Generic host services has encountered a problem...

Getting this message shortly after startup:

Generic host process for win32 services has encountered a problem and needs to close.

Soon after other symptoms appear:

Lose internet connection even though it appears OK. Cannot view available networks.
Taskbar sometimes reverts back to '98 style
Screen flickers (icons) or shifts briefly.
No sound other than system sounds. - "no active mixer devices available "


Some recent additions before the problem:
Installed a HP All-in-one printer
Installed/removed software for uploading contacts from a nokia cell phone

After the problem:
Removed old virus program
installed and ran Norton 360
installed and ran HJT
installed and ran adaware

I have searched your site and found similar issues but the solutions were different so I decided to start a new thread.

Logs ready at your request.
downloading your associates program now...

 

Security Update for Windows XP (KB921883) has been installed.
also forgot to mention that I tried a restore to two weeks ago but it did not help.

DSS LOG:

Deckard's System Scanner v20071014.68
Run by Valued Customer on 2008-02-08 00:42:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; System Restore is disabled (service is not running).


-- Last 5 Restore Point(s) --
31: 2008-02-08 05:23:23 UTC - RP224 - Installed Ad-Aware 2007
30: 2008-02-06 19:24:13 UTC - RP223 - Restore Operation
29: 2008-02-06 19:20:32 UTC - RP222 - Restore Operation
28: 2008-02-06 18:22:22 UTC - RP221 - Restore Operation
27: 2008-01-31 04:52:12 UTC - RP220 - Installed Windows XP Wudf01005.


-- First Restore Point --
1: 2007-11-03 19:14:27 UTC - RP194 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 447 MiB (512 MiB recommended).


-- HijackThis (run as Valued Customer.exe) -------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:41 AM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Valued Customer\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Valued Customer.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.7\UIBHO.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe "
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll (file missing)
O22 - SharedTaskScheduler: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7534 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 UBHelper - c:\windows\system32\drivers\ubhelper.sys
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 osaio - c:\windows\system32\drivers\osaio.sys <Not Verified; Avocent/OSA Technologies Inc.; Windows (R) Server 2003 DDK driver>
R2 osanbm - c:\windows\system32\drivers\osanbm.sys <Not Verified; Windows (R) 2000 DDK provider; OSA int15 Driver>
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R3 int15.sys - c:\program files\acer\erecovery\int15.sys
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >

S3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 anbmService (Notebook Manager Service) - c:\acer\emanager\anbmserv.exe <Not Verified; OSA Technologies Inc.; Acer eManager for Notebook>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: SiS 900-Based PCI Fast Ethernet Adapter
Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_00831025&REV_91\3&267A616A&0&20
Manufacturer: SiS
Name: SiS 900-Based PCI Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1039&DEV_0900&SUBSYS_00831025&REV_91\3&267A616A&0&20
Service: SISNICXP


-- Files created between 2008-01-08 and 2008-02-08 -----------------------------

2008-02-08 00:41:10 0 d-------- C:\WINDOWS\LastGood
2008-02-07 22:23:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 22:22:28 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 21:52:35 0 d-------- C:\Program Files\Trend Micro
2008-02-07 21:02:35 0 d-------- C:\Documents and Settings\Valued Customer\.housecall6.6
2008-02-07 00:47:29 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Symantec
2008-02-06 14:56:56 0 d-------- C:\Program Files\Norton 360
2008-02-06 14:55:47 0 d-------- C:\Program Files\Symantec
2008-01-30 21:49:44 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-30 21:49:25 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Nokia
2008-01-30 21:48:24 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\PC Suite
2008-01-30 21:48:14 0 d-------- C:\Program Files\PC Connectivity Solution
2008-01-30 21:47:01 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-01-21 23:05:45 3407872 --a------ C:\Documents and Settings\Valued Customer\ntuser.dat
2008-01-21 23:05:45 237568 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-01-19 09:13:44 0 d-------- C:\Program Files\Apple Software Update
2008-01-19 09:13:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple


-- Find3M Report ---------------------------------------------------------------

2007-12-26 15:14:32 0 d-------- C:\Documents and Settings\Valued Customer\Application Data\Sun
2007-12-26 15:14:28 3072 --a------ C:\WINDOWS\mozver.dat
2007-12-26 15:12:38 0 d-------- C:\Program Files\Java
2007-12-26 15:11:40 0 d-------- C:\Program Files\Common Files\Java
2007-11-19 22:50:56 117404 --a------ C:\WINDOWS\hpoins11.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp "= "Alaunch" []
"SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [10/07/2004 11:44 PM]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/07/2004 11:43 PM]
"SoundMan "= "SOUNDMAN.EXE" [02/23/2005 06:13 PM C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG "= "AGRSMMSG.exe" [10/07/2004 07:50 PM C:\WINDOWS\AGRSMMSG.exe]
"SiSPower "= "SiSPower.dll" [02/25/2005 07:35 PM C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook "= "C:\WINDOWS\system32\keyhook.exe" [03/04/2005 01:13 PM]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [08/04/2004 05:00 AM]
"MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [08/04/2004 05:00 AM]
"PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00 AM]
"PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [08/04/2004 05:00 AM]
"PCMService "= "C:\Program Files\Arcade\PCMService.exe" [03/09/2005 06:59 PM]
"LManager "= "C:\Program Files\Launch Manager\QtZgAcer.EXE" [03/28/2005 12:30 PM]
"eRecoveryService "= "C:\Windows\System32\Check.exe" [03/23/2005 10:01 AM]
"UserFaultCheck "= "C:\WINDOWS\system32\dumprep 0 -u" []
"SSBkgdUpdate "= "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [10/14/2003 10:22 AM]
"PaperPort PTD "= "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [04/14/2004 02:46 PM]
"IndexSearch "= "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [04/14/2004 03:04 PM]
"SetDefPrt "= "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [05/25/2004 09:16 AM]
"ControlCenter2.0 "= "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [07/20/2004 09:34 AM]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [01/13/2006 06:36 PM]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [02/19/2006 02:41 AM]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/17/2007 06:54 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector "=C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [3/7/2005 12:07:26 PM]
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [5/27/2007 8:43:06 PM]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2/19/2006 4:21:22 AM]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b166be07-30a4-4d38-b781-44528a630706} "= C:\WINDOWS\system32\gqagksr.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"hydrodictyon "= {b166be07-30a4-4d38-b781-44528a630706} - C:\WINDOWS\system32\gqagksr.dll [ ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@= "Service "

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusBurster]
C:\Program Files\VirusBurster\virusburster.exe /h

*Newly Created Service* - COMHOST



-- End of Deckard's System Scanner: finished at 2008-02-08 00:44:24




DSS EXTRA TEXT:





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Mobile AMD Sempron(tm) Processor 3000+
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 446.48 MiB / 132.15 MiB
Pagefile Memory (total/avail): 1054.12 MiB / 729.95 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1922.94 MiB

C: is Fixed (FAT32) - 35.7 GiB total, 23.43 GiB free.
D: is Fixed (FAT32) - 35.87 GiB total, 35.63 GiB free.
E: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - HTS541080G9AT00 - 74.53 GiB - 3 partitions
\PARTITION0 - Unknown - 2.93 GiB
\PARTITION1 (bootable) - Unknown - 35.71 GiB - C:
\PARTITION2 - Extended w/Extended Int 13 - 35.88 GiB - D:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: Norton 360 v2007 (SYMANTEC Corporation)
AV: Norton 360 v2007 (SYMANTEC Corperation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "= "%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe "
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe "
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe "
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe "
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe "
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe "
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe "
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe "
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe "
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe "
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe "= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe "
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe "= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe "
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe "
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe "= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe "


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Valued Customer\Application Data
CLASSPATH=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ACER-2E68C49B20
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Valued Customer
LOGONSERVER=\\ACER-2E68C49B20
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;;C:\PROGRA~1\COMMON~1\MUVEET~1\030625;C:\PROGRA~1\COMMON~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\QuickTime\QTSystem\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\VALUED~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\VALUED~1\LOCALS~1\Temp
USERDOMAIN=ACER-2E68C49B20
USERNAME=Valued Customer
USERPROFILE=C:\Documents and Settings\Valued Customer
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Valued Customer (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Acer Inc.\Acer English Online Help Creator\Uninst.isu "
--> MsiExec.exe /I{8A42F680-2DD6-11D4-9A8C-0040F6982C20}
--> MsiExec.exe /I{A2529672-574A-4A99-86A5-C1770A0E31FE}
--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E06E4F4E-72D6-4497-BFFD-BCB43077C2F4}\setup.exe" -l0x9 -uninst
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acer eManager for Notebook --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{827289F5-B44F-4E49-9993-840741585A62}
Acer GridVista --> C:\WINDOWS\UnInst32.exe GridV.UNI
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Ad-Aware SE Personal --> C:\PROGRA~1\LAVASOFT\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\LAVASOFT\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll "
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 6.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-000000000001}
Agere Systems AC'97 Modem --> agrsmdel
AnyDVD --> "C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D= "C:\Program Files\SlySoft\AnyDVD "
AppCore --> MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Arcade 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe" -uninstall
AV --> MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Brother MFL-Pro Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40A6C96D-808E-41DD-8716-617AB6B0F1F1}\Setup.exe" -l0x9 Brunin03.dllBrunin03.dll
ccCommon --> MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
CloneDVD2 --> "C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D= "C:\Program Files\Elaborate Bytes\CloneDVD2 "
DesignPro 5.0 Limited Edition --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{97AE00A8-1336-410F-B467-1C6623127BD6}
GearDrvs --> MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe "
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
hp deskjet 930c series --> rundll32 hpzcon04.dll,VendorJettison hp deskjet 930c series
hp deskjet 930c series (Remove only) --> C:\Program Files\hp deskjet 930c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB002 -vproduct=930c -huninstall
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential --> MsiExec.exe /X{EB21A812-671B-4D08-B974-2A347F0D8F70}
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Launch Manager --> C:\WINDOWS\UnInst32.exe QtZgAcer.UNI
Launchy 1.25 --> "C:\Program Files\Launchy\unins000.exe "
LiveUpdate 3.2 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LOGO!Soft Comfort V5.0 --> "C:\Program Files\Siemens\LOGOComfort_V5\UninstallerData\Uninstall.exe "
MasterCook 7 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5F457DDF-B768-434C-8802-9BB3B383B1E8}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe "
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe "
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN --> C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
Norton 360 --> MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360 --> MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton 360 --> MsiExec.exe /I{63A6E9A9-A190-46D4-9430-2DB28654AFD8}
Norton 360 (Symantec Corporation) --> "C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_3_0_24\{2D617065-1C52-4240-B5BC-C0AE12157777}.exe" /X
Norton 360 Help --> MsiExec.exe /I{1CA941F1-5006-487E-9FD4-09F812A7D6B8}
Norton Confidential Browser Component --> MsiExec.exe /I{4843B611-8FCB-4428-8C23-31D0A5EAE164}
Norton Confidential Web Authentification Component --> MsiExec.exe /I{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}
Norton Confidential Web Protection Component --> MsiExec.exe /I{D353CC51-430D-4C6F-9B7E-52003DA1E05A}
NTI Backup NOW! 4 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{69CC0647-7F98-4358-AAB6-4F65C0705400} /l1033 BUN4
NTI CD & DVD-Maker Gold --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5242A858-AD61-4130-92D4-BDF5087CE562} /l1033 CDM7
OCR Software by I.R.I.S 7.0 --> C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
PanaLog Viewer --> MsiExec.exe /X{BB3E9884-7A69-4E43-9B48-C33B60C8382C}
PaperPort --> MsiExec.exe /I{A17EABB6-D0C6-44E5-820C-72DC7F495064}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe "
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.EXE" -uninstall
Public Messenger ver 2.03 --> "C:\Program Files\X Password Generator\pmuninst.exe "
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek AC'97 Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
SiS 900 PCI Fast Ethernet Adapter Driver --> C:\WINDOWS\SiS\900\Uninst.exe
SiS VGA Utilities --> Rundll32 SiSInst.dll,Uninstall VGA,R,oem7.inf
SiSAGP driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
SPBBC 32bit --> MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SuppSoft --> MsiExec.exe /I{022DA2C3-81C7-4003-A6BC-1BB147B20097}
Symantec KB-DocID:2003093015493306 --> MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Symantec Technical Support Controls --> MsiExec.exe /I{92B1B3CC-EC78-45B8-96D0-8B3F11495864}
SymNet --> MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll ",standAloneUninstall
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe "


-- Application Event Log -------------------------------------------------------

Event Record #/Type7200 / Error
Event Submitted/Written: 02/08/2008 00:17:55 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module wuaueng.dll, version 7.0.6000.381, fault address 0x0014d8cd.
Processing media-specific event for [svchost.exe!ws!]

Event Record #/Type7192 / Error
Event Submitted/Written: 02/07/2008 11:22:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module wuaueng.dll, version 7.0.6000.381, fault address 0x0014d8cd.
Processing media-specific event for [svchost.exe!ws!]

Event Record #/Type7184 / Error
Event Submitted/Written: 02/07/2008 10:38:04 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module wuaueng.dll, version 7.0.6000.381, fault address 0x0014d8cd.
Processing media-specific event for [svchost.exe!ws!]

Event Record #/Type7175 / Error
Event Submitted/Written: 02/07/2008 09:40:25 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module wuaueng.dll, version 7.0.6000.381, fault address 0x0014d8cd.
Processing media-specific event for [svchost.exe!ws!]

Event Record #/Type7167 / Error
Event Submitted/Written: 02/07/2008 08:36:51 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module wuaueng.dll, version 7.0.6000.381, fault address 0x0014d8cd.
Processing media-specific event for [svchost.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type53732 / Error
Event Submitted/Written: 02/08/2008 00:43:47 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
The BrSplService service has reported an invalid current state 0.

Event Record #/Type53649 / Error
Event Submitted/Written: 02/07/2008 11:24:10 PM
Event ID/Source: 7032 / Service Control Manager
Event Description:
The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:
%%1056

Event Record #/Type53110 / Warning
Event Submitted/Written: 02/07/2008 09:30:19 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type53109 / Warning
Event Submitted/Written: 02/07/2008 09:30:19 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.

Event Record #/Type53108 / Warning
Event Submitted/Written: 02/07/2008 09:30:19 PM
Event ID/Source: 51 / Cdrom
Event Description:
An error was detected on device \Device\CdRom0 during a paging operation.



-- End of Deckard's System Scanner: finished at 2008-02-08 00:44:24 ------------

 

Hi Zed
Welcome to Windowsbbs.

These are some of the worst problems to figure out, because they are Generic it could be many things.

So we'll make sure you are clean first and hope this will fix it.


Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter "; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool "; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Please post the smitfraud log.

Thanks
Geri

 

SmitFraudFix v2.284

Scan done at 11:29:39.57, Sat 02/09/2008
Run from C:\Documents and Settings\Valued Customer\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Valued Customer


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Valued Customer\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\VALUED~1\FAVORI~1

C:\DOCUME~1\VALUED~1\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b166be07-30a4-4d38-b781-44528a630706} "= "hydrodictyon "

[HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@= "C:\WINDOWS\system32\gqagksr.dll "

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@= "C:\WINDOWS\system32\gqagksr.dll "



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs "=" "


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System "=" "


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 802.11g Network Adapter - Packet Scheduler Miniport
DNS Server Search Order: 64.59.184.13
DNS Server Search Order: 64.59.184.15

HKLM\SYSTEM\CCS\Services\Tcpip\..\{49D56AF3-1815-4E42-BC61-AE112BABC2DE}: DhcpNameServer=64.59.184.13 64.59.184.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{49D56AF3-1815-4E42-BC61-AE112BABC2DE}: DhcpNameServer=64.59.184.13 64.59.184.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{49D56AF3-1815-4E42-BC61-AE112BABC2DE}: DhcpNameServer=64.59.184.13 64.59.184.15
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.59.184.13 64.59.184.15
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=64.59.184.13 64.59.184.15
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=64.59.184.13 64.59.184.15


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

Hi Zed

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter ".
• Choose your usual account.

Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ? "; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter ".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

Thanks
Geri

 

Same error occurs. Background reset.

