1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Generic Host Process for Win32

Discussion in 'Malware and Virus Removal Archive' started by alfa032, 2008/09/24.

  1. 2008/09/24
    alfa032

    alfa032 Inactive Thread Starter

    Joined:
    2008/09/24
    Messages:
    11
    Likes Received:
    0
    [Resolved] Generic Host Process for Win32

    Generic Host Process for Win32 Services has encountered a problem and needs to close.
    This issue isn't the first time on my pc. Before I solved it by formating my HDD and installing a new OS. I'm tired of it, so please help me! It stops my internet connection untill I restart.
    These are logs from HijackThis:

    Logfile of random's system information tool 1.02 (written by random/random)
    Run by Amra at 2008-09-24 22:54:52
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 31 GB (52%) free of 61 GB
    Total RAM: 1022 MB (51% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:55:19, on 24.9.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Amra\Desktop\RSIT.exe
    C:\Program Files\trend micro\Amra.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ba/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.bih.net.ba:8080
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe "
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C459C0F9-4AB2-47F4-ACF4-51924BE3CF36}: NameServer = 195.222.32.10,195.222.32.20
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 4795 bytes

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\RegCure Program Check.job
    C:\WINDOWS\tasks\RegCure.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
    AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-29 455960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
    AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-05 2055960]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-05 2055960]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2007-05-11 8429568]
    "nwiz "=nwiz.exe /install []
    "NvMediaCenter "=C:\WINDOWS\system32\NvMcTray.dll [2007-05-11 81920]
    "RTHDCPL "=C:\WINDOWS\RTHDCPL.EXE [2007-03-21 16126464]
    "SkyTel "=C:\WINDOWS\SkyTel.EXE [2007-03-16 1822720]
    "Alcmtr "=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "NeroFilterCheck "=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
    "Adobe Reader Speed Launcher "=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
    "AVG8_TRAY "=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-29 1235736]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "=C:\WINDOWS\system32\ctfmon.exe [2004-12-02 15360]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} "=C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe [2005-11-24 94208]
    "DAEMON Tools "=C:\Program Files\DAEMON Tools\daemon.exe [2007-09-18 171464]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS "= "avgrsstx.dll "

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername "=0
    "legalnoticecaption "=
    "legalnoticetext "=
    "shutdownwithoutlogon "=1
    "undockwithoutlogon "=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun "=145

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe "= "C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone) "
    "C:\Program Files\Grisoft\AVG7\avginet.exe "= "C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe "
    "C:\Program Files\Grisoft\AVG7\avgamsvr.exe "= "C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe "
    "C:\Program Files\Grisoft\AVG7\avgcc.exe "= "C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe "
    "C:\Program Files\Bash Software\Install-Block\bsib.exe "= "C:\Program Files\Bash Software\Install-Block\bsib.exe:*:Enabled:bsib "
    "C:\Program Files\uTorrent\uTorrent.exe "= "C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent "
    "C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe "= "C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008 "
    "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe "= "C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime "
    "C:\Program Files\Messenger\msmsgs.exe "= "C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger "
    "C:\Program Files\AVG\AVG8\avgemc.exe "= "C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe "
    "C:\Program Files\AVG\AVG8\avgupd.exe "= "C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe "
    "C:\Program Files\mIRC\mirc.exe "= "C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC "

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019 "
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe "= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe "= "C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Messenger (Phone) "

    ======List of files/folders created in the last 3 months======

    2008-09-24 22:54:54 ----D---- C:\Program Files\trend micro
    2008-09-24 22:54:52 ----D---- C:\rsit
    2008-09-24 21:24:41 ----HD---- C:\$AVG8.VAULT$
    2008-09-15 21:40:23 ----D---- C:\Program Files\YouTube Downloader
    2008-09-06 07:02:31 ----D---- C:\Program Files\mIRC
    2008-09-01 06:01:13 ----D---- C:\Yasin
    2008-09-01 06:01:12 ----RA---- C:\WINDOWS\system32\RA32SIPR.DLL
    2008-09-01 06:01:12 ----RA---- C:\WINDOWS\system32\RA3228_8.DLL
    2008-09-01 06:01:12 ----RA---- C:\WINDOWS\system32\PNEN3250.DLL
    2008-09-01 06:01:12 ----RA---- C:\WINDOWS\system32\PNCRT.DLL
    2008-08-05 01:12:30 ----A---- C:\WINDOWS\system32\avgrsstx.dll
    2008-08-05 01:12:27 ----D---- C:\Documents and Settings\Amra\Application Data\AVGTOOLBAR
    2008-08-05 01:12:21 ----D---- C:\Program Files\AVG
    2008-08-05 01:12:21 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
    2008-08-04 19:23:17 ----D---- C:\Program Files\Foxit Software
    2008-07-31 00:14:11 ----D---- C:\Program Files\CDex_170b2
    2008-07-24 09:45:38 ----D---- C:\Program Files\Sun
    2008-07-24 09:45:31 ----A---- C:\WINDOWS\system32\javaws.exe
    2008-07-24 09:45:31 ----A---- C:\WINDOWS\system32\javaw.exe
    2008-07-24 09:45:31 ----A---- C:\WINDOWS\system32\java.exe
    2008-07-18 14:49:00 ----D---- C:\Program Files\Microsoft Reader
    2008-07-18 14:49:00 ----A---- C:\WINDOWS\DASShp.dll
    2008-07-13 22:46:04 ----D---- C:\Program Files\MySweet16_at
    2008-07-11 16:57:32 ----D---- C:\WINDOWS\Downloaded Installations
    2008-07-07 20:28:27 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2008-07-03 22:47:38 ----D---- C:\Program Files\Messenger Plus! Live
    2008-07-03 17:29:51 ----D---- C:\WINDOWS\RegCure
    2008-07-03 17:29:51 ----D---- C:\Program Files\RegCure
    2008-07-01 07:34:25 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 5
    2008-06-26 23:55:47 ----D---- C:\Documents and Settings\Amra\Application Data\Sports Interactive
    2008-06-26 21:54:11 ----RHD---- C:\Documents and Settings\Amra\Application Data\SecuROM
    2008-06-26 21:54:10 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
    2008-06-26 21:52:08 ----HD---- C:\Program Files\Zero G Registry
    2008-06-26 21:52:08 ----D---- C:\Program Files\Sports Interactive
    2008-06-26 21:49:05 ----D---- C:\Program Files\DAEMON Tools

    ======List of files/folders modified in the last 3 months======

    2008-09-24 22:55:19 ----D---- C:\WINDOWS\Temp
    2008-09-24 22:54:54 ----RD---- C:\Program Files
    2008-09-24 22:54:41 ----D---- C:\WINDOWS\Prefetch
    2008-09-24 20:23:31 ----D---- C:\Program Files\Mozilla Firefox
    2008-09-24 20:18:55 ----A---- C:\WINDOWS\SchedLgU.Txt
    2008-09-24 18:02:38 ----A---- C:\WINDOWS\NeroDigital.ini
    2008-09-24 17:40:37 ----D---- C:\WINDOWS\system32\CatRoot2
    2008-09-20 20:28:42 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
    2008-09-20 20:28:34 ----D---- C:\Documents and Settings\Amra\Application Data\Adobe
    2008-09-13 20:43:44 ----D---- C:\Documents and Settings\Amra\Application Data\uTorrent
    2008-09-11 16:46:26 ----D---- C:\WINDOWS\Help
    2008-09-01 06:58:18 ----D---- C:\WINDOWS
    2008-09-01 06:01:44 ----D---- C:\WINDOWS\system32
    2008-09-01 06:01:12 ----HD---- C:\WINDOWS\inf
    2008-08-29 00:02:12 ----D---- C:\WINDOWS\system32\drivers
    2008-08-21 21:41:07 ----D---- C:\Documents and Settings\Amra\Application Data\GrabIt
    2008-08-07 17:59:42 ----SD---- C:\Documents and Settings\Amra\Application Data\Microsoft
    2008-08-05 01:12:05 ----SHD---- C:\WINDOWS\Installer
    2008-07-31 00:13:13 ----D---- C:\Program Files\Microsoft Office
    2008-07-26 02:17:35 ----D---- C:\Program Files\Java
    2008-07-18 14:49:00 ----RSD---- C:\WINDOWS\Fonts
    2008-07-18 14:49:00 ----HD---- C:\Program Files\InstallShield Installation Information
    2008-07-18 14:49:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
    2008-07-18 14:48:56 ----D---- C:\Program Files\Common Files\InstallShield
    2008-07-11 10:26:01 ----A---- C:\WINDOWS\setuplog.txt
    2008-07-05 01:42:20 ----D---- C:\Documents and Settings\Amra\Application Data\SpeedSim
    2008-07-03 22:20:14 ----A---- C:\WINDOWS\PhotoSnapViewer.INI
    2008-07-03 17:30:09 ----SD---- C:\WINDOWS\Tasks
    2008-07-03 15:14:11 ----RSH---- C:\boot.ini
    2008-07-03 09:23:31 ----D---- C:\Program Files\Adobe
    2008-07-01 07:51:21 ----D---- C:\Documents and Settings\Amra\Application Data\Mozilla

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2008-08-29 97928]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-08-05 26824]
    R2 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2008-08-05 76040]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-12-02 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-03-26 4395008]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-12-02 12160]
    R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-11 6738432]
    R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-12-02 26624]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-12-02 57600]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-12-02 17024]
    S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
    S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
    S3 au7il3pn;au7il3pn; C:\WINDOWS\system32\drivers\au7il3pn.sys []
    S3 hcdriver;EHCI; C:\WINDOWS\System32\Drivers\hcdriver.sys [2008-02-05 50304]
    S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
    S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
    S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-29 875288]
    R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-29 231704]
    R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-11 163908]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 98840]

    -----------------EOF-----------------

    info.txt logfile of random's system information tool 1.02 2008-09-24 22:55:20

    ======Uninstall list======

    -->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
    Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
    BIHnet Komunikator ADSL v1.1--> "C:\Program Files\BIHnet\unins000.exe "
    Brickshooter Egypt 1.0--> "C:\Program Files\TERMINAL Studio\Brickshooter Egypt\unins000.exe "
    Business Card Designer Plus 7.1.0.0--> "C:\Program Files\CAM Development\Business Card Designer Plus 7\Uninstall\unins000.exe "
    CDex extraction audio--> "C:\Program Files\CDex_170b2\uninstall.exe "
    EVGA Display Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BEF3EFE7-5159-436D-9BF0-CCC633179EB4}\Setup.exe" -l0x9 -removeonly
    Fairy Godmother Tycoon-->C:\Program Files\Fairy Godmother Tycoon\Uninstal.exe
    Football Manager 2008--> "C:\Program Files\Sports Interactive\Football Manager 2008\Uninstall_Football Manager 2008\Uninstall Football Manager 2008.exe "
    GrabIt 1.7.1 Beta (build 960)--> "C:\Program Files\GrabIt\unins000.exe "
    HijackThis 2.0.2--> "C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
    Messenger Plus! Live--> "C:\Program Files\Messenger Plus! Live\Uninstall.exe "
    Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}
    Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
    Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    mIRC--> "C:\Program Files\mIRC\mirc.exe" -uninstall
    Mozilla Firefox (3.0)-->C:\Program Files\Mozilla Firefox 3 Beta 5\uninstall\helper.exe
    Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MS Office 97/2000/XP CRO Spelling-->C:\PROGRA~1\COMMON~1\MICROS~1\PROOF\1050\UNWISE.EXE C:\PROGRA~1\COMMON~1\MICROS~1\PROOF\1050\INSTALL.LOG
    Nero 7 Demo-->MsiExec.exe /I{D3492D9E-7FBB-1DF6-F759-2A37FA231033}
    NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
    OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
    REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -l0x0009 -removeonly
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
    RegCure--> "C:\WINDOWS\RegCure\uninstall.exe" "/U:C:\Program Files\RegCure\Uninstall\uninstall.xml "
    USBCV13-->MsiExec.exe /X{07195ED5-FDB4-4048-A775-6B2B16F07CE5}
    Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
    Windows Live Messenger-->MsiExec.exe /X{F1E17FB0-12BC-45D0-ABA3-287F2A1E3A1E}
    WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
    WinZip--> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

