Generic Host Process for Win32 Services - shuts down PC

View previous topic View next topic Go down

Generic Host Process for Win32 Services - shuts down PC

Post by sb24 on 25th January 2010, 10:56 pm

After approximately 15 mins with IE open, system displays message -
Generic Host Process for WIn32 Services has encountered a problem and needs to close.

System shutdown initiated by NT Authority/SYSTEM. WIndows must now restart because the DCOM Service Process Launcher service terminated unexpectedly.

The PC then shuts down and restarts on its own.

Here is the Hijack this log file. Please tell me next steps to start to fix this problem. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:15 PM, on 1/25/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Frank Batzel\Desktop\winlogon.scr
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\WINDOWS\system32\msfeedssync.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Frank Batzel\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Google Sidewiki... - [You must be registered and logged in to see this link.] Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [You must be registered and logged in to see this link.] (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
O18 - Protocol: bw+0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {FAB98D1C-9D21-4E05-8F56-F1297630C6C4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c9a687388bc690) (gupdate1c9a687388bc690) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE

--
End of file - 21562 bytes

sb24
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-09-08
OS OS : XP
Points Points : 26648
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Generic Host Process for Win32 Services - shuts down PC

Post by Belahzur on 26th January 2010, 1:18 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Generic Host Process for Win32 Services - shuts down PC

Post by sb24 on 26th January 2010, 2:05 pm

mbam log file after quick scan
Malwarebytes' Anti-Malware 1.44
Database version: 3640
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/26/2010 8:58:59 AM
mbam-log-2010-01-26 (08-58-59).txt

Scan type: Quick Scan
Objects scanned: 127901
Time elapsed: 15 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Frank Batzel\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

sb24
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-09-08
OS OS : XP
Points Points : 26648
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Generic Host Process for Win32 Services - shuts down PC

Post by sb24 on 28th January 2010, 1:08 pm

Bump - need to know next steps - please reply

sb24
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-09-08
OS OS : XP
Points Points : 26648
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Generic Host Process for Win32 Services - shuts down PC

Post by Belahzur on 28th January 2010, 5:47 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Generic Host Process for Win32 Services - shuts down PC

Post by sb24 on 28th January 2010, 7:13 pm

DDS (Ver_09-12-01.01) - NTFSx86
Run by Frank Batzel at 14:06:46.34 on Thu 01/28/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.145 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Documents and Settings\Frank Batzel\Desktop\dds.scr
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [cdloader] "c:\documents and settings\frank batzel\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Dell Photo AIO Printer 922] "c:\program files\dell photo aio printer 922\dlbtbmgr.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\frankb~1\startm~1\programs\startup\vcastm~1.lnk - c:\program files\verizon wireless\v cast music\V CAST Music Monitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
uPolicies-system: DisableTaskMgr =
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - [You must be registered and logged in to see this link.]
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: plus1solutions.net\my
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [You must be registered and logged in to see this link.]
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [You must be registered and logged in to see this link.]
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\frankb~1\applic~1\mozilla\firefox\profiles\z8bhgixv.default\
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-1-9 214664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-14 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-14 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-9-14 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-1-9 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-1-9 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-1-9 40552]
S2 gupdate1c9a687388bc690;Google Update Service (gupdate1c9a687388bc690);c:\program files\google\update\GoogleUpdate.exe [2009-3-16 133104]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-1-9 34248]

=============== Created Last 30 ================

2010-01-17 15:17:05 0 d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2010-01-17 15:17:03 0 d-----w- c:\program files\McAfee Security Scan
2010-01-17 12:43:56 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-01-17 12:43:56 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-01-17 12:43:56 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-01-17 12:43:56 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-01-17 12:43:56 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-01-17 12:43:56 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-01-17 12:43:56 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-01-17 12:43:56 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2010-01-17 12:43:50 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-01-17 12:43:50 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-01-17 12:43:49 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-01-17 12:43:49 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2010-01-13 10:49:05 471552 ------w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 15:33:06 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:33:06 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll

============= FINISH: 14:09:49.60 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/5/2004 4:27:23 PM
System Uptime: 1/28/2010 2:04:06 PM (0 hours ago)

Motherboard: Dell Computer Corp. | | 0N6381
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 71 GiB total, 48.094 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP544: 10/28/2009 10:15:07 AM - Installed McAfee Virtual Technician
RP545: 10/30/2009 11:02:09 AM - System Checkpoint
RP546: 11/1/2009 10:35:13 AM - System Checkpoint
RP547: 11/2/2009 6:04:02 PM - System Checkpoint
RP548: 11/3/2009 7:25:39 PM - System Checkpoint
RP549: 11/4/2009 7:37:41 PM - System Checkpoint
RP550: 11/5/2009 4:00:17 AM - Software Distribution Service 3.0
RP551: 11/7/2009 11:21:12 AM - System Checkpoint
RP552: 11/8/2009 11:01:12 AM - System Checkpoint
RP553: 11/9/2009 11:13:10 AM - System Checkpoint
RP554: 11/9/2009 5:53:45 PM - Installed Windows XP KB915865.
RP555: 11/9/2009 5:55:15 PM - Installed Windows NLSDownlevelMapping.
RP556: 11/9/2009 5:56:03 PM - Installed Windows IDNMitigationAPIs.
RP557: 11/9/2009 5:56:44 PM - Installed Windows Internet Explorer 7.
RP558: 11/9/2009 5:57:36 PM - Software Distribution Service 3.0
RP559: 11/10/2009 3:00:17 AM - Software Distribution Service 3.0
RP560: 11/11/2009 4:36:55 PM - Software Distribution Service 3.0
RP561: 11/12/2009 3:00:24 AM - Software Distribution Service 3.0
RP562: 11/12/2009 9:53:08 AM - Software Distribution Service 3.0
RP563: 11/13/2009 9:54:22 AM - System Checkpoint
RP564: 11/14/2009 10:06:17 AM - System Checkpoint
RP565: 11/15/2009 10:30:29 AM - System Checkpoint
RP566: 11/16/2009 11:56:59 AM - System Checkpoint
RP567: 11/17/2009 12:30:29 PM - System Checkpoint
RP568: 11/18/2009 12:54:25 PM - System Checkpoint
RP569: 11/19/2009 1:18:51 PM - System Checkpoint
RP570: 11/20/2009 1:30:52 PM - System Checkpoint
RP571: 11/21/2009 3:47:55 PM - System Checkpoint
RP572: 11/22/2009 4:26:29 PM - System Checkpoint
RP573: 11/23/2009 5:01:53 PM - System Checkpoint
RP574: 11/25/2009 1:21:38 PM - System Checkpoint
RP575: 11/26/2009 3:00:28 AM - Software Distribution Service 3.0
RP576: 11/26/2009 11:03:18 AM - Software Distribution Service 3.0
RP577: 11/27/2009 11:04:13 AM - System Checkpoint
RP578: 11/28/2009 11:51:43 AM - System Checkpoint
RP579: 11/29/2009 12:28:07 PM - System Checkpoint
RP580: 11/30/2009 1:40:12 PM - System Checkpoint
RP581: 12/1/2009 1:52:18 PM - System Checkpoint
RP582: 12/2/2009 2:06:14 PM - System Checkpoint
RP583: 12/3/2009 2:52:17 PM - System Checkpoint
RP584: 12/4/2009 3:04:18 PM - System Checkpoint
RP585: 12/5/2009 4:04:18 PM - System Checkpoint
RP586: 12/6/2009 4:52:25 PM - System Checkpoint
RP587: 12/7/2009 5:16:27 PM - System Checkpoint
RP588: 12/8/2009 6:15:44 PM - System Checkpoint
RP589: 12/9/2009 6:16:29 PM - System Checkpoint
RP590: 12/10/2009 3:00:21 AM - Software Distribution Service 3.0
RP591: 12/11/2009 11:54:31 PM - System Checkpoint
RP592: 12/13/2009 12:20:00 AM - System Checkpoint
RP593: 12/14/2009 1:20:58 AM - System Checkpoint
RP594: 12/15/2009 1:32:01 AM - System Checkpoint
RP595: 12/16/2009 2:32:00 AM - System Checkpoint
RP596: 12/17/2009 3:22:25 AM - System Checkpoint
RP597: 12/18/2009 3:56:55 AM - System Checkpoint
RP598: 12/19/2009 4:56:56 AM - System Checkpoint
RP599: 12/20/2009 5:59:17 AM - System Checkpoint
RP600: 12/21/2009 6:56:56 AM - System Checkpoint
RP601: 12/21/2009 2:27:28 PM - Installed Java(TM) 6 Update 17
RP602: 12/22/2009 2:39:28 PM - System Checkpoint
RP603: 12/23/2009 8:05:11 PM - System Checkpoint
RP604: 12/27/2009 1:13:05 PM - System Checkpoint
RP605: 12/28/2009 2:13:37 PM - System Checkpoint
RP606: 12/29/2009 2:57:08 PM - System Checkpoint
RP607: 12/30/2009 7:28:03 PM - System Checkpoint
RP608: 1/1/2010 3:27:20 PM - System Checkpoint
RP609: 1/2/2010 4:17:19 PM - System Checkpoint
RP610: 1/3/2010 5:17:19 PM - System Checkpoint
RP611: 1/5/2010 11:19:33 PM - System Checkpoint
RP612: 1/7/2010 9:42:52 AM - System Checkpoint
RP613: 1/8/2010 10:57:21 AM - System Checkpoint
RP614: 1/9/2010 11:37:16 AM - System Checkpoint
RP615: 1/10/2010 12:25:15 PM - System Checkpoint
RP616: 1/11/2010 1:35:20 PM - System Checkpoint
RP617: 1/12/2010 2:12:31 PM - System Checkpoint
RP618: 1/13/2010 2:55:37 PM - System Checkpoint
RP619: 1/14/2010 9:24:19 AM - Software Distribution Service 3.0
RP620: 1/15/2010 9:36:28 AM - System Checkpoint
RP621: 1/16/2010 10:36:26 AM - System Checkpoint
RP622: 1/17/2010 11:19:46 AM - System Checkpoint
RP623: 1/18/2010 11:36:50 AM - System Checkpoint
RP624: 1/19/2010 12:24:25 PM - System Checkpoint
RP625: 1/20/2010 1:24:51 PM - System Checkpoint
RP626: 1/21/2010 3:00:29 AM - Software Distribution Service 3.0
RP627: 1/22/2010 3:00:20 AM - Software Distribution Service 3.0
RP628: 1/23/2010 12:39:27 PM - System Checkpoint
RP629: 1/25/2010 6:48:35 PM - System Checkpoint

==== Installed Programs ======================

a-squared HiJackFree 3.1
ABBYY FineReader 5.0 Sprint Plus
Acrobat.com
Adobe AIR
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
ArcSoft Camera Suite 1.3
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
AudibleManager
Banctec Service Agreement
Camera Support Core Library
Camera Window
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Classic PhoneTools
Creative MediaSource
Creative MuVo N200
Creative System Information
Critical Update for Windows Media Player 11 (KB959772)
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 922
DellSupport
G4a922EN
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Intel(R) 537EP V9x DFV PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java(TM) 6 Update 17
Logitech Desktop Messenger
Logitech SetPoint
magicJack Recovery Tool 1.0
Malwarebytes' Anti-Malware
McAfee Security Scan
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Media Player for Internet Explorer
MovieEdit Task
Mozilla Firefox (3.5.7)
MSN
MSN Toolbar
Musicmatch for Windows Media Player
Musicmatch® Jukebox
MuVo Driver
My DSC
My Way Search Assistant
PhotoStitch
QuickTime
RAW Image Task 1.1
RemoteCapture Task 1.0.3
Samsung USB Driver (MCCI 4.24 WHQL)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Sonic DLA
Sonic RecordNow!
Sonic Update Manager
SoundMAX
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
V CAST Music
Virtual Earth 3D (Beta)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

1/27/2010 8:27:28 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
1/27/2010 8:27:28 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/26/2010 9:01:35 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
1/26/2010 9:00:53 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
1/24/2010 12:58:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
1/24/2010 12:58:51 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/24/2010 1:16:30 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
1/23/2010 6:26:09 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/23/2010 6:26:09 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
1/23/2010 6:23:07 PM, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
1/23/2010 6:23:07 PM, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
1/23/2010 11:40:27 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows CardSpace service to connect.
1/23/2010 11:40:27 AM, error: Service Control Manager [7000] - The Windows CardSpace service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/22/2010 5:59:52 PM, error: MRxSmb [8003] - The master browser has received a server announcement from the computer SANDYB that believes that it is the master browser for the domain on transport NetBT_Tcpip_{CDEA362A-B8EC-4849-95. The master browser is stopping or an election is being forced.

==== End Of File ===========================

sb24
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-09-08
OS OS : XP
Points Points : 26648
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Generic Host Process for Win32 Services - shuts down PC

Post by Belahzur on 29th January 2010, 12:20 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    My Way Search Assistant

One issue that might be causing this is Mcafee, I've never liked Mcafee, see here for more info:
[You must be registered and logged in to see this link.]

Uninstall Mcafee, and install something lighter on the system, like AVira.


1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Generic Host Process for Win32 Services - shuts down PC

Post by sb24 on 29th January 2010, 11:19 pm

1- While I was removing My Way Search Assistant, the system shut down. The program is still listed in the Add/Remove Programs window, but when I try to 'remove' it again, there is an error message
Error Loading C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll

2- I uninstalled McAfee, and installed Antivir PersonalEditionClassic.

I still have the problem that I originally reported where the system shuts down.

Next steps?

sb24
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-09-08
OS OS : XP
Points Points : 26648
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Generic Host Process for Win32 Services - shuts down PC

Post by Belahzur on 30th January 2010, 5:59 pm

Hello.
Lets try something else to shift that Myway.

Please download Revo Uninstall from here: [You must be registered and logged in to see this link.]

  1. Download and run the setup file for Revo Uninstaller.
  2. Once setup, run Revo Uninstaller.
  3. Select the following item for removal by clicking on it once.

    My Way Search Assistant

  4. Then hit the "Uninstall" button at the top.
  5. Close Revo Uninstaller.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Generic Host Process for Win32 Services - shuts down PC

Post by sb24 on 30th January 2010, 8:06 pm

Used Revo to uninstall the MyWay Search Assistant. Had the same error come up - Error Loading C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll.
But continued through and let Revo delete pertinent registry entries.
Now MyWay Search doesn't display in the program list.

But still have the shutdown problem.

Next steps?

sb24
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-09-08
OS OS : XP
Points Points : 26648
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Generic Host Process for Win32 Services - shuts down PC

Post by sb24 on 2nd February 2010, 1:18 pm

Bump - need to know next steps - please reply

sb24
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-09-08
OS OS : XP
Points Points : 26648
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Generic Host Process for Win32 Services - shuts down PC

Post by Belahzur on 2nd February 2010, 7:00 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Generic Host Process for Win32 Services - shuts down PC

Post by sb24 on 2nd February 2010, 11:36 pm

Contents of combofix.txt

ComboFix 10-02-02.02 - Frank Batzel 02/02/2010 18:12:24.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.280 [GMT -5:00]
Running from: c:\documents and settings\Frank Batzel\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\unins000.dat
c:\windows\unins000.exe

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys

.
((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.

2010-02-02 23:03 . 2010-02-02 23:05 -------- d-----w- C:\32788R22FWJFW
2010-01-31 23:25 . 2010-01-31 23:25 -------- d-----w- c:\documents and settings\Frank Batzel\Local Settings\Application Data\Abacast
2010-01-30 18:51 . 2010-01-30 18:51 -------- d-----w- c:\program files\VS Revo Group
2010-01-29 22:58 . 2009-11-25 16:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-29 22:58 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-01-29 22:58 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-01-29 22:58 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-01-29 22:58 . 2010-01-29 22:58 -------- d-----w- c:\program files\Avira
2010-01-29 22:58 . 2010-01-29 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-01-17 15:17 . 2010-01-17 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2010-01-17 12:43 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
2010-01-17 12:43 . 2001-08-18 03:36 8704 ----a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-01-17 12:43 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
2010-01-17 12:43 . 2001-08-18 03:36 8192 ----a-w- c:\windows\system32\dllcache\kbdkor.dll
2010-01-17 12:43 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
2010-01-17 12:43 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-01-17 12:43 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\kbd103.dll
2010-01-17 12:43 . 2001-08-17 19:55 5632 ----a-w- c:\windows\system32\dllcache\kbd103.dll
2010-01-17 12:43 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
2010-01-17 12:43 . 2001-08-17 19:55 6144 ----a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-01-17 12:43 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\kbd106.dll
2010-01-17 12:43 . 2008-04-14 01:09 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll
2010-01-13 10:49 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
2010-01-08 19:09 . 2010-01-08 19:09 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Viewpoint

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 22:52 . 2009-03-16 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-29 22:52 . 2009-09-15 00:28 -------- d-----w- c:\program files\McAfee
2010-01-29 22:49 . 2006-12-02 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-01-29 22:49 . 2004-11-29 00:00 -------- d-----w- c:\program files\McAfee.com
2010-01-29 22:46 . 2004-12-05 21:31 42816 ----a-w- c:\documents and settings\Frank Batzel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 13:25 . 2009-09-08 01:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-23 19:59 . 2008-09-30 03:05 -------- d-----w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp
2010-01-23 16:48 . 2009-09-12 04:00 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-22 05:59 . 2009-09-01 12:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 15:05 . 2004-12-06 22:43 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-20 00:01 . 2010-01-20 00:01 93016 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\ug00000\magicJack.dll
2010-01-20 00:00 . 2010-01-23 19:59 6551808 ---ha-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\in00000\setup.exe
2010-01-20 00:00 . 2010-01-23 19:40 6551808 ---ha-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\Upgrade\setup1.exe
2010-01-20 00:00 . 2010-01-20 00:00 6551808 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\ug00000\setup.exe
2010-01-20 00:00 . 2010-01-20 00:00 416248 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\magicJackLoader.exe
2010-01-20 00:00 . 2010-01-20 00:00 480608 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\octvqe1_apiw.dll
2010-01-20 00:00 . 2010-01-20 00:00 214360 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\TjVista.dll
2010-01-20 00:00 . 2010-01-20 00:00 337240 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\TjIpSys.dll
2010-01-20 00:00 . 2010-01-20 00:00 607600 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\SJHandsetMagicJack.dll
2010-01-20 00:00 . 2010-01-20 00:00 87384 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\st00000\mjsetup.exe
2010-01-20 00:00 . 2010-01-20 00:00 93016 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\st00000\magicJack.dll
2010-01-20 00:00 . 2010-01-20 00:00 93016 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\magicJack.dll
2010-01-19 23:58 . 2010-01-19 23:58 12482904 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\magicJack.exe
2010-01-19 23:57 . 2010-01-23 19:59 730032 ---ha-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\ar00000\install.exe
2010-01-19 23:57 . 2010-01-23 19:40 730032 ---ha-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\Upgrade\install1.exe
2010-01-19 23:57 . 2010-01-19 23:57 730032 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\ug00000\install.exe
2010-01-19 23:57 . 2010-01-19 23:57 87384 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\in00000\mjsetup.exe
2010-01-19 23:57 . 2010-01-19 23:57 93016 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\in00000\magicJack.dll
2010-01-19 23:55 . 2010-01-19 23:55 441704 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2010-01-19 23:55 . 2010-01-19 23:55 441704 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\st00000\magicJackSplash.exe
2010-01-19 23:55 . 2010-01-19 23:55 441704 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\magicJackSplash.exe
2010-01-19 23:55 . 2010-01-19 23:55 441704 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\in00000\magicJackSplash.exe
2010-01-19 23:55 . 2010-01-19 23:55 50520 ----a-w- c:\documents and settings\Frank Batzel\Application Data\mjusbsp\cdloader2.exe
2010-01-17 21:10 . 2009-06-05 02:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-17 15:16 . 2010-01-17 15:16 836464 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-01-07 21:07 . 2009-09-08 01:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-09-08 01:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2004-08-04 11:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2009-04-01 20:51 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2008-09-30 02:11 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-21 19:28 . 2004-11-28 23:57 -------- d-----w- c:\program files\Java
2009-12-21 19:26 . 2009-12-21 19:26 152576 ----a-w- c:\documents and settings\Frank Batzel\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-21 03:02 . 2009-12-21 03:02 79488 ----a-w- c:\documents and settings\Frank Batzel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-20 15:10 . 2009-03-16 22:30 -------- d-----w- c:\program files\Google
2009-11-21 15:51 . 2008-09-30 02:11 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-01 32768]
"cdloader"="c:\documents and settings\Frank Batzel\Application Data\mjusbsp\cdloader2.exe" [2010-01-19 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"MMTray"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe" [2005-05-03 135168]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-05-12 282624]
"mmtask"="c:\program files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe" [2005-05-03 53248]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\Frank Batzel\Start Menu\Programs\Startup\
V CAST Music Monitor.lnk - c:\program files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe [2005-11-30 327680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-2-28 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-2-28 450560]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Documents and Settings\\Sandra Batzel\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Frank Batzel\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Documents and Settings\\Frank Batzel\\Local Settings\\Application Data\\Abacast\\Abaclient.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [1/29/2010 5:58 PM 108289]
S2 gupdate1c9a687388bc690;Google Update Service (gupdate1c9a687388bc690);c:\program files\Google\Update\GoogleUpdate.exe [3/16/2009 5:33 PM 133104]
.
Contents of the 'Scheduled Tasks' folder

2010-02-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-16 06:39]

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 22:33]

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-16 22:33]

2010-02-02 c:\windows\Tasks\User_Feed_Synchronization-{B0D5CE08-5429-442E-BB5A-AC34BD3DE66E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 23:36]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: plus1solutions.net\my
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Frank Batzel\Application Data\Mozilla\Firefox\Profiles\z8bhgixv.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-magicJack Recovery Tool_is1 - c:\windows\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-02 18:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(560)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\UTSCSI.EXE
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2010-02-02 18:34:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-02 23:34

Pre-Run: 51,448,180,736 bytes free
Post-Run: 54,668,128,256 bytes free

- - End Of File - - 1DFF9811A7D1B67D198CCE8590D46769

sb24
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-09-08
OS OS : XP
Points Points : 26648
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Generic Host Process for Win32 Services - shuts down PC

Post by Belahzur on 3rd February 2010, 12:58 am

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Generic Host Process for Win32 Services - shuts down PC

Post by sb24 on 4th February 2010, 11:32 pm

Did the combofix / uninstall.
Machine is running fine now. Not receiving the error messages, and machine is not shutting down on its own.

Problem appears to be solved.
Anything else to check?

sb24
Novice
Novice

Posts Posts : 38
Joined Joined : 2009-09-08
OS OS : XP
Points Points : 26648
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum