505fd1732ee1b1b61fb35

Link to post
Share on other sites

I agree. Originally, I posted it to the "computer problems" area of this forum, and they sent me here. It's definitely not a problem with the program though, as it was working before I got the virus and I haven't updated windows or changed drivers since. Something in the windows programming has to be the issue. Multiple programs I've never had an issue with having similar errors just after 'recovering' from a virus. Where would you suggest I go to fix that? Or do you think I'll probably have to reinstall windows? Thanks for your time. Sorry this wasn't a virus issue but they told me to post here so...

Link to post
Share on other sites

  • 4 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.