Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log


  • Please log in to reply
8 replies to this topic

#1 igonuts2

igonuts2

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:03:07 PM

Posted 21 May 2005 - 02:49 PM

original post http://www.bleepingcomputer.com/forums/Gen...ose-t19321.html

presario I386
spybot s&d w/res
adaware se personel
spyware blaster
NIS 2005
microsoft antispy

i hate to bother you all here. gotta a lot to do. i was advised to post here.

my generic host closer i think has something to do with NIS.
i checked the last def dl and it was a firewall update. so i guess i'll have to talk to them (original post).

i dont think i have a seriuos problem but you all are thorough so;

Logfile of HijackThis v1.99.1
Scan saved at 12:31:27 PM, on 5/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Transfer\hijackthis\hijackthis\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: hpothb07.dat
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

ty for your assistance,

igo
Why work when you can play!

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 21 May 2005 - 09:18 PM

Hi igonuts2,

Been reading up on this particular issue for a while now!

Can you actually see a file labeled

svchost.exe.mdmp

Seems I have seen that error somewhere before!

Has there been any additions or updates recently?

please download rkfiles.zip and unzip it to its own permanent folder.
http://skads.org/special/rkfiles.zip

* Restart the computer in Safe Mode.
* As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
* Use the arrow keys to select the Safe Mode menu item.
* Press the Enter key.

Locate the rkfiles.bat file and double-click it to run it. It will start scanning your computer and could take a little while so be patient. When the DOS window closes, reboot back to normal mode.

Post the contents of C:\log.txt back here

#3 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet

Posted 21 May 2005 - 09:43 PM

hi cretemonster,

this is the error mesg that comes up when ever we boot up;

Generic Host Process for Win32 Services encountered a problem and needed to close.

szAppName : svchost.exe szAppVer : 0.0.0.0 szModName : unknown
szModVer : 0.0.0.0 offset : 00000000

C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\WER386f.dir00\svchost.exe.mdmp
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\WER386f.dir00\appcompat.txt

i gotto go take care of a personel matter and will be back later tonite with the log you requested.

along with other wierd things (original post) now when clicking the mouse i have a wierd sound. i know that some of these wierd things may be trivial, but im just trying to give you all the ammo you need.

on the whole i think, or feel, that something is influencing my nav. lotta little things. i just cant find anything wrong.

yes, to your Q re updates. pls see original post original post

http://www.bleepingcomputer.com/forums/Gen...ose-t19321.html

got a firewall update from NIS. since then the error mesg comes up when ever i start the pc.

ty cretemonster,

igo

ps, cool avatar.

Edited by igonuts2, 21 May 2005 - 09:45 PM.

Why work when you can play!

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 21 May 2005 - 10:24 PM

OK....Obtaing the Updates for my NIS as we speak,Will let you know what happens!

I still want to know if you can see that file and what the RKFiles Scan returns!

Also,probably unrelated,have you received and Mailer Damon Returns and dont know why,as if to say,you didnt send any emails on the date specified?

Updates installing....if I disappear....Call 991!!!!!!!!! :thumbsup:

#5 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:03:07 PM

Posted 22 May 2005 - 02:22 AM

hi cretemonster,

im still a newbie so im a little slow. ok, im real slow.

didnt know what you ment when you asked if i could see the file.
no running processes with that file name. assuming Task Manager was the place to look. just svchost.exe

re; Mailer Damon Returns. my wife got two that she says were ligit.

just so you know whats going on with Symantec and so im not working against you, this is thier reply. i havent and wont do anything unless you say to.
------------------------------------------------------------------
Greetings Syd,

Thank you for contacting Symantec Online Technical Support.

I understand from your message that you are encountering the Generic Host Process error message.

Syd, please note that this issue can occur due to the corrupted files in Downloads folder. I suggest that you to delete the contents of the Downloads folder and run LiveUpdate. This should resolve the issue. To do this, please follow the steps provided below:

1. On the Windows taskbar, click Start > Search.
2. Click All files and folders.
3. In the "All or part of the file name" box, type the following:

downloads

4. Verify that "Look in" is set to Local Hard Drives or to (C:).
5. Click More advanced options.
6. Check Search system folders.
7. Check Search subfolders.
8. Check Search hidden files and folders.
9. Click Search.

It is likely that the search will find more than one file or folder that has Downloads as all or part of the name. Look in the In Folder column for a path that ends in \LiveUpdate.

10. On the line that contains \LiveUpdate, double-click the \Downloads folder to open it.
11. Delete all files and folders that are contained in the \LiveUpdate\Downloads folder.
12. In most cases these files will be Autoupdt.trg and Livetri.zip. There may also be one or more folders. Delete all of them.
13. Close all windows.
If the issue still persists, then this issue can occur if your Norton Internet Security (NIS) Firewall rules are corrupted. To resolve this issue, I suggest that you please refer to the documented link provided below which helps you in restoring the default Firewall rules:

Title: 'Restoring the default firewall rules in Norton Internet Security or Norton Personal Firewall'
Document ID: 2003092614250136
> Web URL:
http://service1.symantec.com/Support/nip.n...src=con_ols_nam


Please let us know if we can be of any further assistance. Thank you for choosing Symantec software.

Regards,

Abhilash P.R.
Symantec Authorized Technical Support

--------------------------------------------------------------

heres your log,

C:\Documents and Settings\Compaq_Owner\Desktop\rkfiles

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
Files Found in system Folder............
------------------------
C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213

Files Found in all users startup Folder............
------------------------
Files Found in all users windows Folder............
------------------------
C:\WINDOWS\tsc.exe: UPX!
C:\WINDOWS\vsapi32.dll: UPX!t4
Finished
bye

-----------------------------------------------------------------

i'll check back tomarrow. sorry about slow posting. my moms been kinda, just hanging on for a month now. some times i gotta go for a while.

im just learning how to drive this vehicle. unlike a car, it is my feeling, and seems to be that of bc's, that driving and maintaining must be one simultaneous process.
although it can hurt when your car crashes.

ty ty ty ty ty Cretemonster,

igo
Why work when you can play!

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 22 May 2005 - 06:13 AM

Well that was Interesting!

What a kind way of saying Our Product may have screwed up really bad....Please delete all traces of it and try again!

So far both logs you showed me are clean!

What I would do on top of locating the downloads folder they speak of is clean up all Temp folders!

You can check the following locations for temp folders

C:\Temp

C:\Windows\Temp\

C:\Windows\System32\Temp\

C:\Documents and Settings\Administrator\Local Settings\Temp\

C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\

C:\Documents and Settings\Owner\Local Settings\Temp\

C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

C:\Documents and Settings\<All other users Profile>\Local Settings\Temp\

Two programs targeted directly at Temporary Files

CCleaner:
http://www.filehippo.com/download_ccleaner.html
This is to help keep those Temporary Files Cleaned Up!

All you will want to use on this is the Opening Page(Windows Tab)Just Click Run Cleaner and let it do its thing!

CleanUp! 4.0:
http://downloads.stevengould.org/cleanup/CleanUp40.exe

If that Link doesnt work,just go to Google.com and Search for CleanUp!

It should be the First Return!!
Once Installed,Open and Click CleanUp! and When Prompted to Log Off,do so!

C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp<< Thats the folder I was asking could you see that file in?

#7 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet

Posted 22 May 2005 - 09:46 PM

ty,

i'll follow Symantecs advice as you suggest and let you know.

igo
Why work when you can play!

#8 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet
  • Local time:03:07 PM

Posted 23 May 2005 - 01:52 AM

did the Symantec stuff and no error msgs. and all the little wierd things that were happening on line went away.

ty

i went to the dl folder and del the things they said. i left the search window open for some reason. anyway, i did live update again and the dl (Symantec) folder filled up with lots of zipped folders. after the live update closed all but a hand full of the new dl zipped folders disappeared.

i got worried and went to Symantec and did the "scan your computer for threats" thing (not the virus scan). result was that my pc was secure. from thier prospective anyway.

just wierd how the update files were there durring live update, but as soon as the update was over most of them vanished.

that reminds me. i hope you dont.

i'll get back tomorrow to see if you have any more advice. so far im good to go. unless you think i need to do those other things you mentioned. im not sure how to do them.

im still a newbie

ty cretemonster

my wife wants to steal your avatar. dont know how she is gonna do that. i told her "no" anyway.

PS. i thank you and my wife thanks you for your time.

even though it looks like Symantec's solution worked, i feel im in better hands here. vendors generaly say the problems arent with thier products.

ty,
igo

Edited by igonuts2, 23 May 2005 - 09:26 AM.

Why work when you can play!

#9 igonuts2

igonuts2
  • Topic Starter

  • Members
  • 358 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:my closet

Posted 24 May 2005 - 11:48 PM

ty cretemonster!

all problems attributed to corrupt Symantec fire wall update.

solution;
deletion of "live update" files in downloaded files folder.
and reconnecting with "live update".

this thread can now be closed

ty bc
Why work when you can play!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users