SmitFraudFix v2.284

Scan done at 18:19:27.60, Sat 02/09/2008
Run from C:\Documents and Settings\Valued Customer\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b166be07-30a4-4d38-b781-44528a630706} "= "hydrodictyon "

[HKEY_CLASSES_ROOT\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@= "C:\WINDOWS\system32\gqagksr.dll "

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{b166be07-30a4-4d38-b781-44528a630706}\InProcServer32]
@= "C:\WINDOWS\system32\gqagksr.dll "


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\VALUED~1\FAVORI~1\Online Security Test.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{49D56AF3-1815-4E42-BC61-AE112BABC2DE}: DhcpNameServer=64.59.184.13 64.59.184.15
HKLM\SYSTEM\CS1\Services\Tcpip\..\{49D56AF3-1815-4E42-BC61-AE112BABC2DE}: DhcpNameServer=64.59.184.13 64.59.184.15
HKLM\SYSTEM\CS3\Services\Tcpip\..\{49D56AF3-1815-4E42-BC61-AE112BABC2DE}: DhcpNameServer=64.59.184.13 64.59.184.15
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=64.59.184.13 64.59.184.15
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=64.59.184.13 64.59.184.15
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=64.59.184.13 64.59.184.15


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System "=" "


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End



Thanks for your help so far Geri...
I appreciate it.
Zed

 

Hi Zed

Download ComboFix from [color= "Red"]Here[/color] to your Desktop.
It's best to disable realtime protection applications as they sometimes interfere with the tool. Check this link for any applicable programs you may have.

• Close all open programs and windows
• Double click combofix.exe and follow the prompts.
• Vista users right click Combofix.exe and select Run As Administrator.
• When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Please post the CF log.

Thanks
Geri

 

still same symptoms...



ComboFix 08-02.05.3 - Valued Customer 2008-02-10 11:54:57.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.136 [GMT -7:00]
Running from: C:\Documents and Settings\Valued Customer\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-02-09 14:02 . 2008-02-09 14:02 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-02-09 14:02 . 2008-02-09 14:02 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-02-09 13:39 . 2008-02-09 13:39 <DIR> d-------- C:\Program Files\Avanquest update
2008-02-09 13:38 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-02-09 13:38 . 2007-02-27 14:31 21,504 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-02-09 13:37 . 2008-02-09 13:37 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2008-02-09 13:37 . 2008-02-09 13:37 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-02-09 13:37 . 2008-02-09 13:37 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-02-09 13:37 . 2008-02-09 13:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-09 13:36 . 2008-02-09 13:36 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\InstallShield
2008-02-09 11:29 . 2008-02-09 18:19 4,856 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-08 23:47 . 2008-02-08 23:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-08 23:47 . 2008-02-08 23:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-08 00:30 . 2008-02-08 00:30 <DIR> d-------- C:\Deckard
2008-02-07 22:23 . 2008-02-07 22:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-07 22:22 . 2008-02-07 22:22 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-07 21:52 . 2008-02-07 21:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-07 21:05 . 2008-02-07 21:02 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-07 21:02 . 2008-02-07 21:02 <DIR> d-------- C:\Documents and Settings\Valued Customer\.housecall6.6
2008-02-07 14:07 . 2008-01-12 18:32 23,904 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-02-07 14:07 . 2008-01-15 09:54 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-02-07 14:07 . 2008-01-15 05:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-02-07 00:47 . 2008-02-07 00:47 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Symantec
2008-02-06 14:56 . 2008-02-06 14:56 <DIR> d-------- C:\Program Files\Norton 360
2008-02-06 14:56 . 2008-02-06 16:17 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-06 14:56 . 2008-02-06 16:17 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-06 14:56 . 2008-02-06 16:17 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-06 14:56 . 2008-02-06 16:17 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-06 14:55 . 2008-02-06 14:55 <DIR> d-------- C:\Program Files\Symantec
2008-01-30 21:49 . 2008-01-30 21:49 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\Nokia
2008-01-30 21:49 . 2008-01-30 21:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-01-30 21:48 . 2008-01-30 21:48 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-01-30 21:48 . 2008-01-30 21:48 <DIR> d-------- C:\Documents and Settings\Valued Customer\Application Data\PC Suite
2008-01-30 21:47 . 2008-01-30 21:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-01-19 09:13 . 2008-01-19 09:13 <DIR> d-------- C:\Program Files\Apple Software Update
2008-01-19 09:13 . 2008-01-19 09:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-26 22:12 --------- d-----w C:\Program Files\Java
2007-12-26 22:11 --------- d-----w C:\Program Files\Common Files\Java
2007-12-14 18:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-11-14 07:26 450,560 ----a-w C:\WINDOWS\system32\dllcache\jscript.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp "= "Alaunch" []
"SynTPLpr "= "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
"SynTPEnh "= "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
"SoundMan "= "SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG "= "AGRSMMSG.exe" [2004-10-07 19:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower "= "SiSPower.dll" [2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook "= "C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"IMJPMIG8.1 "= "C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 05:00 208952]
"MSPY2002 "= "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 05:00 59392]
"PHIME2002ASync "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PHIME2002A "= "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 05:00 455168]
"PCMService "= "C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
"LManager "= "C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:30 315392]
"eRecoveryService "= "C:\Windows\System32\Check.exe" [2005-03-23 10:01 245760]
"SSBkgdUpdate "= "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22 155648]
"PaperPort PTD "= "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393]
"IndexSearch "= "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 15:04 40960]
"SetDefPrt "= "C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"ControlCenter2.0 "= "C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 09:34 851968]
"QuickTime Task "= "C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"HPDJ Taskbar Utility "= "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 18:36 196608]
"HP Software Update "= "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"SunJavaUpdateSched "= "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccApp "= "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 18:54 116072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector "= "C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 14:18 443968]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-03-07 12:07:26 331776]
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-05-27 20:43:06 552960]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusBurster]
C:\Program Files\VirusBurster\virusburster.exe

