Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

host process

Started by qcd , Sep 05 2009 09:11 PM

  • Please log in to reply

#1
qcd
Posted 05 September 2009 - 09:11 PM

qcd

    New Member

  • Member
  • Pip
  • 4 posts
hi keep getting host process for windows services stopped working and was closed went to micro soft and down loaded the patch and tried there 3 manual methods and it keeps coming back i delete the qmgr0.dat and qmgr1.dat files and before i can do a windows update it regenarates and stops the update any help thanks FIRST TIME OTL logfile created on: 9/6/2009 12:59:51 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\qr\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 214.64 Gb Free Space | 72.01% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive E: | 111.79 Gb Total Space | 77.01 Gb Free Space | 68.89% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: QR-PC
Current User Name: qr
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/07/14 13:29:06 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/07/14 13:29:06 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009/03/03 01:46:13 | 00,341,256 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe
PRC - [2008/06/09 10:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2008/08/14 04:08:59 | 00,181,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
PRC - [2009/03/31 20:23:06 | 00,711,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
PRC - [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/03/31 20:23:22 | 00,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
PRC - [2009/04/10 23:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2009/03/31 20:23:38 | 00,995,528 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
PRC - [2009/03/31 20:23:34 | 00,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
PRC - [2009/02/12 18:52:26 | 00,083,280 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
PRC - [2008/01/20 19:23:32 | 01,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2009/06/02 16:36:01 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/02/04 14:18:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/04/10 23:28:03 | 01,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2008/08/14 15:44:28 | 00,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
PRC - [2009/03/24 19:09:34 | 00,275,792 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
PRC - [2008/02/04 14:18:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/01/20 19:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2001/08/07 16:06:54 | 00,024,633 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
PRC - [2008/01/20 19:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/07/21 14:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/21 14:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/02/12 18:52:44 | 00,161,104 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\PlatformDependent\ProToolbarComm.exe
PRC - [2009/03/24 19:09:36 | 00,169,296 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
PRC - [2009/07/26 19:53:37 | 00,277,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2008/01/20 19:23:43 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe
PRC - [2009/09/06 12:16:27 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\qr\Desktop\OTL.exe
PRC - [2009/04/10 23:28:15 | 00,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/10 23:28:15 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\wmiprvse.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/29 21:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/20 19:25:09 | 00,292,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 05:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/04/10 23:28:25 | 01,017,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtsvc.dll -- (Eventlog [Auto | Running])
SRV - [2009/02/18 11:39:20 | 00,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/06/19 15:51:28 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2009/02/18 11:38:42 | 00,879,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/02/04 14:18:32 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/06/09 10:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2009/02/18 11:38:43 | 00,129,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - File not found -- -- (NMIndexingService [On_Demand | Stopped])
SRV - [2009/07/14 13:29:06 | 00,215,584 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2008/08/14 04:08:59 | 00,181,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe -- (Security Activity Dashboard Service [Auto | Running])
SRV - [2009/03/31 20:23:06 | 00,711,248 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom [Auto | Running])
SRV - [2009/07/29 22:52:20 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
SRV - [2009/07/14 12:28:00 | 00,239,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service [Auto | Running])
SRV - [2009/03/03 01:46:13 | 00,341,256 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer [Auto | Running])
SRV - [2009/03/31 20:23:34 | 00,497,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw [Auto | Running])
SRV - [2009/03/31 20:23:22 | 00,677,128 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (TmProxy [Auto | Running])
SRV - [2008/01/20 19:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2008/01/20 19:25:33 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.virginbro...d.com.au/myhome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5B 56 26 C2 BA F3 C9 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/13 14:04:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\FirefoxExtension [2009/07/12 15:31:30 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RestartNeroSetup] C:\Users\qr\AppData\Local\Temp\Nero Web\SetupXu.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://dl8-cdn-09.su...ows-i586-jc.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/03/10 22:22:42 | 00,341,520 | -H-- | M] (Ceedo Technologies Ltd.) - E:\AutoDetect.exe -- [ NTFS ]
O32 - AutoRun File - [2009/03/10 22:22:38 | 00,435,728 | ---- | M] (Ceedo Technologies Ltd.) - E:\Autorun.exe -- [ NTFS ]
O32 - AutoRun File - [2009/03/10 22:22:38 | 00,435,728 | ---- | M] (Ceedo Technologies Ltd.) - E:\Autorun.exe -- [ NTFS ]
O32 - AutoRun File - [2009/06/02 20:25:31 | 00,000,758 | -H-- | M] () - E:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{2abf1ce0-4ef7-11de-9639-002185c675bc}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/03/10 22:22:38 | 00,435,728 | ---- | M] (Ceedo Technologies Ltd.)
O33 - MountPoints2\{2abf1ce0-4ef7-11de-9639-002185c675bc}\Shell\Shell00\Command - "" = E:\Autorun.exe -- [2009/03/10 22:22:38 | 00,435,728 | ---- | M] (Ceedo Technologies Ltd.)
O33 - MountPoints2\{2abf1ce0-4ef7-11de-9639-002185c675bc}\Shell\Shell01\Command - "" = E:\Autorun.exe -- [2009/03/10 22:22:38 | 00,435,728 | ---- | M] (Ceedo Technologies Ltd.)
O33 - MountPoints2\{2abf1ce0-4ef7-11de-9639-002185c675bc}\Shell\Shell02\Command - "" = E:\Autorun.exe -- [2009/03/10 22:22:38 | 00,435,728 | ---- | M] (Ceedo Technologies Ltd.)
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009/03/10 22:22:38 | 00,435,728 | ---- | M] (Ceedo Technologies Ltd.)
O33 - MountPoints2\E\Shell\Shell00\Command - "" = E:\Autorun.exe -- [2009/03/10 22:22:38 | 00,435,728 | ---- | M] (Ceedo Technologies Ltd.)
O33 - MountPoints2\E\Shell\Shell01\Command - "" = E:\Autorun.exe -- [2009/03/10 22:22:38 | 00,435,728 | ---- | M] (Ceedo Technologies Ltd.)
O33 - MountPoints2\E\Shell\Shell02\Command - "" = E:\Autorun.exe -- [2009/03/10 22:22:38 | 00,435,728 | ---- | M] (Ceedo Technologies Ltd.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/09/06 12:16:01 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\qr\Desktop\OTL.exe
[2009/09/05 23:10:53 | 00,000,015 | ---- | C] () -- C:\Windows\System32\settings.dat
[2009/09/05 23:08:20 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/09/05 22:52:23 | 00,000,000 | ---D | C] -- C:\Users\qr\AppData\Roaming\Malwarebytes
[2009/09/05 22:52:21 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/05 22:52:19 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/09/05 22:52:18 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/09/05 22:52:17 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/09/05 22:52:15 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/05 22:26:10 | 00,272,384 | ---- | C] (OldTimer Tools) -- C:\Users\qr\Desktop\TFC.exe
[2009/09/05 22:25:05 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/09/05 22:23:52 | 00,000,733 | ---- | C] () -- C:\Users\qr\Desktop\NTREGOPT.lnk
[2009/09/05 22:23:52 | 00,000,714 | ---- | C] () -- C:\Users\qr\Desktop\ERUNT.lnk
[2009/09/05 22:23:51 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/05 12:12:37 | 00,000,000 | ---D | C] -- C:\Users\qr\AppData\Local\Apple
[2009/09/05 12:11:53 | 00,000,000 | ---D | C] -- C:\Users\qr\AppData\Local\Apple Computer
[2009/09/05 10:50:12 | 00,000,000 | ---D | C] -- C:\Users\qr\AppData\Local\Ahead
[2009/09/05 10:41:45 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2009/09/05 10:40:15 | 00,000,000 | ---D | C] -- C:\Users\qr\AppData\Local\Adobe
[2009/09/03 23:06:58 | 04,527,437 | -H-- | C] () -- C:\Users\qr\AppData\Local\IconCache.db
[2009/09/03 22:54:09 | 34,888,66304 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/02 09:31:06 | 00,000,000 | ---D | C] -- C:\Users\qr\AppData\Roaming\Uniblue
[2009/09/02 09:30:59 | 00,000,914 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster 2009.lnk
[2009/09/02 09:30:58 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/09/01 15:44:06 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/09/01 15:39:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2009/09/01 15:38:33 | 00,000,000 | ---D | C] -- C:\Users\qr\AppData\Local\Downloaded Installations
[2009/09/01 14:24:48 | 00,000,000 | ---D | C] -- C:\2d3eba4aa437ce062d20674903fe
[2009/09/01 13:58:34 | 00,000,000 | ---D | C] -- C:\f4042f35ad83475e01ce7c6c3d
[2009/08/31 18:51:06 | 00,000,000 | ---D | C] -- C:\Log
[2009/08/31 16:11:11 | 00,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2009/08/31 16:10:09 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2009/08/31 16:10:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/08/31 16:09:56 | 00,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!

========== Files - Modified Within 14 Days ==========

[2009/09/06 12:59:44 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/09/06 12:59:44 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/09/06 12:59:44 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/09/06 12:51:19 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/09/06 12:47:15 | 00,049,426 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/09/06 12:47:14 | 00,049,426 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/09/06 12:46:20 | 00,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/09/06 12:46:20 | 00,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/09/06 12:46:15 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/09/06 12:46:13 | 34,888,66304 | -HS- | M] () -- C:\hiberfil.sys
[2009/09/06 12:45:24 | 04,527,437 | -H-- | M] () -- C:\Users\qr\AppData\Local\IconCache.db
[2009/09/06 12:16:27 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\qr\Desktop\OTL.exe
[2009/09/05 23:13:38 | 00,000,015 | ---- | M] () -- C:\Windows\System32\settings.dat
[2009/09/05 22:52:21 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/05 22:26:23 | 00,272,384 | ---- | M] (OldTimer Tools) -- C:\Users\qr\Desktop\TFC.exe
[2009/09/05 22:23:52 | 00,000,733 | ---- | M] () -- C:\Users\qr\Desktop\NTREGOPT.lnk
[2009/09/05 22:23:52 | 00,000,714 | ---- | M] () -- C:\Users\qr\Desktop\ERUNT.lnk
[2009/09/04 18:41:01 | 25,910,0038 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/09/03 22:54:19 | 00,267,560 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/09/02 09:30:59 | 00,000,914 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster 2009.lnk
[2009/09/01 14:22:22 | 00,001,356 | ---- | M] () -- C:\Users\qr\AppData\Local\d3d9caps.dat

========== LOP Check ==========

[2009/09/05 22:52:23 | 00,000,000 | ---D | M] -- C:\Users\qr\AppData\Roaming
[2009/07/11 10:52:05 | 00,000,000 | ---D | M] -- C:\Users\qr\AppData\Roaming\Ahead
[2009/07/12 12:23:42 | 00,000,000 | ---D | M] -- C:\Users\qr\AppData\Roaming\Free Download Manager
[2009/06/02 15:01:54 | 00,000,000 | ---D | M] -- C:\Users\qr\AppData\Roaming\InterTrust
[2009/09/01 13:24:42 | 00,000,000 | ---D | M] -- C:\Users\qr\AppData\Roaming\LimeWire
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Users\qr\AppData\Roaming\Media Center Programs
[2009/06/29 13:36:17 | 00,000,000 | RH-D | M] -- C:\Users\qr\AppData\Roaming\SecuROM
[2009/07/12 12:24:59 | 00,000,000 | ---D | M] -- C:\Users\qr\AppData\Roaming\Software Informer
[2009/06/07 12:23:25 | 00,000,000 | ---D | M] -- C:\Users\qr\AppData\Roaming\Template
[2009/07/31 10:32:57 | 00,000,000 | ---D | M] -- C:\Users\qr\AppData\Roaming\The Creative Assembly
[2009/09/02 09:31:06 | 00,000,000 | ---D | M] -- C:\Users\qr\AppData\Roaming\Uniblue
[2009/09/06 12:51:19 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/09/06 12:53:09 | 00,032,590 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >

< %systemroot%\system32\scecli.dll >
[2009/04/10 23:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\scecli.dll

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >
[2006/11/02 02:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\cngaudit.dll

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/06 12:57
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8F84E000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8F843000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x80FE5000 Size: 49152 File Visible: No Signed: -
Status: -

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1112 Status: Locked to the Windows API!

SSDT
-------------------
#: 064 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0x8650e100

#: 072 Function Name: NtCreateProcess
Status: Hooked by "<unknown>" at address 0x8650d340

#: 073 Function Name: NtCreateProcessEx
Status: Hooked by "<unknown>" at address 0x8650d600

#: 078 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8650ef60

#: 123 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0x8650e680

#: 126 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0x8650e940

#: 165 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x8650f2a0

#: 194 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8650db80

#: 324 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0x8650e3c0

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8650de40

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8650edc0

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "<unknown>" at address 0x8650f100

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "<unknown>" at address 0x8650d8c0

==EOF==
  • 0

Advertisements

#2
qcd
Posted 17 September 2009 - 03:54 AM

qcd

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
modem conflic and a printer conflict caused the problem dont forget to disconcet usb items
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP