Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My laptop log - Please help!


  • Please log in to reply
1 reply to this topic

#1 simonme20

simonme20

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:23 AM

Posted 21 March 2005 - 10:08 AM

Hi.

I am also having problems with my laptop. After about 10 minsof being connected to this internet, I get an error saying 'Generic Host Process for Win32 Services has encountered a problem and needs to close.' After this the connection completely stops. Is this spyware or adware related? Here is my log -

Logfile of HijackThis v1.99.1
Scan saved at 15:01:37, on 21/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svcshost.exe
C:\WINDOWS\System32\wdrk32.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\atiupdxx.exe
C:\WINDOWS\System32\mscrdm.exe
C:\WINDOWS\System32\smrrs.exe
C:\WINDOWS\System32\tasksetup.exe
C:\WINDOWS\System32\winxp34.exe
C:\WINDOWS\System32\sysmsvc.exe
C:\windows\system32\avirus.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Simon/My%20Documents/Home%20Page/home.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/Simon/My%20Documents/Home%20Page/home.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.microsoft.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIUpdater] atiupdxx.exe
O4 - HKLM\..\Run: [Microsoft Critical Disk Management] mscrdm.exe
O4 - HKLM\..\Run: [Ethernet Drivers] smrrs.exe
O4 - HKLM\..\Run: [TASK SETUP] tasksetup.exe
O4 - HKLM\..\Run: [Dynamic Dns Binary] winxp34.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\windows\system32\avirus.exe
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\Run: [Win32 DRK Driver] wdrk32.exe
O4 - HKLM\..\RunServices: [ATIUpdater] atiupdxx.exe
O4 - HKLM\..\RunServices: [Microsoft Critical Disk Management] mscrdm.exe
O4 - HKLM\..\RunServices: [Ethernet Drivers] smrrs.exe
O4 - HKLM\..\RunServices: [TASK SETUP] tasksetup.exe
O4 - HKLM\..\RunServices: [Dynamic Dns Binary] winxp34.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\RunServices: [Win32 DRK Driver] wdrk32.exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\RunOnce: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\Run: [ATIUpdater] atiupdxx.exe
O4 - HKCU\..\Run: [TASK SETUP] tasksetup.exe
O4 - HKCU\..\Run: [Dynamic Dns Binary] winxp34.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] svcshost.exe
O4 - HKCU\..\Run: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\RunServices: [ATIUpdater] atiupdxx.exe
O4 - HKCU\..\RunOnce: [Microsoft Windows Update] svcshost.exe
O4 - HKCU\..\RunOnce: [Win32 DRK Driver] wdrk32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Y!mLite - {9B04D939-D9D1-45e0-9FBF-5A31AAF7A68A} - C:\Program Files\Y!mLite\ymlite.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {0EB73E39-8AD4-43E8-8FBA-0165C2CCDB8B} (GameControl Class) - http://uk.midas.games.yahoo.net/midasa.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by16fd.bay16.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/219f6cbead504e...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094237204209
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} (Sol Control) - http://www.worldwinner.com/games/v44/sol/sol.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://ravantivirus.com/scan/ravonline.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4127F4E-1A66-4192-AD6B-E2411ECD92DF}: NameServer = 212.67.120.148
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: COM+ System Service - Unknown owner - C:\WINDOWS\system32\SSMS.EXE
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\system32\service.exe (file missing)
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

Thanks again in advance!!!

Simon

BC AdBot (Login to Remove)

 


m

#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:23 AM

Posted 21 March 2005 - 11:51 PM

Uninstall Media Access from add/remove programs.

I need to get samples of some of your files. Please create a folder called c:\submit. Now copy the following files into that directory:

C:\windows\system32\avirus.exe
c:\windows\system32\mscrdm.exe
c:\windows\system32\smrrs.exe
c:\windows\system32\sysmsvc.exe
c:\windows\system32\tasksetup.exe
c:\windows\system32\winxp34.exe
c:\windows\system32\atiupdxx.exe
c:\windows\system32\svcshost.exe
c:\windows\system32\wdrk32.exe
C:\WINDOWS\system32\SSMS.EXE

To copy the files simply navigate to the directory they are in and right click on them and then click on copy. Then paste these files into the c:\submit directory. Once the files are all copied I need you to zip the folder and rename submit.zip to yourmembername.zip (for example grinler.zip). If you are using XP or ME right-click on the folder and click on the Send To option and then send it to a compressed folder. You will now see a file called submit.zip. If you are using another version of Windows, please download a program called Winzip and zip it using that. Then go to http://www.bleepingcomputer.com/submit-malware.php fill in the required fields, and browse to the file. Then click on the Send File button.

Then,


Print out these instructions and then close all windows including Internet Explorer.

Then I want you to fix some of those entries. Please do the following:

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then click the Fix button:

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll (file missing)
O4 - HKLM\..\Run: [ATIUpdater] atiupdxx.exe
O4 - HKLM\..\Run: [Microsoft Critical Disk Management] mscrdm.exe
O4 - HKLM\..\Run: [Ethernet Drivers] smrrs.exe
O4 - HKLM\..\Run: [TASK SETUP] tasksetup.exe
O4 - HKLM\..\Run: [Dynamic Dns Binary] winxp34.exe
O4 - HKLM\..\Run: [Anti-Virus Update Scheduler V1.39.12R] C:\windows\system32\avirus.exe
O4 - HKLM\..\Run: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\Run: [Win32 DRK Driver] wdrk32.exe
O4 - HKLM\..\RunServices: [ATIUpdater] atiupdxx.exe
O4 - HKLM\..\RunServices: [Microsoft Critical Disk Management] mscrdm.exe
O4 - HKLM\..\RunServices: [Ethernet Drivers] smrrs.exe
O4 - HKLM\..\RunServices: [TASK SETUP] tasksetup.exe
O4 - HKLM\..\RunServices: [Dynamic Dns Binary] winxp34.exe
O4 - HKLM\..\RunServices: [MsWindows SysDate] sysmsvc.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\RunServices: [Win32 DRK Driver] wdrk32.exe
O4 - HKLM\..\RunOnce: [Microsoft Windows Update] svcshost.exe
O4 - HKLM\..\RunOnce: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\Run: [ATIUpdater] atiupdxx.exe
O4 - HKCU\..\Run: [TASK SETUP] tasksetup.exe
O4 - HKCU\..\Run: [Dynamic Dns Binary] winxp34.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] svcshost.exe
O4 - HKCU\..\Run: [Win32 DRK Driver] wdrk32.exe
O4 - HKCU\..\RunServices: [ATIUpdater] atiupdxx.exe
O4 - HKCU\..\RunOnce: [Microsoft Windows Update] svcshost.exe
O4 - HKCU\..\RunOnce: [Win32 DRK Driver] wdrk32.exe
O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} (AsyncDownloader Class) - http://survey.otxresearch.com/Preloader.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/219f6cbead504e...ip/RdxIE601.cab
O23 - Service: COM+ System Service - Unknown owner - C:\WINDOWS\system32\SSMS.EXE
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\system32\service.exe (file missing)
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe

Reboot your computer into Safe Mode

Then delete these files or directories (Do not be concerned if they do not exist)

C:\windows\system32\avirus.exe
C:\Program Files\Media Access\
c:\windows\system32\mscrdm.exe
c:\windows\system32\smrrs.exe
c:\windows\system32\sysmsvc.exe
c:\windows\system32\tasksetup.exe
c:\windows\system32\winxp34.exe
c:\windows\system32\atiupdxx.exe
c:\windows\system32\svcshost.exe
c:\windows\system32\wdrk32.exe
C:\WINDOWS\system32\SSMS.EXE
C:\WINDOWS\zeta.exe

Reboot your computer to go back to normal mode and post a new log.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users