R1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 14:46]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 21:15]
S3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43]

*Newly Created Service* - COMHOST
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 11:56:36
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-10 11:57:09
.
2008-01-10 23:07:03 --- E O F ---

 

Hi Zed
OK, CF does not show that svchost was infected, which is good.
But we need to get rid of this.

Open "NotePad" Copy the contents of the code box below to the blank NotePad.
Click "File" > "Save as "
In the "Save In" box at the top click the down arrow and select DeskTop

In the "File name" type in: fix.reg
In the "Save As Type" select: All Files
Once saved, Go to your desktop double click "fix.reg file" and let it merge with the registry.

Code:

REGEDIT4
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusBurster] 

You dss log is showing a problem with windows update, "faulting module wuaueng.dll, "

Event Record #/Type7192 / Error
Event Submitted/Written: 02/07/2008 11:22:26 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application svchost.exe, version 5.1.2600.2180, faulting module wuaueng.dll, version 7.0.6000.381, fault address 0x0014d8cd.
Processing media-specific event for [svchost.exe!ws!]

Here is a link with some instructions you might try.
http://www.pchell.com/support/svchosterror.shtml

Geri

 

The error comes up again. No other symptoms yet. I will try some of the stuff in the link.

Thanks again.

I'll let you know how it goes.

 

Nope that didn't work either. Didn't try the "other problems with svchost" section which refers to cpu cycles.

same error same symptoms.

Side note: I tried to do a windows update several times just to see if there was something I needed but the updates just hangs at "scanning for required updates" for 20 minutes or more until I finally lose the connection again due to the current issue.

I'm guessing you think this may not be malware/spyware related?

Appreciate you hanging in there dude.

Thx

Zed

 

I think Geri is on the right track. Please send the output of the following commands.

1. dir %windir%\Windowsupdate.log
Paste in the output of this command.

2. reg EXPORT HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate c:\w
indows\temp\RegWindowsUpdate.txt
a. The above is all one command on the same line. You could do the same by running regedit and exporting the key to a text file. Please paste in the contents of RegWindowsUpdate.txt

I suspect that the WindowsUpate.log is going to be very large, but let's see.

 

Hi Debug,

Not sure I did this right...
STEP 2:
This is the key using the regedit method. I'll check the cmd line method and if the results are diferent I will post.

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
Class Name: <NO CLASS>
Last Write Time: 2/11/2008 - 8:47 PM
Value 0
Name: SusClientId
Type: REG_SZ
Data: e6d95cdf-0609-4a88-af0e-58fd2ac4d913

Value 1
Name: SusClientIdValidation
Type: REG_BINARY
Data:
00000000 04 01 28 01 20 00 20 00 - 20 00 20 00 20 00 20 00 ..(. . . . . . .
00000010 4d 00 50 00 42 00 34 00 - 4c 00 41 00 58 00 36 00 M.P.B.4.L.A.X.6.
00000020 48 00 32 00 4a 00 4b 00 - 30 00 4d 00 06 00 14 a4 H.2.J.K.0.M....¤
00000030 3b 7c 49 ;|I

Value 2
Name: ResetClient
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update
Class Name: <NO CLASS>
Last Write Time: 2/11/2008 - 8:47 PM
Value 0
Name: ConfigVer
Type: REG_DWORD
Data: 0x1

Value 1
Name: AUOptions
Type: REG_DWORD
Data: 0x4

Value 2
Name: ScheduledInstallDay
Type: REG_DWORD
Data: 0x0

Value 3
Name: ScheduledInstallTime
Type: REG_DWORD
Data: 0x3

Value 4
Name: NextDetectionTime
Type: REG_SZ
Data: 2008-02-12 03:46:44

Value 5
Name: ScheduledInstallDate
Type: REG_SZ
Data: 2008-02-12 10:00:00

Value 6
Name: BalloonTime
Type: REG_SZ
Data: 2008-01-10 23:45:41

Value 7
Name: BalloonType
Type: REG_DWORD
Data: 0x6


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results
Class Name: <NO CLASS>
Last Write Time: 6/21/2007 - 9:21 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect
Class Name: <NO CLASS>
Last Write Time: 2/10/2008 - 11:49 AM
Value 0
Name: LastError
Type: REG_DWORD
Data: 0x0

Value 1
Name: LastSuccessTime
Type: REG_SZ
Data: 2008-02-10 18:49:44


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Download
Class Name: <NO CLASS>
Last Write Time: 1/8/2008 - 9:54 PM
Value 0
Name: LastError
Type: REG_DWORD
Data: 0x0

Value 1
Name: LastSuccessTime
Type: REG_SZ
Data: 2008-01-09 04:54:20


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install
Class Name: <NO CLASS>
Last Write Time: 1/10/2008 - 4:07 PM
Value 0
Name: LastSuccessTime
Type: REG_SZ
Data: 2008-01-10 23:07:03

Value 1
Name: LastError
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting
Class Name: <NO CLASS>
Last Write Time: 4/11/2006 - 8:10 AM
Value 0
Name: BatchFlushAge
Type: REG_DWORD
Data: 0x29c5

Value 1
Name: SequenceNumber
Type: REG_DWORD
Data: 0x3

Value 2
Name: SamplingValue2
Type: REG_DWORD
Data: 0x1c


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache
Class Name: <NO CLASS>
Last Write Time: 2/6/2008 - 12:28 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\Sus
Class Name: <NO CLASS>
Last Write Time: 4/11/2006 - 8:10 AM
Value 0
Name: CurrentCacheFile
Type: REG_SZ
Data: C:\WINDOWS\SoftwareDistribution\EventCache\{E1872A66-A4EF-4F70-8352-DD90B8FC6C09}.bin

Value 1
Name: FlushCacheFiles
Type: REG_MULTI_SZ
Data:


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Reporting\EventCache\WU
Class Name: <NO CLASS>
Last Write Time: 4/11/2006 - 8:10 AM
Value 0
Name: CurrentCacheFile
Type: REG_SZ
Data: C:\WINDOWS\SoftwareDistribution\EventCache\{A4899AE0-9934-4AAF-A9EB-4DBE363064BD}.bin

Value 1
Name: FlushCacheFiles
Type: REG_MULTI_SZ
Data:


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services
Class Name: <NO CLASS>
Last Write Time: 2/11/2008 - 8:47 PM
Value 0
Name: DefaultService
Type: REG_SZ
Data: 7971f918-a847-4430-9279-4a52d1efe18d

Value 1
Name: ReregisterAuthorizationCab
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\7971f918-a847-4430-9279-4a52d1efe18d
Class Name: <NO CLASS>
Last Write Time: 2/11/2008 - 8:47 PM
Value 0
Name: AuthorizationCab
Type: REG_SZ
Data: muauth.cab


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending
Class Name: <NO CLASS>
Last Write Time: 6/19/2007 - 6:36 PM
Value 0
Name: ValidatedPreWsus3RegistrationRequests
Type: REG_DWORD
Data: 0x1


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup
Class Name: <NO CLASS>
Last Write Time: 2/11/2008 - 8:47 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\Reporting
Class Name: <NO CLASS>
Last Write Time: 2/11/2008 - 8:47 PM

Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\Reporting\7971f918-a847-4430-9279-4a52d1efe18d
Class Name: <NO CLASS>
Last Write Time: 2/11/2008 - 8:47 PM
Value 0
Name: Guid
Type: REG_SZ
Data: 04dd4730-f7bf-4702-b63a-08c389a7e718

Value 1
Name: RevisionID
Type: REG_DWORD
Data: 0x0


Key Name: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Setup\ServiceStartup
Class Name: <NO CLASS>
Last Write Time: 8/30/2007 - 7:27 PM






STEP 2:
Cmd. method

Error: The system was unable to find the specified registry key or value.

Are cmds case sensitive? Tried it anyway.





STEP 1:


Not sure how to copy/paste in cmd (DOS?) mode so i'll copy it verbatem...

Volume in drive C is ACER
Volume serial number is 320D-180E

Directory of C:\windows

02/11/2008 08:47 pm 1,128,517 Windowsupdate.log
1 file 1,128,517 bytes
0 dir 24,573,804,544 bytes free



Hope this information is what you are looking for or else you may have to start treating me like a 2 year old

Dez

 

I believe this is an issue around the windowsupdate.log. So let's do this.

1. Start / Right CLick My Computer / Properties / Automatic Updates
2. Reboot

Does the computer start without crashing? If so skip the next step.

3. Start / Right CLick My Computer / Manage
Expland Services and Applications
Double Click Services
Double Click Automatic Update
Set Startup Type to Manual

4. No go to the Windows Update Site and Install Any Updates
5. Then go back and turn Windows Update Back on

If you still have trouble, we'll need to look at the windowsupdate.log in the windows directory.

 

Been running now for 15min or so without the Host services error. Longest yet so far. By "crashing" did you mean the error comes up and then the cascade failures start?

However, when I try to update I get a message telling me to basically undo everhing you just told me to do:


The site cannot continue because one or more of these Windows services is not running:

Automatic Updates (allows the site to find, download and install high-priority updates for your computer)
Background Intelligent Transfer Service (BITS) (helps updates download more quickly and without problems if the download process is interrupted)
Event Log (keeps a record of updating activities to help with troubleshooting, if needed)
To make sure these services are running:
1. Click Start, and then click Run.
2. Type services.msc and then click OK.
3. In the list of services, double-click on Automatic Updates and then click Properties.
4. In the Startup type list, select Automatic and click Apply.
5. Verify that the Service status is started, if the Service Status is Stopped click on the Start Button.
6. In the list of services, double-click on Background Intelligent Transfer Service (BITS) and then click Properties.
7. In the Startup type list, select Manual and click Apply.
8. Verify that the Service status is started, If the Service Status is Stopped click on the Start Button.
9. In the list of services, double-click on Event Log and then click Properties.
10. In the Startup type list, select Automatic and click Apply.
11. Verify that the Service status is started, If the Service Status is Stopped click on the Start Button.
If this does not resolve the problem you may request help from one of the following resources.

For self-help options:

Frequently Asked Questions
Find Solutions
Windows Update Newsgroup
For assisted support options:
Microsoft Online Assisted Support (no-cost for Windows Update issues)

 

Which one did you do, disable Automatic Updates or change the service to manual?

I think if you just turn off Automatic Updates using control panel, you should still be able to go to the site and update. If you change the Service properties, put it back to "automatic ".

Let's take the steps to isoloate "Automatics Updates" in it's own svchost.exe so it doesn't affect your other running services.

net stop wuauserv
sc config wuauserv type= own
net start wuauserv

If you start the service now. Does it automatically crash? ( At least now the machine will only crash when you want it to.)

Can you post the windowsupdate.log?

 

I followed steps 1-4 at which point I got the error I that I pasted in my last post.

I did not disable automatic updates I just changed it to manual before attempting to update.

I have just now returned it to automatic and then clicked start (the service)
I still have not crashed since the last post so I will try to update now before trying your isolation trick.

 

Holy F*^%*'n ****. That is one long ass log. I could **** my drawers for a week straight and not get a log that long:

The forum spits this error back:

The text that you have entered is too long (1374789 characters). Please shorten it to 35000 characters long.

I'm guessing you don't need to see the actual contents. Can I delete that hairy thing?

Still no crash

You have just been nominated for king!!!

I have not done your isolation trick yet.

Dez

 

Oh ya, 11 updates installed successfully.