Hi, system craches&laggs.got svchost.exe&Acgeneral.dll errors
Hi, system craches&laggs.got svchost.exe&Acgeneral.dll errors.
I worked through the 8step virus removal, saved the log files as requested.
system was fine,I installed Bit Defender,scanned the system,it found viruses,it could not repair all the files so I opped for delete. now im getting "Generic Host Process For Win32 Services Error Signatures".
szAppName:svchost.exe szAppVer:5.1.2600.5512
szModName:AcGeneral.dll szModVer:5.1.2600.5512 offset:000116e2
Error Report Contens:
c:\Docume~1\Bee\Locals~1\Temp\WER424b.dir00\svchost.exe.mdmp
c:\Docume~1\Bee\Locals~1\Temp\WER424b.dir00\appcompat.txt
here is some info I got on the svchost.exe File Version:5.1.2600.5512
(xpsp.080413-2111)
dont know if all of that would be of any extra help...
Ok, now for the logs that I save after running the 8step programe.
Attached log files:
zipped and attached as requested.
I really hope you can assist.
Thank You.
Ok..Here they are, the saved log files:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4483
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
8/26/2010 8:09:59 PM
mbam-log-2010-08-26 (20-09-59).txt
Scan type: Quick scan
Objects scanned: 127098
Time elapsed: 24 minute(s), 22 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 -
http://www.gmer.net
Rootkit quick scan 2010-08-26 20:21:45
Windows 5.1.2600 Service Pack 3
Running: GMER.exe; Driver: C:\DOCUME~1\Bee\LOCALS~1\Temp\pxtdqpow.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\svchost.exe (*** hidden *** ) [AUTO] nojjcsj <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
DDS (Ver_10-03-17.01) - NTFSx86
Run by Bee at 20:29:54.58 on Thu 08/26/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.267 [GMT 2:00]
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\lxcjcoms.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bee\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [LXCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCJtime.dll,_RunDLLEntry@16
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
============= SERVICES / DRIVERS ===============
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-12 104456]
R3 st3bus28;st3bus28;c:\windows\system32\drivers\st3bus28.sys [2002-12-28 8416]
R3 st3mp28;st3mp28;c:\windows\system32\drivers\st3mp28.sys [2002-12-28 95328]
S2 nojjcsj;texuzwhme;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]
=============== Created Last 30 ================
2010-08-26 17:35:24 0 d-----w- c:\docume~1\bee\applic~1\Malwarebytes
2010-08-26 17:34:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-26 17:34:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-08-26 17:34:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-26 17:34:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-26 14:12:06 0 d-----w- c:\docume~1\bee\applic~1\Auslogics
2010-08-26 14:09:23 0 d-----w- c:\program files\Auslogics
2010-08-26 13:09:00 0 d-sh--w- c:\documents and settings\bee\IECompatCache
2010-08-26 13:07:50 0 d-sh--w- c:\documents and settings\bee\PrivacIE
2010-08-26 12:57:09 0 d-sh--w- c:\documents and settings\bee\IETldCache
2010-08-26 12:41:19 16896 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-08-26 12:40:41 0 d-----w- c:\windows\ie8updates
2010-08-26 12:40:16 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-08-26 12:40:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-08-26 12:40:13 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-08-26 12:40:10 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-08-26 12:40:09 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-26 12:40:08 11077120 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-08-26 12:40:07 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-26 12:34:27 0 dc-h--w- c:\windows\ie8
2010-08-26 11:48:14 0 d-----w- c:\program files\MSXML 4.0
2010-08-26 11:28:04 0 d-----w- c:\docume~1\bee\applic~1\NewSoft
2010-08-26 09:46:49 0 d-----w- c:\windows\system32\NtmsData
2010-08-25 15:25:43 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-08-25 15:25:43 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-08-25 15:24:51 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-25 15:18:56 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-08-25 15:18:54 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-08-25 15:18:51 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-25 14:04:36 0 d-----w- c:\windows\system32\PreInstall
2010-08-25 14:04:33 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-08-25 14:04:29 0 d--h--w- c:\windows\$hf_mig$
2010-08-25 12:48:48 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-08-25 12:44:29 13700 ----a-w- c:\windows\system32\wpa.bak
2010-08-25 11:49:37 850 ----a-w- c:\windows\system32\ProductTweaks.xml
2010-08-25 11:49:15 385 ----a-w- c:\windows\system32\user_gensett.xml
2010-08-25 11:47:22 81984 ----a-w- c:\windows\system32\bdod.bin
2010-08-25 11:46:40 121 ----a-w- c:\windows\bdagent.INI
2010-08-25 10:39:02 0 d-----w- c:\docume~1\bee\applic~1\BitDefender
2010-08-25 10:38:15 0 d-----w- c:\program files\BitDefender
2010-08-25 10:38:15 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2010-08-25 10:22:14 0 d-----w- c:\program files\common files\BitDefender
2010-08-24 13:43:19 110592 ----a-w- c:\windows\system32\tsccvid.dll
2010-08-24 10:48:47 0 d-----w- c:\windows\Cache
2010-08-24 06:59:08 0 d-----w- c:\docume~1\bee\applic~1\SolidWorks
2010-08-23 17:04:30 0 d-----w- c:\program files\common files\eDrawings2005
2010-08-23 17:03:16 0 d-----w- c:\docume~1\bee\applic~1\DWGEditor
2010-08-23 17:03:14 42 ----a-w- c:\windows\trailer.xws
2010-08-23 17:03:11 23 ---ha-w- c:\windows\yacht.xws
2010-08-23 17:02:48 639052 ----a-w- c:\windows\system32\BBPDFPortMon.dll
2010-08-23 16:53:42 0 d-----w- c:\program files\common files\SolidWorks Shared
2010-08-23 16:53:31 0 d-----w- c:\program files\common files\Bluebeam Software
2010-08-23 16:42:51 0 d-----w- c:\program files\Bluebeam Software
2010-08-23 16:42:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Bluebeam Software
2010-08-23 16:35:36 0 d-----w- c:\program files\D-Tools
2010-08-23 11:10:52 88566 ----a-w- c:\windows\system32\nvapps.xml
2010-08-23 11:10:52 208896 ----a-w- c:\windows\system32\nvudisp.exe
2010-08-23 11:10:52 17056 ----a-w- c:\windows\system32\nvdisp.nvu
2010-08-23 11:10:52 0 d-----w- c:\windows\nview
2010-08-23 11:10:34 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-08-23 11:09:36 0 d-----w- C:\NVIDIA
2010-08-23 11:03:25 0 d-sh--w- c:\documents and settings\bee\UserData
2010-08-23 11:00:09 3243 ----a-w- c:\windows\system32\wbem\Outlook_01cb42b259f12840.mof
2010-08-23 10:58:53 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-08-23 10:58:53 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-08-23 10:58:08 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2010-08-23 10:58:08 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2010-08-23 10:58:08 113664 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2010-08-23 10:58:08 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2010-08-23 10:57:27 0 d-----w- c:\program files\Altech
2010-08-23 07:45:52 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-08-23 07:31:08 0 d-----w- c:\windows\SHELLNEW
2010-08-23 06:46:20 0 d-----w- c:\program files\Abbyy FineReader 6.0 Sprint
2010-08-23 06:44:28 28672 ----a-w- c:\windows\hookdllX.dll
2010-08-23 06:44:28 0 d-----w- c:\program files\common files\NewSoft
2010-08-23 06:44:15 11776 ----a-w- c:\windows\system32\pmsbfn32.dll
2010-08-23 06:44:15 0 d-----w- c:\windows\system32\color
2010-08-23 06:44:15 0 d-----w- c:\program files\Lexmark Applications
2010-08-23 06:44:09 257 ----a-w- c:\windows\setup.iss
2010-08-23 06:43:30 0 d-----w- c:\program files\Lx_cats
2010-08-23 06:43:05 40960 ----a-w- c:\windows\system32\lxcjvs.dll
2010-08-23 06:43:04 344064 ----a-w- c:\windows\system32\lxcjcoin.dll
2010-08-23 06:42:47 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-08-23 06:42:47 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-08-23 06:42:39 87040 -c--a-w- c:\windows\system32\dllcache\wiafbdrv.dll
2010-08-23 06:42:39 87040 ----a-w- c:\windows\system32\wiafbdrv.dll
2010-08-23 06:42:35 413696 ----a-w- c:\windows\system32\lxcjdrs.dll
2010-08-23 06:42:34 61440 ----a-w- c:\windows\system32\lxcjcnv4.dll
2010-08-23 06:13:06 0 d-----w- c:\program files\Lexmark 8300 Series
2010-08-22 13:38:23 384 ----a-w- c:\windows\pfe32.ini
2010-08-22 13:14:01 0 d-----w- c:\program files\CNC Software, Inc
2010-08-22 12:47:15 457216 ----a-w- c:\windows\system32\drivers\hardlock.sys
2010-08-22 12:47:13 6656 ----a-w- c:\windows\system32\haspvdd.dll
2010-08-22 12:47:13 47616 ----a-w- c:\windows\system32\drivers\Haspnt.sys
2010-08-22 12:47:13 383 ----a-w- c:\windows\system32\haspdos.sys
2010-08-22 12:47:13 2577 ----a-w- c:\windows\system32\config.hsp
2010-08-22 12:45:04 86016 ----a-w- c:\windows\system32\MCLSTCTL.OCX
2010-08-22 12:45:04 53248 ----a-w- c:\windows\system32\MCREAL.OCX
2010-08-22 12:45:04 53248 ----a-w- c:\windows\system32\MCBITMAP.OCX
2010-08-22 12:45:04 45056 ----a-w- c:\windows\system32\MCINT.OCX
2010-08-22 12:45:04 29028 ----a-w- c:\windows\system32\MSPLIT.EXE
2010-08-22 12:45:04 21638 ----a-w- c:\windows\system32\Mpack.exe
2010-08-22 12:45:04 17858 ----a-w- c:\windows\system32\Munpack.exe
2010-08-22 12:45:04 15956 ----a-w- c:\windows\system32\MJOIN.EXE
2010-08-22 12:17:58 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-22 11:52:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
2010-08-22 11:52:36 0 d-----w- c:\program files\Nero
2010-08-22 11:22:25 0 d-----w- c:\program files\common files\ODBC
2010-08-22 11:22:20 0 d-----w- c:\program files\common files\SpeechEngines
2010-08-22 11:21:48 0 d-----r- c:\documents and settings\all users\Documents
2010-08-22 11:02:50 0 d-----w- c:\program files\Realtek Sound Manager
2010-08-22 11:02:49 0 d-----w- c:\program files\AvRack
2010-08-22 11:02:37 0 d-----w- c:\program files\Realtek AC97
2010-08-22 09:59:33 0 d-sh--w- c:\documents and settings\all users\DRM
2010-08-22 09:58:53 0 d--h--w- c:\program files\WindowsUpdate
2010-08-22 09:58:01 0 d-----w- c:\program files\common files\MSSoap
2010-08-22 09:55:31 0 d-----w- c:\program files\Online Services
2010-08-22 09:55:20 0 d-----w- c:\program files\Messenger
2010-08-22 09:55:16 0 d-----w- c:\program files\MSN Gaming Zone
2010-08-22 09:54:34 0 d-----w- c:\program files\Windows NT
==================== Find3M ====================
2010-08-25 15:59:10 104456 ----a-w- c:\windows\system32\drivers\bdfndisf.sys
2010-08-22 09:56:10 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:10:44 81920 ------w- c:\windows\system32\ieencode.dll
============= FINISH: 20:33:20.64 ==============