New problems finally! I was begining to miss them!

View previous topic View next topic Go down

New problems finally! I was begining to miss them!

Post by spacephrawgg on 3rd March 2010, 12:04 pm

This is on my mom's computer, with WinXP. She started to get this error message that read as follows:

"to help protect your computer, Windows has closed this program:
Name: Generic Host Process for Win32 Service
Publisher: Microsoft Corporation"

Things have been slow and glitchy as well. Sometimes the system freezes up for all of two seconds, which feel like an eternity, and then goes back to normal and doesn't do this again for hours.

Anyhow here is the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:58:39 AM, on 3/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\Documents and Settings\Liz\My Documents\Downloads\winlogon.scr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

[You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

[You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

[You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =

*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program

Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -

C:\Program Files\Norton 360\Engine\3.0.0.135\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program

Files\Norton 360\Engine\3.0.0.135\coIEPlg.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader

9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US [You must be registered and logged in to see this link.]
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program

Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -

[You must be registered and logged in to see this link.]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) -

[You must be registered and logged in to see this link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{0016D5AE-70AF-4E3D-96E6-46E3AB648342}: NameServer =

192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0016D5AE-70AF-4E3D-96E6-46E3AB648342}: NameServer =

192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0016D5AE-70AF-4E3D-96E6-46E3AB648342}: NameServer =

192.168.1.1
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton

360\Engine\3.0.0.135\coIEPlg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program

Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. -

C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton

360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program

Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 6173 bytes

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New problems finally! I was begining to miss them!

Post by Dr Jay on 3rd March 2010, 2:40 pm

Hello. We need to do some diagnostics to get started.

1. Please download [You must be registered and logged in to see this link.] and Save it to your desktop
  • Double click it to start the tool.
  • Click Scan.
  • Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

2. Download [You must be registered and logged in to see this link.] to your desktop
  • A window will pop up, Press 2 and then Enter. A scan will start, let it run uninterrupted. It should only take a few minutes.
  • A log will appear when it is finished, it will also be saved in the same location as LockSearch, which should be on your desktop. Post the contents of the log in your reply

3. Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]
Save it to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

4. Please download [You must be registered and logged in to see this link.], and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.

5. I request the following logs to be posted in your next reply, please:
-Rooter
-LockSearch
-CKScanner
-Cheetah

Thanks. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

Re: New problems finally! I was begining to miss them!

Post by spacephrawgg on 3rd March 2010, 4:14 pm

crud i did the wrong thing. hold on, doing the right thing, stand by 8>/

Removed the extra log post for you. Smile
-Belahzur

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New problems finally! I was begining to miss them!

Post by spacephrawgg on 3rd March 2010, 4:15 pm

Here's the rooter thing:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 7, GenuineIntel
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.5.8 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:145 Go - Free:129 Go )
D:\ [CD_Rom]
.
Scan : 11:13.43
Path : C:\Documents and Settings\Liz\My Documents\Downloads\Rooter.exe
User : Liz ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (1212)
______ \??\C:\WINDOWS\system32\csrss.exe (1260)
______ \??\C:\WINDOWS\system32\winlogon.exe (1288)
______ C:\WINDOWS\system32\services.exe (1332)
______ C:\WINDOWS\system32\lsass.exe (1344)
______ C:\WINDOWS\system32\Ati2evxx.exe (1516)
______ C:\WINDOWS\system32\svchost.exe (1532)
______ C:\WINDOWS\system32\svchost.exe (1608)
______ C:\WINDOWS\System32\svchost.exe (1652)
______ C:\WINDOWS\system32\svchost.exe (1792)
______ C:\WINDOWS\System32\spoolsv.exe (240)
______ C:\WINDOWS\system32\svchost.exe (328)
______ C:\Program Files\Bonjour\mDNSResponder.exe (360)
______ C:\Program Files\Java\jre6\bin\jqs.exe (620)
______ C:\WINDOWS\Explorer.EXE (656)
______ C:\WINDOWS\stsystra.exe (1036)
______ C:\Program Files\Dell\Media Experience\DMXLauncher.exe (1052)
______ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (1060)
______ C:\Program Files\Java\jre6\bin\jusched.exe (1068)
______ C:\Program Files\AWS\WeatherBug\Weather.exe (1140)
______ C:\WINDOWS\system32\ctfmon.exe (1156)
______ C:\Program Files\AIM6\aim6.exe (1164)
______ C:\Program Files\Digital Line Detect\DLG.exe (1188)
______ C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe (1196)
______ C:\Program Files\AIM6\aolsoftware.exe (1704)
______ C:\Program Files\Mozilla Firefox\firefox.exe (136)
______ C:\WINDOWS\system32\HPZipm12.exe (468)
______ C:\WINDOWS\system32\svchost.exe (688)
______ C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe (2376)
______ C:\WINDOWS\system32\svchost.exe (2688)
______ C:\WINDOWS\System32\alg.exe (3088)
______ C:\Documents and Settings\Liz\My Documents\Downloads\winlogon.scr (3024)
______ C:\WINDOWS\system32\NOTEPAD.EXE (1844)
______ C:\Documents and Settings\Liz\My Documents\Downloads\Rooter.exe (460)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:41094144)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:41126400 | Length:155762127360)
\Device\Harddisk0\Partition3 (Start_Offset:155803253760 | Length:4194892800)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 11:13.56
.
C:\Rooter$\Rooter_1.txt - (03/03/2010 | 11:13.56)

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New problems finally! I was begining to miss them!

Post by spacephrawgg on 3rd March 2010, 4:18 pm

Here's the locksearch thing:

LockSearch by jpshortstuff (05.11.09.1)
Log created at 11:15 on 03/03/2010 (Liz)
Scanning C:\


C:\hiberfil.sys
-------------------------


C:\pagefile.sys
-------------------------

-=E.O.F=-

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New problems finally! I was begining to miss them!

Post by spacephrawgg on 3rd March 2010, 4:23 pm

Here's the cheatah thing:
Cheetah-Anti-Rogue v1.3.11
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Date: 03/03/2010 - Time: 11:21:23 - Arch.: x86


-- Malware removal tools check --
Malwarebytes' Anti-Malware


-- Known infection --



Extra message: Detection only.


EOF

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New problems finally! I was begining to miss them!

Post by spacephrawgg on 3rd March 2010, 4:23 pm

The CKscanner thing said it saved but it did not save to the desktop. I did a system search and nothing came up. Nothing at all. what should i do?

spacephrawgg
Senior
Senior

Posts Posts : 210
Joined Joined : 2009-02-02
Gender Gender : Male
OS OS : XP
Points Points : 29511
# Likes # Likes : 0

View user profile

Back to top Go down

Re: New problems finally! I was begining to miss them!

Post by Dr Jay on 3rd March 2010, 5:03 pm

Never mind CKScanner.

Please download [You must be registered and logged in to see this link.] to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • If DeFogger ask to reboot the machine - click OK
IMPORTANT!
If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

====

Please open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14314
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302999
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum