Log'N'Rock: General Host Process failing during startup [INACTIVE] - Log'N'Rock

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

General Host Process failing during startup [INACTIVE]

#1 User is offline   Hannes Icon

  • Garage rocker
  • Pip
  • Group: Members
  • Posts: 1
  • Joined: 14-January 09

Posted 15 January 2009 - 07:44 AM

Greetings, When I boot my Web server it keeps on popping up with svchost errors. Very similar problem that was described in this topic ( http://www.lognrock....?showtopic=2331 ). Also my network connection is starting to fail and the server has very strange behavours. I tried to follow the cleanup process described in the above mentioned topic, but almost none of the apps work on Windows Server 2003. I've submitted my HiJackThis log file in hopes that someone here could assist me. Thank you very much. :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:24:24 AM, on 2009/01/15
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ahsay Offsite Backup Server\bin\AobService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahsay Offsite Backup Server\java\bin\java.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\mstsc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\svchost.exe
c:\txt\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1024\SVCHOST.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\hgcheck.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\MySQL\MySQL Tools for 5.0\MySQLSystemTrayMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.za/
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [hgcheck] C:\WINDOWS\system32\hgcheck.exe
O4 - HKLM\..\Run: [svchost.exe] "C:\WINDOWS\system32\1024\SVCHOST.EXE"
O4 - HKLM\..\Run: [sock] C:\Documents and Settings\Administrator\pcguardmon.exe
O4 - HKLM\..\RunOnce: [svchost.exe] "C:\WINDOWS\system32\1024\SVCHOST.EXE"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-1621398553-4257509204-1458678130-500\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-21-1621398553-4257509204-1458678130-500 Startup: MySQL System Tray Monitor.lnk = C:\Program Files\MySQL\MySQL Tools for 5.0\MySQLSystemTrayMonitor.exe (User '?')
O4 - Startup: MySQL System Tray Monitor.lnk = C:\Program Files\MySQL\MySQL Tools for 5.0\MySQLSystemTrayMonitor.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://downloads.5star-network.com
O15 - ESC Trusted Zone: http://www.foodbev.co.za
O15 - ESC Trusted Zone: http://www2.freedownloadscenter.com
O15 - ESC Trusted Zone: http://za.php.net
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://download.winzip.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1159792427765
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C617481-4346-43AC-9ABB-8BCB2D30B1A8}: NameServer = 66.8.94.93,66.8.94.82
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ahsay Offsite Backup Server - Unknown owner - C:\Program Files\Ahsay Offsite Backup Server\bin\AobService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Network DDE Service - Unknown owner - C:\WINDOWS\System32\VMPSVR
O23 - Service: NVIDIA Display Drivers Service (NVISvc) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\Server082.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Display Drivers (WyDNS) - Unknown owner - c:\txt\svchost.exe

--
End of file - 7552 bytes
0

#2 User is offline   Fred Flintstone Icon

  • Dave Gilmour
  • Icon
  • Group: Malware Experts
  • Posts: 2,515
  • Joined: 20-April 08
  • Gender:Male
  • Location:Somerset

Posted 18 January 2009 - 01:39 AM

Hi Hannes .. welcome to BFC..

Quote

but almost none of the apps work on Windows Server 2003

You didn't say which worked and which didn't???

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Try running MBAM (Try it in safe mode as well if needed)..

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware

  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Please post back:
  • SDFix log
  • MBAM log
  • New HijackThis (HJT) log
..

Thanks..
Fred.. ;)
0

#3 User is offline   Fred Flintstone Icon

  • Dave Gilmour
  • Icon
  • Group: Malware Experts
  • Posts: 2,515
  • Joined: 20-April 08
  • Gender:Male
  • Location:Somerset

Posted 30 January 2009 - 03:14 AM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.
0
Page 1 of 1
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users