    ======Security center information======

    AV: AVG Anti-Virus Free

    ======Environment variables======

    "ComSpec "=%SystemRoot%\system32\cmd.exe
    "Path "=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
    "windir "=%SystemRoot%
    "FP_NO_HOST_CHECK "=NO
    "OS "=Windows_NT
    "PROCESSOR_ARCHITECTURE "=x86
    "PROCESSOR_LEVEL "=15
    "PROCESSOR_IDENTIFIER "=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION "=4f02
    "NUMBER_OF_PROCESSORS "=1
    "PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP "=%SystemRoot%\TEMP
    "TMP "=%SystemRoot%\TEMP

    -----------------EOF-----------------

    Thanks
     
    alfa032,
    #1
  2. 2008/09/25
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Welcome to WindowsBBS alfa032 :)

    First, please download and apply the following MS Security Update.
    http://www.microsoft.com/downloads/...b6-03ff-4636-861a-46b3eac7a305&displaylang=en

    Reboot when done and let me know if the error stops.

    Second, download Lop S&D and save it to your desktop.

    Please disable resident protections (Antivirus...) you'll re-enable them after the scan

    Double-click Lop S&D.exe
    Choose the language, then choose Option 1 (Search)
    Wait till the end of the scan
    Post the log which is created at C:\lopR.txt

    Don't forget to re-enable your resident protections now!
     
    noahdfear,
    #2


  3. to hide this advert.

  4. 2008/09/26
    alfa032

    alfa032 Inactive Thread Starter

    Joined:
    2008/09/24
    Messages:
    11
    Likes Received:
    0
    Error stoped... :)

    Here is the log:


    --------------------\\ Lop S&D 4.2.4-4 XP/Vista

    Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 2800+ )
    BIOS : Phoenix-Award BIOS v6.00PG
    USER : Amra ( Administrator )
    BOOT : Normal boot
    Antivirus : AVG Anti-Virus Free 8.0 (Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total : 59 Go Free : 30 Go
    D:\ (Local Disk) - NTFS - Total : 89 Go Free : 88 Go
    E:\ (CD or DVD)
    F:\ (CD or DVD)

    "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
    Option : [1] ( pet 26.09.2008|10:52 )

    --------------------\\ Listing folders in APPLIC~1

    [20.09.2008|20:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [05.08.2008|01:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
    [07.07.2008|20:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [10.06.2008|22:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [11.05.2008|00:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [17.06.2008|17:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia

    [20.09.2008|20:28] C:\DOCUME~1\Amra\APPLIC~1\Adobe
    [11.05.2008|20:49] C:\DOCUME~1\Amra\APPLIC~1\Ahead
    [12.08.2008|01:31] C:\DOCUME~1\Amra\APPLIC~1\AVGTOOLBAR
    [17.05.2008|21:52] C:\DOCUME~1\Amra\APPLIC~1\Gamelab
    [21.08.2008|21:41] C:\DOCUME~1\Amra\APPLIC~1\GrabIt
    [10.05.2008|23:51] C:\DOCUME~1\Amra\APPLIC~1\Identities
    [10.05.2008|23:58] C:\DOCUME~1\Amra\APPLIC~1\InstallShield
    [11.05.2008|00:48] C:\DOCUME~1\Amra\APPLIC~1\Macromedia
    [07.08.2008|17:59] C:\DOCUME~1\Amra\APPLIC~1\Microsoft
    [01.07.2008|07:51] C:\DOCUME~1\Amra\APPLIC~1\Mozilla
    [26.06.2008|21:54] C:\DOCUME~1\Amra\APPLIC~1\SecuROM
    [05.07.2008|01:42] C:\DOCUME~1\Amra\APPLIC~1\SpeedSim
    [26.06.2008|23:55] C:\DOCUME~1\Amra\APPLIC~1\Sports Interactive
    [26.05.2008|21:32] C:\DOCUME~1\Amra\APPLIC~1\Sun
    [13.09.2008|20:43] C:\DOCUME~1\Amra\APPLIC~1\uTorrent

    [10.05.2008|23:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [10.05.2008|23:47] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [10.05.2008|23:47] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

    [26.09.2008 10:49][--a------] C:\WINDOWS\tasks\RegCure Program Check.job
    [25.09.2008 05:09][--a------] C:\WINDOWS\tasks\RegCure.job
    [26.09.2008 10:48][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [02.12.2004 11:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing Folders in C:\Program Files

    [03.07.2008|09:23] C:\Program Files\Adobe
    [05.08.2008|01:12] C:\Program Files\AVG
    [11.05.2008|02:43] C:\Program Files\BIHnet
    [16.06.2008|22:44] C:\Program Files\BoontyGames
    [10.06.2008|20:11] C:\Program Files\CAM Development
    [16.06.2008|17:19] C:\Program Files\Cat Daddy Games
    [31.07.2008|00:14] C:\Program Files\CDex_170b2
    [16.06.2008|17:17] C:\Program Files\Cinema Tycoon
    [19.06.2008|15:43] C:\Program Files\Coffee Tycoon
    [26.05.2008|21:30] C:\Program Files\Common Files
    [10.05.2008|23:39] C:\Program Files\ComPlus Applications
    [26.06.2008|21:50] C:\Program Files\DAEMON Tools
    [11.05.2008|00:34] C:\Program Files\DIFX
    [17.06.2008|17:40] C:\Program Files\Fairy Godmother Tycoon
    [04.08.2008|19:49] C:\Program Files\Foxit Software
    [23.05.2008|13:14] C:\Program Files\GrabIt
    [11.05.2008|00:27] C:\Program Files\Grisoft
    [16.06.2008|22:06] C:\Program Files\Health And Fitness Club Tycoon
    [18.07.2008|14:49] C:\Program Files\InstallShield Installation Information
    [10.05.2008|23:41] C:\Program Files\Internet Explorer
    [26.07.2008|02:17] C:\Program Files\Java
    [10.05.2008|23:38] C:\Program Files\Messenger
    [03.07.2008|22:47] C:\Program Files\Messenger Plus! Live
    [11.05.2008|00:55] C:\Program Files\Microsoft ActiveSync
    [10.05.2008|23:43] C:\Program Files\microsoft frontpage
    [31.07.2008|00:13] C:\Program Files\Microsoft Office
    [18.07.2008|14:49] C:\Program Files\Microsoft Reader
    [11.05.2008|00:56] C:\Program Files\Microsoft.NET
    [06.09.2008|18:44] C:\Program Files\mIRC
    [10.05.2008|23:40] C:\Program Files\Movie Maker
    [26.09.2008|10:50] C:\Program Files\Mozilla Firefox
    [03.07.2008|14:52] C:\Program Files\Mozilla Firefox 3 Beta 5
    [10.05.2008|23:38] C:\Program Files\MSN
    [10.05.2008|23:38] C:\Program Files\MSN Gaming Zone
    [13.07.2008|22:51] C:\Program Files\MySweet16_at
    [11.05.2008|20:48] C:\Program Files\Nero
    [10.05.2008|23:40] C:\Program Files\NetMeeting
    [10.05.2008|23:39] C:\Program Files\Online Services
    [10.05.2008|23:40] C:\Program Files\Outlook Express
    [11.05.2008|01:11] C:\Program Files\Realtek
    [03.07.2008|17:35] C:\Program Files\RegCure
    [11.05.2008|16:33] C:\Program Files\spidsim
    [26.06.2008|21:52] C:\Program Files\Sports Interactive
    [24.07.2008|09:45] C:\Program Files\Sun
    [11.05.2008|01:34] C:\Program Files\TERMINAL Studio
    [24.09.2008|22:55] C:\Program Files\trend micro
    [10.05.2008|23:51] C:\Program Files\Uninstall Information
    [26.05.2008|19:47] C:\Program Files\USB-IF Test Suite
    [16.06.2008|13:57] C:\Program Files\uTorrent
    [11.05.2008|00:24] C:\Program Files\Windows Live
    [10.05.2008|23:43] C:\Program Files\Windows Media Player
    [10.05.2008|23:38] C:\Program Files\Windows NT
    [10.05.2008|23:41] C:\Program Files\WindowsUpdate
    [11.05.2008|00:25] C:\Program Files\WinRAR
    [11.05.2008|00:25] C:\Program Files\WinZip
    [10.05.2008|23:43] C:\Program Files\xerox
    [15.09.2008|21:40] C:\Program Files\YouTube Downloader
    [26.06.2008|21:53] C:\Program Files\Zero G Registry

    --------------------\\ Listing Folders in C:\Program Files\Common Files

    [08.06.2008|23:57] C:\Program Files\Common Files\Adobe
    [11.05.2008|20:48] C:\Program Files\Common Files\Ahead
    [11.05.2008|00:53] C:\Program Files\Common Files\DESIGNER
    [18.07.2008|14:48] C:\Program Files\Common Files\InstallShield
    [26.05.2008|21:30] C:\Program Files\Common Files\Java
    [18.07.2008|14:49] C:\Program Files\Common Files\Microsoft Shared
    [10.05.2008|23:40] C:\Program Files\Common Files\MSSoap
    [11.05.2008|01:30] C:\Program Files\Common Files\ODBC
    [10.05.2008|23:40] C:\Program Files\Common Files\Services
    [11.05.2008|01:30] C:\Program Files\Common Files\SpeechEngines
    [11.05.2008|00:53] C:\Program Files\Common Files\System

    --------------------\\ Process

    ( 29 Processes )

    ... OK !

    --------------------\\ Searching with S_Lop

    No Lop folder found !

    --------------------\\ Searching for Lop Files - Folders

    No Lop folder found !

    --------------------\\ Searching within the Registry

    ..... OK !

    --------------------\\ Checking the Hosts file

    Hosts file CLEAN


    --------------------\\ Searching for hidden files with Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-26 10:53:19
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Searching for other infections

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\Amra\My Documents\Downloads\Ultimate Tycoon Collection - Game #14 - School Tycoon\School Tycoon nocd crack.rar


    [F:92][D:2]-> C:\DOCUME~1\Amra\LOCALS~1\Temp
    [F:3][D:0]-> C:\DOCUME~1\Amra\Cookies
    [F:29][D:4]-> C:\DOCUME~1\Amra\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - pet 26.09.2008|10:54 - Option : [1]

    --------------------\\ Scan completed at 10:54:05
     
    alfa032,
    #3
  5. 2008/09/26
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    Looks great! I had you run Lop S&D due to the fact that you have Messenger Plus! Live, which if allowed to install the sponsor program, would have given you a LOP infection. Since the error message has subsided, and I see no LOP infection, you're good to go, unless you're experiencing other problems.
     
    noahdfear,
    #4
  6. 2008/09/27
    alfa032

    alfa032 Inactive Thread Starter

    Joined:
    2008/09/24
    Messages:
    11
    Likes Received:
    0
    I hope there will not be other problems :)

    Thanks a lot, lot. lot
     
    alfa032,
    #5
  7. 2008/09/27
    noahdfear

    noahdfear Inactive

    Joined:
    2003/04/06
    Messages:
    12,178
    Likes Received:
    15
    You're most welcome. :)
     
    noahdfear,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...