1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Generic host process for win32 services has encountered a proble

Discussion in 'Malware and Virus Removal Archive' started by KRE09, 2009/10/30.

  1. 2009/10/30
    KRE09

    KRE09 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    22
    Likes Received:
    0
    [Inactive] Generic host process for win32 services has encountered a proble

    I have a problem regarding a strange error I just recently started getting.

    It occurs when I've been using the net for around 1/2 hour or so, when suddenly a message pops up saying "Generic host process for win32 services has encountered a problem and needs to close. We are sorry for the inconvenience. "

    If I click "don't send" or "send" timer comes up and when it hits 0 my computer shuts down. If i don't do anything I can use the internet fine until the timer comes up.

    Another post like this: http://www.windowsbbs.com/malware-v...ices-has-encountered-problem-needs-close.html ( just encase something in it is needed )

    I've tried Installing the Security Update found here http://www.microsoft.com/downloads/d...displaylang=en

    Along with several other patches fond in threads like this here that worked for others.

    But it has not helped.

    Nether has installing 24 windows updates. In fact it's made it worse. When I try to install windows Pack 3 I get A failed message in the first few seconds and it stops.

    My Security scan ( Stopzilla 5.0 ) picks 2 GASF trojans up Evey time I turn on my computer and every time I remove them. Then it finds a Search hijacker trojan and I remove it.

    Files evolved in error report:

    C:\DOCUME~1\Owner\LOCALS~1\Temp\WER96a0.dir00\svchost.exe.mdmp
    C:\DOCUME~1\Owner\LOCALS~1\Temp\WER96a0.dir00\appcompat.txt

    I've tried removing them but they keep coming back.




    Log ( before issue )

    DDS (Ver_09-10-26.01) - NTFSx86
    Run by Owner at 14:08:52.01 on Fri 10/30/2009
    Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.37 [GMT -5:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Digital Media Reader\shwiconem.exe
    svchost.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\zHotkey.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\STOPzilla!\STOPzilla.exe
    C:\Documents and Settings\Owner\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://www.google.com/ie
    uStart Page = hxxp://www.google.com/webhp?hl=en
    uSearch Page = hxxp://www.google.com
    mDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mSearchAssistant = hxxp://www.google.com/ie
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - c:\program files\stopzilla!\SZSG.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
    TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
    TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - c:\program files\stopzilla!\SZSG.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe "
    mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
    mRun: [SunKistEM] c:\program files\digital media reader\shwiconem.exe
    mRun: [<NO NAME>]
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [CHotkey] zHotkey.exe
    mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [Alcmtr] ALCMTR.EXE
    mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    uPolicies-system: EnableProfileQuota = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_A54B7D6FB1DA63EA.dll/cmsidewiki.html
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    LSP: c:\program files\common files\is3\anti-spyware\iS3lsp.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    LSA: Notification Packages = scecli c:\windows\system32\hiludupi.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\1ojbal8d.default\
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

    ============= SERVICES / DRIVERS ===============

    R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
    R2 szkg5;szkg;c:\windows\system32\drivers\SZKG.sys [2009-5-12 61328]

    =============== Created Last 30 ================

    2099-10-10 16:42:17 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
    2099-10-10 16:42:17 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
    2099-10-10 16:41:54 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
    2099-10-10 16:41:54 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
    2009-10-30 18:57:48 752 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
    2009-10-30 18:57:31 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
    2009-10-30 17:58:51 0 d-----w- C:\f757e70c980382d2705403fc822c4239
    2009-10-27 23:47:12 5505 ----a-w- c:\documents and settings\owner\.recently-used.xbel
    2009-10-14 22:34:20 0 ----a-w- c:\docume~1\owner\applic~1\wklnhst.dat
    2009-10-14 00:38:05 0 d-----w- c:\windows\pss

    ==================== Find3M ====================


    ============= FINISH: 14:10:00.10 ===============


    Might also add that I just got a new mother board.
     
    Last edited: 2009/10/31
    KRE09,
    #1
  2. 2009/10/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I'm not sure, if you're dealing with an infection here, but...
    Stopzilla is definitely not recommended program.
    I suggest, you uninstall it promptly.

    Then, you don't have any real AV program running.
    Download and install one of these:

    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

    - free Comodo Internet Security (firewall + AV): http://www.personalfirewall.comodo.com/
    NOTE. During installation, Comodo will also allow you to install AV only, or firewall only, if you prefer to combine one Comodo product with some other product.

    If you decide to install Avast, or Avira, make sure, Windows firewall is turned on, or use Comodo firewall..
    If you decide to install Comodo Internet Security, or just Comodo firewall, make sure, Windows firewall is turned off.

    IMPORTANT! Make sure, you use only ONE antivirus, and ONE firewall.

    After installation, update the program and run full scan.

    When motherboard has been replaced, was Windows reinstalled?
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/10/30
    KRE09

    KRE09 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    22
    Likes Received:
    0
    Thank you for the reply. No it was not. Stopzilla is gone. Tried to install Avast! But kept getting this: Setup finished there was an error while completing the set up process. So installed Avira, working. Problem still occurring.
     
    Last edited: 2009/10/31
    KRE09,
    #3
  5. 2009/10/31
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #4
  6. 2009/11/01
    KRE09

    KRE09 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    22
    Likes Received:
    0
    Tried it but did not get a message as stated on the site. Still happening.
     
    Last edited: 2009/11/01
    KRE09,
    #5
  7. 2009/11/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


    Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackTHis log.
    Do NOT attempt to fix anything!

    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
     
    broni,
    #6
  8. 2009/11/01
    KRE09

    KRE09 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    22
    Likes Received:
    0
    Reinstalled Windows XD and the problem seems to be gone.
     
    KRE09,
    #7
  9. 2009/11/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Alrighty then. Thanks for posting back :)
     
    broni,
    #8
  10. 2009/11/01
    KRE09

    KRE09 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    22
    Likes Received:
    0
    log part 1

    Thanks for helping me. :) Here is the ComboFix log Just encase.

    ComboFix 09-10-30.01 - Owner 11/01/2009 20:33.1.1 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.161 [GMT -8:00]
    Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall Plus *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\recycler\S-1-5-21-571500348-946979850-800506498-1003
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
    .

    2009-11-02 02:59 . 2009-11-02 02:59 32344 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-02 02:31 . 2009-11-02 02:31 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee.com Personal Firewall
    2009-11-02 02:30 . 2009-11-02 04:08 -------- d-----w- c:\documents and settings\Owner\Application Data\McAfee.com Personal Firewall
    2009-11-02 02:29 . 2009-11-02 04:22 -------- d-----w- c:\windows\system32\Lang
    2009-11-02 02:28 . 2009-11-02 02:28 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
    2009-11-02 02:14 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
    2009-11-02 02:13 . 2009-11-02 02:14 -------- d-----w- c:\windows\ie8updates
    2009-11-02 02:12 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2009-11-02 02:12 . 2009-08-29 08:08 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2009-11-02 02:12 . 2009-08-29 08:08 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2009-11-02 02:12 . 2009-08-29 08:08 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2009-11-02 02:12 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2009-11-02 02:12 . 2009-08-29 08:08 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
    2009-11-02 02:09 . 2009-11-02 02:12 -------- dc-h--w- c:\windows\ie8
    2009-11-02 01:51 . 2009-11-02 01:52 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
    2009-11-02 01:38 . 2009-11-02 01:38 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
    2009-11-02 01:26 . 2009-11-02 01:26 -------- d-----w- c:\windows\ServicePackFiles
    2009-11-02 01:21 . 2009-11-02 01:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
    2009-11-02 01:19 . 2009-11-02 01:19 -------- d-----w- c:\program files\MSXML 4.0
    2009-11-02 01:02 . 2009-07-29 00:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-11-02 01:02 . 2009-03-30 18:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-11-02 01:02 . 2009-02-13 20:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-11-02 01:02 . 2009-02-13 20:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-11-02 01:01 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
    2009-11-02 01:01 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
    2009-11-02 01:01 . 2009-11-02 01:01 -------- d-----w- c:\program files\Avira
    2009-11-02 01:01 . 2009-11-02 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-11-02 00:52 . 2009-11-02 00:53 -------- d-----w- c:\program files\GIMP-2.0
    2009-11-02 00:32 . 2009-08-04 13:58 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
    2009-11-02 00:32 . 2009-08-04 14:00 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
    2009-11-02 00:32 . 2009-08-04 13:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
    2009-11-02 00:32 . 2009-08-04 13:13 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
    2009-11-02 00:24 . 2009-11-02 00:24 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
    2009-11-02 00:20 . 2009-11-02 00:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
    2009-11-02 00:18 . 2009-11-01 23:57 -------- d-----w- c:\windows\system32\config\systemprofile\WINDOWS
    2009-11-02 00:18 . 2009-11-01 23:57 -------- d-----w- c:\documents and settings\Default User\WINDOWS
    2009-11-02 00:10 . 2009-11-02 00:10 -------- d-----w- C:\found.000
    2009-11-02 00:04 . 2009-11-01 23:55 -------- d-----w- c:\windows\creator
    2009-11-02 00:02 . 2004-06-17 22:55 1041536 ----a-w- c:\windows\system32\drivers\HSF_DP.sys
    2009-11-02 00:02 . 2004-03-17 19:04 13059 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
    2009-11-02 00:02 . 2004-03-17 19:00 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
    2009-11-02 00:02 . 2009-11-01 23:55 -------- d-----w- c:\windows\SMINST
    2009-11-02 00:02 . 2004-08-04 22:34 39018 ----a-w- c:\windows\system32\HSFCI011.dll
    2009-11-02 00:02 . 2004-06-17 22:56 220032 ----a-w- c:\windows\system32\drivers\HSFHWBS2.sys
    2009-11-02 00:02 . 2004-06-17 22:55 685056 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
    2009-11-02 00:02 . 2009-11-02 00:04 -------- d-----w- c:\windows\I386
    2009-11-02 00:02 . 2005-04-20 19:21 52736 ----a-w- c:\windows\system32\wzcsapi.dll
    2009-11-02 00:02 . 2005-04-20 19:21 474624 -c--a-w- c:\windows\system32\dllcache\wzcsvc.dll
    2009-11-02 00:02 . 2005-04-20 19:21 474624 ----a-w- c:\windows\system32\wzcsvc.dll
    2009-11-02 00:02 . 2001-08-17 22:36 13824 ----a-w- c:\windows\system32\wowfaxui.dll
    2009-11-02 00:00 . 2004-08-04 00:56 74240 ----a-w- c:\windows\system32\usbui.dll
    2009-11-01 23:59 . 2001-08-17 14:03 23936 -c--a-w- c:\windows\system32\dllcache\usbcamd2.sys
    2009-11-01 23:58 . 2004-08-04 00:56 47104 ----a-w- c:\windows\system32\cnbjmon.dll
    2009-11-01 23:57 . 2009-11-02 02:13 -------- d-----w- c:\documents and settings\Owner\Application Data\AOL
    2009-11-01 23:56 . 2009-11-01 23:56 -------- d-----w- C:\My Backup -- 09-11-01 0456PM
    2009-11-01 23:48 . 2009-11-01 23:48 -------- d-----w- c:\program files\McAfee
    2009-11-01 23:48 . 2009-11-01 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2009-11-01 23:48 . 2005-08-17 00:18 80640 ----a-w- c:\windows\system32\drivers\MpFirewall.sys
    2009-11-01 23:48 . 2005-08-17 00:13 9216 ----a-w- c:\windows\system32\MpfApi.dll
    2009-11-01 23:48 . 2009-11-02 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com Personal Firewall
    2009-11-01 23:47 . 2005-08-10 19:22 114464 ----a-w- c:\windows\system32\drivers\naiavf5x.sys
    2009-11-01 23:47 . 2009-11-01 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee.com
    2009-11-01 23:47 . 2009-11-01 23:48 -------- d-----w- c:\program files\McAfee.com
    2009-11-01 23:47 . 2005-08-30 03:01 349760 ----a-w- c:\windows\system32\mcinsctl.dll
    2009-11-01 23:47 . 2005-05-25 03:23 288320 ----a-w- c:\windows\system32\mcgdmgr.dll
    2009-11-01 23:45 . 2009-11-02 02:21 -------- d--h--w- c:\windows\$hf_mig$
    2009-11-01 23:45 . 2004-08-04 19:00 221184 ----a-w- c:\windows\system32\wmpns.dll
    2009-11-01 23:44 . 2003-03-25 13:00 67072 ----a-w- c:\windows\POWERCFG.EXE
    2009-11-01 23:43 . 2009-11-01 23:43 -------- d-----w- c:\documents and settings\Owner\Application Data\You've Got Pictures Screensaver
    2009-11-01 23:43 . 2009-11-01 23:43 -------- d-----w- c:\program files\Common Files\Nullsoft
    2009-11-01 23:41 . 2009-11-02 02:13 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2009-11-01 23:41 . 2009-11-01 23:43 -------- d-----w- c:\program files\Common Files\aolshare
    2009-11-01 23:41 . 2009-11-02 02:13 -------- d-----w- c:\program files\Common Files\AOL
    2009-11-01 23:41 . 2009-11-01 23:41 335 ----a-w- c:\windows\nsreg.dat
    2009-11-01 23:41 . 2009-11-01 23:41 -------- d-----w- c:\program files\Microsoft Money 2005
    2009-11-01 23:40 . 2009-11-01 23:40 -------- d-----w- c:\program files\MSN Encarta Plus
    2009-11-01 23:40 . 2009-11-01 23:40 -------- d-----w- c:\program files\Common Files\Adobe
    2009-11-01 23:40 . 2006-06-14 08:47 6400 -c--a-w- c:\windows\system32\dllcache\splitter.sys
    2009-11-01 23:40 . 2006-06-14 08:47 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
    2009-11-01 23:40 . 2006-06-14 09:00 82944 -c--a-w- c:\windows\system32\dllcache\wdmaud.sys
    2009-11-01 23:40 . 2006-06-14 09:00 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
    2009-11-01 23:40 . 2004-08-04 07:07 52864 -c--a-w- c:\windows\system32\dllcache\dmusic.sys
    2009-11-01 23:40 . 2004-08-04 07:07 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
    2009-11-01 23:40 . 2001-08-17 22:00 54272 -c--a-w- c:\windows\system32\dllcache\swmidi.sys
    2009-11-01 23:40 . 2001-08-17 22:00 54272 ----a-w- c:\windows\system32\drivers\swmidi.sys
    2009-11-01 23:40 . 2006-02-15 00:22 142464 -c--a-w- c:\windows\system32\dllcache\aec.sys
    2009-11-01 23:40 . 2006-02-15 00:22 142464 ----a-w- c:\windows\system32\drivers\aec.sys
    2009-11-01 23:38 . 2005-11-22 01:17 4223 ----a-w- c:\windows\mHotkey.reg
    2009-11-01 23:38 . 2005-05-03 23:45 42040 ----a-w- c:\windows\PatchWnd.exe
    2009-11-01 23:38 . 2004-12-09 01:57 550912 ----a-w- c:\windows\zHotkey.exe
    2009-11-01 23:38 . 2003-09-19 04:09 36864 ----a-w- c:\windows\ShowWnd.exe
    2009-11-01 23:38 . 2003-05-26 14:19 532544 ----a-w- c:\windows\PIC.dll
    2009-11-01 23:38 . 2003-05-17 04:09 11776 ----a-w- c:\windows\HIDMNT.dll
    2009-11-01 23:38 . 2001-07-03 04:36 24576 ----a-w- c:\windows\HKNTDLL.dll
    2009-11-01 23:38 . 2005-10-11 20:48 10280 ----a-w- c:\windows\BigFixClientOverride.dll
    2009-11-01 23:38 . 2009-11-01 23:38 -------- d-----w- c:\program files\BigFix
    2009-11-01 23:38 . 2009-11-01 23:38 -------- d-----w- c:\program files\Common Files\Roxio Shared
    2009-11-01 23:38 . 2009-11-01 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Napster
    2009-11-01 23:37 . 2009-11-01 23:38 -------- d-----w- c:\program files\Napster
    2009-11-01 23:37 . 2009-11-02 00:06 -------- d-----w- c:\windows\nview
    2009-11-01 23:37 . 2005-09-18 16:32 180224 ----a-w- c:\windows\system32\nvudisp.exe
    2009-11-01 23:36 . 2009-11-01 23:36 4 ----a-w- c:\windows\Pix11.dat
    2009-11-01 23:36 . 2009-11-01 23:37 -------- d-----w- c:\program files\Microsoft Digital Image 2006
    2009-11-01 23:36 . 2004-09-04 00:07 20480 ----a-w- c:\windows\system32\Marker32.exe
    2009-11-01 23:35 . 2009-11-01 23:36 -------- d-----w- c:\program files\Java
    2009-11-01 23:35 . 2009-11-01 23:35 -------- d-----w- c:\program
     
    KRE09,
    #9
  11. 2009/11/01
    KRE09

    KRE09 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    22
    Likes Received:
    0
    Log part 2

    files\Common Files\Java
    2009-11-01 23:35 . 2009-11-01 23:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150020}
    2009-11-01 23:35 . 2009-11-01 23:35 -------- d-----w- c:\program files\CyberLink
    2009-11-01 23:35 . 2004-07-15 22:08 471300 ----a-w- c:\windows\wallpe.exe
    2009-11-01 23:33 . 2004-03-22 22:17 24816 ----a-w- c:\windows\system32\mdimon.dll
    2009-11-01 23:32 . 2009-11-01 23:32 -------- d-----w- c:\program files\Microsoft ActiveSync
    2009-11-01 23:32 . 2009-11-01 23:32 -------- d-----w- c:\windows\SHELLNEW
    2009-11-01 23:31 . 2009-11-01 23:31 -------- d-----w- c:\program files\Microsoft.NET
    2009-11-01 23:31 . 2009-11-01 23:31 -------- d-----r- C:\MSOCache
    2009-11-01 23:31 . 2009-11-01 23:31 -------- d-----w- c:\program files\Google
    2009-11-01 23:31 . 2009-11-01 23:39 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-11-01 23:29 . 2009-11-01 23:30 -------- d-----w- c:\program files\Microsoft Works
    2009-11-01 23:27 . 2005-09-09 21:51 176128 ----a-w- c:\windows\system32\nvunrm.exe
    2009-11-01 23:27 . 2005-07-30 01:10 100480 ----a-w- c:\windows\system32\drivers\nvtcp.sys
    2009-11-01 23:27 . 2005-09-09 21:51 176128 ----a-w- c:\windows\system32\nvusmb.exe
    2009-11-01 23:27 . 2005-09-09 21:51 176128 ----a-w- c:\windows\system32\NVUNINST.EXE
    2009-11-01 23:26 . 2009-11-01 23:35 -------- d-----w- c:\program files\Common Files\InstallShield
    2009-11-01 23:26 . 2005-02-16 23:18 90184 ----a-w- c:\windows\system32\NeroCo.dll
    2009-11-01 23:26 . 2005-01-20 13:29 2658304 ------w- c:\windows\UNNeroBurnRights.exe
    2009-11-01 23:26 . 2000-06-26 19:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-02 02:27 . 2009-11-01 23:42 -------- d-----w- c:\program files\Pure Networks
    2009-11-01 23:57 . 2004-08-26 18:04 -------- d-----w- c:\program files\microsoft frontpage
    2009-11-01 23:43 . 2009-11-01 23:42 -------- d-----w- c:\program files\QuickTime
    2009-11-01 23:42 . 2009-11-01 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
    2009-11-01 23:42 . 2009-11-01 23:42 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
    2009-11-01 23:42 . 2009-11-01 23:42 -------- d-----w- c:\program files\Common Files\Real
    2009-11-01 23:42 . 2009-11-01 23:42 -------- d-----w- c:\program files\Real
    2009-11-01 23:42 . 2009-11-01 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
    2009-11-01 23:42 . 2009-11-01 23:42 -------- d-----w- c:\program files\Viewpoint
    2009-11-01 23:42 . 2009-11-01 23:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
    2009-11-01 23:42 . 2009-11-01 23:42 -------- d-----w- c:\program files\Common Files\AolCoach
    2009-11-01 23:39 . 2009-11-01 23:39 -------- d-----w- c:\program files\Realtek
    2009-11-01 23:30 . 2009-11-01 23:30 -------- d-----w- c:\program files\Digital Media Reader
    2009-09-25 05:48 . 2009-09-25 05:48 81920 ------w- c:\windows\system32\ieencode.dll
    2009-09-11 14:33 . 2007-11-29 16:45 133632 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-04 20:45 . 2007-11-29 16:45 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-08-29 08:08 . 2007-11-29 16:46 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-08-26 08:16 . 2007-11-29 16:46 247326 ----a-w- c:\windows\system32\strmdll.dll
    2009-08-05 09:11 . 2007-11-29 16:45 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-04 14:00 . 2007-11-29 16:46 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-08-04 13:13 . 2009-11-02 00:00 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "SunKistEM "= "c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
    "RemoteControl "= "c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
    "Recguard "= "c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "Reminder "= "c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
    "VSOCheckTask "= "c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-09 151552]
    "OASClnt "= "c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
    "MCAgentExe "= "c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-07-02 303104]
    "MCUpdateExe "= "c:\progra~1\mcafee.com\agent\mcupdate.exe" [2005-08-26 212992]
    "MSKAGENTEXE "= "c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
    "MSKDetectorExe "= "c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-13 1121792]
    "avgnt "= "c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "VirusScan Online "= "c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
    "MPFExe "= "c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-09-28 999424]
    "McRegWiz "= "c:\progra~1\mcafee.com\agent\mcregwiz.exe" [2005-06-01 368714]
    "nwiz "= "nwiz.exe" - c:\windows\system32\nwiz.exe [2005-09-18 1519616]
    "CHotkey "= "zHotkey.exe" - c:\windows\zHotkey.exe [2004-12-09 550912]
    "High Definition Audio Property Page Shortcut "= "HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-08 61952]
    "RTHDCPL "= "RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-14 14820864]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BigFix.lnk - c:\program files\BigFix\bigfix.exe [2009-11-1 2168360]
    Run_MFU_US.cmd [2004-10-20 41]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring "=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe "=

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/1/2009 5:02 PM 108289]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - CLASSPNP_2
    *NewlyCreated* - MBR
    *Deregistered* - CLASSPNP_2
    *Deregistered* - mbr
    .
    Contents of the 'Scheduled Tasks' folder

    2009-11-02 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\system32\OOBE\oobebaln.exe [2007-11-29 19:00]

    2009-11-02 c:\windows\Tasks\ISP signup reminder 2.job
    - c:\windows\system32\OOBE\oobebaln.exe [2007-11-29 19:00]

    2009-11-02 c:\windows\Tasks\ISP signup reminder 3.job
    - c:\windows\system32\OOBE\oobebaln.exe [2007-11-29 19:00]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.emachines.com/
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\sd3cnal8.default\
    FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
    FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-AOL Spyware Protection - c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-01 20:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2009-11-02 20:44
    ComboFix-quarantined-files.txt 2009-11-02 04:43

    Pre-Run: 126,459,256,832 bytes free
    Post-Run: 126,434,402,304 bytes free

    - - End Of File - - EBBD31452A2FF745B5A45AECAA3234A5
     
    KRE09,
    #10
  12. 2009/11/01
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Was it clean install, or over the top?

    You're running two AV programs, Avira and McAfee. One of them has to go.

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Open JavaRa.exe again and select Search For Updates.
    • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.
     
    broni,
    #11
  13. 2009/11/02
    KRE09

    KRE09 Inactive Thread Starter

    Joined:
    2009/10/30
    Messages:
    22
    Likes Received:
    0
    clean install. Done and done, thanks again, my computer is faster now. :D
     
    KRE09,
    #12
  14. 2009/11/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good :)
     
    broni,
    #13

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...