Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus despite New HD


  • Please log in to reply

#31
hawthorn

hawthorn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 203 posts
Hi All again.

Coachwife I hope you're reading!! I spoke too soon, Im afraid. I was online last night, and just after I posted the previous msg I got this:

Generic Host Process for Win32 Services
Generic Host Process for Win32 Services has encountered a problem and needs to close.

And the Data error report contained:

szAppName : szAppVer: 0.0.0.0 szModName: unknown szModVer: 0.0.0.0
offset: 00000000

The following files were included

C:\DOCUMENT~1\KEVINC~1\LOCALS~1\TEMP\WER1E.tmp.dir00\svchost.exe.mdmp\appcompat.txt


The PC froze and nothing would open or close, so I had to press the on/off button.
Now today I was online, going fine and the very same thing has just happened, and I had to turn on/off again. This also happened last week.

And of course c-windows-system32 still opens on booting up.

No virus present in AVG, I also ran Search and Destroy and Adaware, and they did remove a number of files.

Heres the latest Hijack This log:

Logfile of HijackThis v1.97.7
Scan saved at 17:52:59, on 24/09/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Kevin Carroll\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [BuildLabs] C:\WINDOWS\system\csrss.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.0\THGuard.exe"
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:ENG
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095350570078
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03C8E272-58D2-443E-BA91-695EECC228C9}: NameServer = 194.145.128.1 194.125.2.206
O17 - HKLM\System\CS1\Services\Tcpip\..\{03C8E272-58D2-443E-BA91-695EECC228C9}: NameServer = 194.145.128.1 194.125.2.206
O17 - HKLM\System\CS2\Services\Tcpip\..\{03C8E272-58D2-443E-BA91-695EECC228C9}: NameServer = 194.145.128.1 194.125.2.206


Hope someone can help!!

Thanks
again

KC
  • 0

Advertisements


#32
-=jonnyrotten=-

-=jonnyrotten=-

    Member 2k

  • Retired Staff
  • 2,678 posts
First insert your Windows disk into the drive. Next click Start, Run, type "sfc.exe /scannow" without the quotes, and press enter. Fix all the errors. Reboot. Let us know how things are now. <_<

-=jonnyrotten=- :D
  • 0

#33
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
JonnyRotten is a lot smarter than me. Listen to him. Also, you need to update to SP2 when you get a chance. Are you on dial-up or broadband? You can get the disc mailed to you if you're on dial-up. <_<
  • 0

#34
hawthorn

hawthorn

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 203 posts
Hi.

I presume you mean the Windows XP disk. I did what you asked, and a Windows File Protection came up, verifyting that all protected Windows files were intact and in their original versions. Half way thru it looked for XP Service Pack 1, which I dont have. So I ignored that and it carried on till it reached 100% then just disappeared!!!

KC
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP