Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Generic Host Process for Win32 Services has encountered a problem

Reply
« First 2 3

Join Date: Jul 2008
Posts: 2,806
Reputation: jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all 
Solved Threads: 160
Featured Poster
jholland1964 jholland1964 is offline Offline
Posting Maven

Re: Generic Host Process for Win32 Services has encountered a problem

 
0
  #21
Nov 26th, 2008
Many things can cause this type of error but one of the things that kept popping up is either a corrupted ntdll.dll file OR an issue with a hardware driver which may be corrupted or out of date. One of the PM's you sent to me mentioned your Event Viewer showing (50+)about The driver detected a controller error on \Device\CdRom0 errors.
This could very well mean that either the driver is corrupt or needs updating which then could also lead to the ntdll.dll error too.
Try this. Go into Device Manager to the CD drive or drives if you have more than one...if you do then do this one at a time. Right Click the CD drive and choose Uninstall. Then shut down and reboot the computer. It will find the drive and install it. If you have more than one drive do it with all of them. See if this makes a difference. If it does not then go to the drive manufacturer's website and download a new driver, even if it seems to be the same version that you have. Save it to the desktop. Then go back in and Uninstall the driver again but this time have it install the new one from the desktop.
Judy
Reply With Quote Quick reply to this message  
Join Date: Sep 2008
Posts: 89
Reputation: DaniWeb4Jim is an unknown quantity at this point 
Solved Threads: 0
DaniWeb4Jim DaniWeb4Jim is offline Offline
Junior Poster in Training

Re: Generic Host Process for Win32 Services has encountered a problem

 
0
  #22
Nov 27th, 2008
Did that and nothing different. Both DVDs copy and read DVDs and CDs fine. I copied a movies and an audio CD and no error messages. Once and a while the DVD will not read on a home theater but that was a bad disc. No helping that, I think that is normal.
The message changes and does not have a NTDLL.dll message. I will send you one of those.
That is business but on a personal not it is and has been a pleasing to find someone who speaks the same language.
Happy Thanksgiving.
Jim
Reply With Quote Quick reply to this message  
Join Date: Sep 2008
Posts: 89
Reputation: DaniWeb4Jim is an unknown quantity at this point 
Solved Threads: 0
DaniWeb4Jim DaniWeb4Jim is offline Offline
Junior Poster in Training

Re: Generic Host Process for Win32 Services has encountered a problem

 
0
  #23
Nov 30th, 2008
THIS IS A FEW EVENT LOGS ANY ONE THAT CAN HELP ME SOLVE THIS PLEASE H-E-L-P...........

Event #1

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 11/29/2008
Time: 3:01:24 AM
User: N/A
Computer: JIM-ADM
Description:
Faulting application , version 0.0.0.0 faulting module unknown, version 0.0.0.0 fault address 0x00000000
==========================================================================

Event #2

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 11/29/2008
Time: 2:41:29 AM
User: N/A
Computer: JIM-ADM
Description:
Faulting application svchost.exe, version 5.1.2600.5512, faulting module ntdll.dll, version 5.1.2600.5512, fault address 0x0001b1fa.
==========================================================================

Event#3

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 11/29/2008
Time: 5:41:50 PM
User: N/A
Computer: JIM-ADM
Description:
Faulting application , version 0.0.0.0 faulting module unknown, version 0.0.0.0 fault address 0x00000000
Reply With Quote Quick reply to this message  
Join Date: Jul 2008
Posts: 2,806
Reputation: jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all 
Solved Threads: 160
Featured Poster
jholland1964 jholland1964 is offline Offline
Posting Maven

Re: Generic Host Process for Win32 Services has encountered a problem

 
0
  #24
Dec 5th, 2008
Well maybe there is infection there, even though scans show clean.
Download Dr.Web CureIT
Scan with that and see what it comes up with. Save the log.
Then update MBA-M, run a full system scan with it and have it REMOVE Everything found.
Reboot.
Next download Combofix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.

Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Now double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
You may receive a warning because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
Next you will see the Disclaimer screen you should press the Yes button to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you
Post back with all logs.
Judy
Reply With Quote Quick reply to this message  
Join Date: Sep 2008
Posts: 89
Reputation: DaniWeb4Jim is an unknown quantity at this point 
Solved Threads: 0
DaniWeb4Jim DaniWeb4Jim is offline Offline
Junior Poster in Training

Re: Generic Host Process for Win32 Services has encountered a problem

 
0
  #25
Dec 5th, 2008
Thanks Judy,
I am working tomorrow but I will try to do it by Monday.
Thanks, you're the best!
Jim
Reply With Quote Quick reply to this message  
Join Date: Sep 2008
Posts: 89
Reputation: DaniWeb4Jim is an unknown quantity at this point 
Solved Threads: 0
DaniWeb4Jim DaniWeb4Jim is offline Offline
Junior Poster in Training

Re: Generic Host Process for Win32 Services has encountered a problem

 
0
  #26
Dec 10th, 2008
Originally Posted by jholland1964 View Post
Well maybe there is infection there, even though scans show clean.
Download Dr.Web CureIT
Scan with that and see what it comes up with. Save the log.
Then update MBA-M, run a full system scan with it and have it REMOVE Everything found.
Reboot.
Next download Combofix
Click on the Save button and then when it asks you where to save it, make sure you save it directly to your Windows Desktop.

Close all open Windows including this one.
Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix.

Now double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all and just take a break as it may take a while for it to complete.
You may receive a warning because ComboFix does not have a digital signature. This is perfectly normal and safe and you can click on the Run button to continue.
Next you will see the Disclaimer screen you should press the Yes button to continue.
ComboFix will create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry.
ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to what they were previously. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan.
When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you
Post back with all logs.
Judy
ComboFix 08-12-05.02 - JIM 2008-12-06 0:54:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1445 [GMT -5:00]
Running from: d:\my documents\ToolBox\Software\AntiVirus_SpyWare_Malware\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JIM.JIM-ADM\Application Data\inst.exe
c:\windows\system32\1BF7BC146F.dll
c:\windows\system32\Ultra.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.

2100-02-23 13:35 . 2001-02-22 08:54 768 --a------ c:\program files\x73_lut.dat
2100-02-08 15:03 . 2001-05-11 10:39 53,248 --a------ c:\program files\ACMonitor_X73.exe
2008-12-05 23:53 . 2008-12-05 23:53 <DIR> d-------- c:\program files\filehippo.com
2008-12-05 23:24 . 2008-12-05 23:24 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\Corel
2008-12-05 23:24 . 2008-12-05 23:24 2,828 --ahs---- c:\documents and settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys
2008-12-05 23:24 . 2008-12-05 23:24 8 -r-hs---- c:\documents and settings\All Users.WINDOWS\Application Data\6F14BCF71B.sys
2008-12-05 23:22 . 2008-12-05 23:22 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-05 23:10 . 2008-12-05 23:10 <DIR> d-------- c:\documents and settings\JIM~1~JIM\LOCALS~1
2008-12-05 23:10 . 2008-12-05 23:10 <DIR> d-------- c:\documents and settings\JIM~1~JIM
2008-12-05 23:10 . 2008-12-05 23:10 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\InstallShield
2008-12-05 19:31 . 2008-12-05 19:31 29,848 --ah----- c:\windows\system32\mlfcache.dat
2008-11-29 02:51 . 2008-11-29 02:58 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\RegTool
2008-11-29 02:37 . 2008-04-14 04:41 80,384 --a------ c:\windows\system32\Ffaultrep.dll
2008-11-27 13:14 . 2008-11-27 13:16 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\ErrorFix
2008-11-27 03:02 . 2008-11-27 03:02 45 --a------ c:\windows\system32\RPVersion.ini
2008-11-27 02:59 . 2008-11-27 13:17 <DIR> d-------- c:\program files\RegistryPatrol3.0
2008-11-26 20:03 . 2008-11-26 20:03 <DIR> d-------- c:\program files\Microtek
2008-11-24 00:52 . 2008-11-26 19:25 <DIR> d-------- c:\program files\SpywareBlaster
2008-11-23 12:57 . 2008-11-17 10:18 192,512 --a------ c:\windows\system32\txmlutil.dll
2008-11-23 10:36 . 2008-11-26 19:16 <DIR> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Trend Micro
2008-11-23 10:30 . 2008-11-23 10:31 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\.housecall6.6
2008-11-19 07:20 . 2008-07-14 05:09 212,728 --a------ c:\windows\CMDLIC.DLL
2008-11-19 07:20 . 2008-07-14 05:09 205,560 --a------ c:\windows\UNBOC.EXE
2008-11-19 07:20 . 2008-04-14 04:42 22,528 --a------ c:\windows\system32\wsock32.dlb
2008-11-17 23:18 . 2008-11-22 20:17 250 --a------ c:\windows\gmer.ini
2008-11-16 07:59 . 2008-11-16 09:26 66,752 --a------ c:\windows\MSOClip.232
2008-11-16 07:59 . 2008-11-16 09:26 10,304 --a------ c:\windows\MSOPrefs.232
2008-11-15 13:59 . 2008-11-15 13:59 <DIR> d-------- c:\program files\Real Alternative
2008-11-15 00:39 . 2008-11-15 00:39 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\NeroDigitalâ„¢
2008-11-12 22:29 . 2008-11-12 22:34 <DIR> d-------- c:\program files\Common Files\Broderbund
2008-11-12 20:55 . 2008-11-13 20:15 <DIR> d-------- c:\program files\WordWeb
2008-11-12 20:55 . 2008-10-18 14:08 1,050,296 --------- c:\windows\wweb32.dll
2008-11-12 09:23 . 2008-11-12 09:23 207 --a--c--- C:\bootini.dat
2008-11-12 06:59 . 2008-11-12 06:59 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2008-11-12 06:56 . 2008-11-12 06:56 <DIR> d-------- c:\windows\ERUNT
2008-11-12 00:57 . 2008-11-12 00:57 <DIR> d-------- c:\program files\Sun
2008-11-12 00:56 . 2008-11-12 00:55 410,976 --a------ c:\windows\system32\deploytk.dll
2008-11-12 00:44 . 2008-11-12 01:13 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\.SunDownloadManager
2008-11-11 20:26 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-11 20:25 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 17:46 . 2008-11-11 17:46 <DIR> d-------- c:\program files\viewsonic
2008-11-11 17:46 . 2008-11-11 17:46 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\Leadertech
2008-11-11 17:42 . 2008-11-11 19:59 101 --a------ c:\windows\VSWizard.ini
2008-11-11 17:39 . 2008-11-11 17:39 850 --a------ c:\windows\system32\ProductTweaks.xml
2008-11-11 17:39 . 2008-11-11 17:39 385 --a------ c:\windows\system32\user_gensett.xml
2008-11-11 17:04 . 2008-11-28 03:45 <DIR> d----c--- C:\SDFix
2008-11-11 15:46 . 2008-11-11 15:46 <DIR> d-------- c:\windows\system32\logs
2008-11-10 02:31 . 2008-11-27 03:28 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-11-08 18:55 . 2008-11-08 18:55 <DIR> d-------- c:\documents and settings\JIM.JIM-ADM\Application Data\DVDFab
2008-11-07 06:10 . 2008-02-27 13:49 3,840 --a------ c:\windows\system32\drivers\BANTExt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 04:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-06 04:45 --------- d-----w c:\program files\Corel
2008-12-06 04:22 --------- d-----w c:\program files\Common Files\Real
2008-12-06 04:17 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer
2008-12-06 04:16 --------- d-----w c:\program files\InterVideo Information Service
2008-12-06 04:10 --------- d-----w c:\program files\InterVideo
2008-12-06 00:24 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Apple Computer
2008-12-05 05:00 --------- d-----w c:\program files\DVDFab 5
2008-12-05 05:00 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Vso
2008-11-30 02:51 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2008-11-28 07:52 194,560 ----a-w c:\windows\zeppelin_dessert.scr
2008-11-28 07:51 606,848 ----a-w c:\windows\flashax.exe
2008-11-28 07:51 12,288 ----a-w c:\windows\impborl.dll
2008-11-27 01:40 --------- d-----w c:\program files\Trend Micro
2008-11-27 01:40 --------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-11-27 01:40 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-26 15:31 --------- d-----w c:\program files\Google
2008-11-25 23:52 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-11-24 03:44 --------- d-----w c:\program files\Vuze
2008-11-24 03:44 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Azureus
2008-11-23 22:16 --------- d-----w c:\program files\RegClean
2008-11-23 21:57 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-23 19:32 --------- d-----w c:\program files\iTunes
2008-11-23 19:31 --------- d-----w c:\program files\iPod
2008-11-23 19:21 --------- d-----w c:\program files\QuickTime
2008-11-23 18:48 --------- d-----w c:\program files\Safari
2008-11-23 11:51 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\FLEXnet
2008-11-23 01:01 --------- d-----w c:\program files\COMODO
2008-11-15 13:10 --------- d-----w c:\program files\WinAVI Video Converter
2008-11-13 03:34 --------- d-----w c:\program files\Broderbund
2008-11-12 05:55 --------- d-----w c:\program files\Java
2008-11-09 12:51 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-11-09 12:35 --------- d-----w c:\program files\SiSoftware
2008-11-04 16:28 --------- d-----w c:\program files\RegScrubXP
2008-11-04 16:18 --------- d-----w c:\program files\RegistryFix
2008-11-04 15:24 --------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2008-11-03 08:59 --------- d-----w c:\program files\Web Publish
2008-11-03 08:53 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Riverdeep Interactive Learning Limited
2008-11-03 08:51 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Protexis
2008-11-03 08:44 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Broderbund Software
2008-10-31 13:55 --------- d-----w c:\program files\The Cleaner Demo
2008-10-29 01:24 --------- d-----w c:\program files\AIM6
2008-10-29 01:24 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Viewpoint
2008-10-28 17:03 --------- d-----w c:\program files\Digital Support
2008-10-28 17:03 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Digital Support
2008-10-27 23:15 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AOL OCP
2008-10-27 23:14 --------- d-----w c:\program files\Viewpoint
2008-10-27 23:14 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\acccore
2008-10-27 23:13 --------- d-----w c:\program files\Common Files\AOL
2008-10-27 23:13 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\AOL
2008-10-27 22:40 --------- d-----w c:\program files\Windows Installer Clean Up
2008-10-27 22:40 --------- d-----w c:\program files\MSECACHE
2008-10-27 20:01 5,376 ----a-w c:\windows\system32\drivers\MS1000.sys
2008-10-27 18:49 --------- d-----w c:\program files\Uniblue
2008-10-27 18:32 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Uniblue
2008-10-27 18:13 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Registry Booster
2008-10-26 06:27 --------- d-----w c:\program files\Common Files\eSellerate
2008-10-26 06:27 --------- d-----w c:\program files\AnswersThatWork
2008-10-25 12:52 --------- d-----w c:\program files\Extreme Cleaner
2008-10-25 03:39 --------- d-----w c:\program files\Microsoft Easy Assist
2008-10-25 03:39 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Applications
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 00:15 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\Comodo
2008-10-22 21:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 21:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-19 22:53 262,144 ----a-w c:\program files\Uninstall Ask Toolbar.dll
2008-10-18 22:39 --------- d-----w c:\program files\Maximum Software
2008-10-17 23:42 --------- d-----w c:\program files\MagicISO
2008-10-17 01:12 2,071 ----a-w c:\windows\panose.bin
2008-10-17 00:54 --------- d-----w c:\program files\Adobe Type Manager
2008-10-17 00:40 --------- d-----w c:\program files\Common Files\Adobe
2008-10-13 03:39 --------- d-----w c:\program files\Advanced Registry Optimizer
2008-10-13 00:14 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-10-13 00:13 --------- d-----w c:\program files\DVD Shrink
2008-10-10 22:24 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\NVIDIA
2008-10-10 01:53 --------- d-----w c:\documents and settings\JIM.JIM-ADM\Application Data\AVGTOOLBAR
2008-10-10 00:49 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 15:21 --------- d-----w c:\program files\TCPOptimizer
2008-10-07 22:51 --------- d-----w c:\program files\Microsoft Private Folder 1.0
2008-09-15 08:11 47,360 ----a-w c:\documents and settings\JIM.JIM-ADM\Application Data\pcouffin.sys
2002-09-11 14:26 63,730 ----a-w c:\program files\viewsonicinstruct_xp.pdf
2001-07-26 20:58 47 ----a-w c:\program files\ACMonitor_X73.ini
2001-07-05 16:46 8,116 ----a-w c:\program files\OSLO3071b2.USB
2001-05-08 20:36 114,688 ----a-w c:\program files\lxarscan.dll
2001-04-23 18:22 1,437 ----a-w c:\program files\gtx73.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-26 29744]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"TkBellExe"="c:\program files\Real Alternative\Update_OB\realsched.exe" [2008-12-05 180269]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Microsoft Office Shortcut Bar.lnk - c:\windows\Installer\{00000409-78E1-11D2-B60F-006097C998E7}\misc.exe [2008-09-15 28160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-11-07 14:16 111936 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMONTRAY]
--------- 2005-05-02 21:21 32768 c:\program files\Intel\Intel(R) Active Monitor\imontray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelAudioStudio]
--a------ 2004-09-21 19:39 7094272 c:\program files\Intel Audio Studio\IntelAudioStudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-10-22 11:22 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-08-06 07:27 860160 c:\program files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-07-27 12:48 1388544 c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\InterVideo\\DVD8\\WinDVD.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-03 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-03 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-03 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-03 76040]
R2 PD91Agent;PD91Agent;"c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe" [2008-09-09 693512]
R2 Prvflder;Prvflder;c:\windows\system32\DRIVERS\prvflder.sys [2006-04-21 70912]
S2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
S3 GoogleDesktopManager-010108-205858;Google Desktop Manager 5.7.801.1629;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-11-26 29744]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-09-28 38496]
S3 PD91Engine;PD91Engine;"c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe" [2008-09-09 906504]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-10-27 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-05 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool\RegTool.exe []

2008-12-05 c:\windows\Tasks\RegTool Scan.job
- c:\program files\RegTool []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RegTool - c:\program files\RegTool\RegTool.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.avg.com/ww.special-toolbar-first-run-tlbrf
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
Name-Space Handler: ftp\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
Name-Space Handler: http\DLA.IEClickMon - {A5A08E80-B472-11D2-89D1-0080C8C12A3A} - c:\progra~1\iolo\Common\Lib\URLSTO~1.DLL
FireFox -: Profile - c:\documents and settings\JIM.JIM-ADM\Application Data\Mozilla\Firefox\Profiles\pspl3th6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com
FF -: plugin - c:\program files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npwinamp.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Common\npyaxmpb.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-06 00:59:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel(R) Active Monitor\imonNT.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Microsoft Private Folder 1.0\PrfldSvc.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Microsoft Office\Office\1033\MSOFFICE.EXE
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-12-06 1:05:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 06:05:11

Pre-Run: 37,978,652,672 bytes free
Post-Run: 37,893,627,904 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows Professional" /fastdetect /NoExecute=OptIn

289 --- E O F --- 2008-11-23 01:33:46

This was my log > combofix.txt

I am going to run SDFIX and will be back.
Jim
Reply With Quote Quick reply to this message  
Join Date: Jul 2008
Posts: 2,806
Reputation: jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all jholland1964 is a name known to all 
Solved Threads: 160
Featured Poster
jholland1964 jholland1964 is offline Offline
Posting Maven

Re: Generic Host Process for Win32 Services has encountered a problem

 
0
  #27
Dec 11th, 2008
Definitely found and removed the inst.exe>>>Trojan.W32.RealSearch>>>This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data.
along with the other two, which I really can find little or no information about so we must assume they are part of this infection.
Reply With Quote Quick reply to this message  
Join Date: Sep 2008
Posts: 89
Reputation: DaniWeb4Jim is an unknown quantity at this point 
Solved Threads: 0
DaniWeb4Jim DaniWeb4Jim is offline Offline
Junior Poster in Training

Re: Generic Host Process for Win32 Services has encountered a problem

 
0
  #28
Dec 11th, 2008
Originally Posted by jholland1964 View Post
Definitely found and removed the inst.exe>>>Trojan.W32.RealSearch>>>This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data.
along with the other two, which I really can find little or no information about so we must assume they are part of this infection.
SDFIX LOG
SDFix: Version 1.240
Run by JIM on Wed 12/10/2008 at 09:22 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 22:47:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

source file error: C:\Documents and Settings\JIM.JIM-ADM\ntuser.dat
scanning hidden files ...

C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\A KOHL'S BILL.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Contract Specs Camera Supplies 2002.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT.XLS 34816 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\120120061.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\120120061.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.csv 3182 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.xls 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1a Repro Prsnl.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalm 01.csv 2680 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalm 01.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalmFriends.csv 1255 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\1aPalmFriends.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\A KOHL'S BILL.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Attendance.xls 98304 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Attendance.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Book1test.xls 13824 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Book1test.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM2.WK4 11088 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM2.WK4.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM3.WK4 14080 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\CLAIM3.WK4.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Contract Specs Camera Supplies 2002.xls 44032 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2000Election.zip 99422 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2000Election.zip.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionJP.xls 84992 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionResults.xls 103936 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2004ElectionResults.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJMC.xls 60416 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJMC.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJP.xls 103424 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2005ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJMC.xls 98304 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJMC.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJP.xls 103424 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2006ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJMC.xls 84480 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJMC.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJP.xls 87552 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\2007ElectionJP.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\Election00.zip 99428 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Elections\Election00.zip.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Excel.zip 329776 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Excel.zip.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Four Color Printing.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Four Color Printing.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\JCP
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\JCP\JCP 01 to 06-2008 Transaction.xls 5632 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\JCP\JCP 01 to 06-2008 Transaction.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\MOVIE LIST.xls 31744 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\MOVIE LIST.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2002 Monthly Report.xls 24064 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2002 Monthly Report.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2003-2005Home&Taxincrease.xls 18944 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2003-2005Home&Taxincrease.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 DJ Tax Info.xls 14848 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 DJ Tax Info.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 JIMS_TOH_PAYROLL.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006 JIMS_TOH_PAYROLL.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006SalvationArmyInfo.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006SalvationArmyInfo.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006TaxDeduction Info.xls 15360 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2006TaxDeduction Info.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007 Address Book Yahoo_ab.csv 20790 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007 Address Book Yahoo_ab.csv.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007SalvationArmyDonations.xls 25600 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\2007SalvationArmyDonations.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris.xls 20992 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris1.xls 23040 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2004JimDoris1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2006-2007JimDoris.xls 20992 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2006-2007JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2007JimDoris.xls 20480 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2007JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2008JimDoris.xls 27648 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Budget2008JimDoris.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Expenses 2004.xls 22016 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Expenses 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Monthly Exps 2004.xls 17920 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\DJP Monthly Exps 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Expenses112706.xls 16896 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Expenses112706.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Eye Medicine Chart1.xls 18432 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Eye Medicine Chart1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Inventory-2002-bal-2001.xls 29184 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Personal\Inventory-2002-bal-2001.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT1.XLS 50688 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\PROJECT1.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\The Vilalge Newsletter.xls 14336 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\The Vilalge Newsletter.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2001.xls 124928 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2001.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2007.xls 123904 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\JIMAttnce2007.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO DAT.xls 95744 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xlt.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments 2004-1.xls 41472 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments 2004-1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments2004-0.xls 32256 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Employee Assignments2004-0.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.wk1 36804 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.wk1.$e_ 1024 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.xls 140288 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\JIM2000.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\New Employee Checklist.xls 18944 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\New Employee Checklist.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction Requistions 2002.xls 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction Requistions 2002.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction&Mail Inventory Sheet.xls 81408 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Reproduction&Mail Inventory Sheet.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO DAT.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2004.xls 34304 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls 35328 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls.daat 35328 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Leave Time 2007.xls.daat.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Over Time 2004.xls 39936 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\Repro Employee Over Time 2004.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO.xlt 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO.xlt.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xls 27648 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Repro\REPRO1.xlt 28160 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Rock Hall Computer01.XLS 58368 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\Rock Hall Computer01.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\RockHall Computer.XLS 81408 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TOH\RockHall Computer.XLS.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TownVillages Count & Zip.xls 45568 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\TownVillages Count & Zip.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Zipamnts.xls 47104 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\Excel\Zipamnts.xls.$e_ 512 bytes
C:\Documents and Settings\JIM.JIM-ADM\My Private Folder\prvflder.dat 512 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 141


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Vuze\\Azureus.exe"="C:\\Program Files\\Vuze\\Azureus.exe:Enabled:Azureus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:enabledxpsp2res.dll,-22019"

Remaining Files :



Files with Hidden Attributes :

Thu 23 Aug 2001 24,448 A.SHR --- "C:\NTBOOTDD.SYS"
Fri 5 Dec 2008 2,828 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\Application Data\KGyGaAvL.sys"
Thu 9 Oct 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Sun 14 Sep 2008 678,814 ...H. --- "C:\Program Files\iolo\System Mechanic Professional 6\unins000.exe"
Thu 18 Mar 1999 70,656 A..H. --- "C:\Program Files\Microsoft Office\Microsoft Office Tools\cabarc.exe"
Wed 24 Feb 1999 111,104 A..H. --- "C:\Program Files\Microsoft Office\Microsoft Office Tools\Proflwiz.exe"
Fri 14 Nov 2008 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"
Wed 19 Nov 2003 495,616 A..H. --- "C:\Program Files\Shockwave.com\PhotoJam 4 Deluxe\data\PhotoJam 4 Deluxe.exe"
Fri 14 Nov 2003 372,736 A..H. --- "C:\Program Files\Shockwave.com\PhotoJam 4 Deluxe\data\product\PhotoJam 4 Deluxe.exe"
Wed 10 Dec 2008 8,278 A..H. --- "C:\Documents and Settings\JIM.JIM-ADM\Application Data\Microsoft\Office\Shortcut Bar\Off2.tmp"
Wed 26 Feb 1997 21,504 A..H. --- "C:\Program Files\Corel\Graphics10\Draw\Scripts\Misc\scpext.dll"

Finished!
Reply With Quote Quick reply to this message  
Reply
« First 2 3

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC