My Hijackthis Log

adt

I keep getting disconnected, and programs take 5minutes to open (even Task Manager)

Please help me!

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:07:28 PM, on 2/23/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\vsnpstd.exe

C:\Program Files\Microsoft LifeChat\LifeChat.exe

E:\Programs\Comodo\Firewall\cfp.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

E:\Programs\Gaim\pidgin.exe

E:\Programs\Comodo\Firewall\cmdagent.exe

C:\Program Files\SwiftKit\SwiftKit.exe

E:\Programs\SonyPlugins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

E:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program

Files\Freecorder\tbFre0.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program

Files\Freecorder\tbFre0.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll

O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program

Files\Freecorder\tbFre0.dll

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programs\Adobe\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Programs\Comodo\Firewall\cfp.exe" -h

O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program Files\DNA\btdna.exe"

O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O8 - Extra context menu item: Speak by SpeakText - E:\Programs\speaktext\IESpeak.htm

O8 - Extra context menu item: Stop SpeakText speaking - E:\Programs\speaktext\IEStop.htm

O9 - Extra button: Speak by SpeakText - {03B5D444-9D5C-4361-aaB5-F81F37F0F704} -

E:\Programs\speaktext\IESpeak.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Select Voice - {489BD066-48C3-4C2B-92a6-9311462429F3} -

E:\Programs\speaktext\IEChangVoice.htm

O9 - Extra button: Pause Or Resume SpeakText speaking - {6F193B8E-2aD2-44CE-93a7-DB3E042589ED} -

E:\Programs\speaktext\IEPause.htm

O9 - Extra button: Stop SpeakText speaking - {C14815F2-50BC-4F98-8D78-401BCC828a5F} -

E:\Programs\speaktext\IEStop.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems

Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO -

E:\Programs\Comodo\Firewall\cmdagent.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--

End of file - 4785 bytes

adt

Ok, I have before me a very strange problem. Here's how it goes.

Every 4-5 hours my computer will go to this strange state. In this state, it takes 5-10 minutes to open any program. And the network stops functioning to a degree. Though as soon as they open, they run at normal speeds.

The only possibility I can think of is perhaps a corrupt service file, or maybe hardware problem. I'm sure this is to do with windows, I'm running Windows XP SP2.

Also my XP windows theme keeps getting changed to classic theme.

Any help would be greatly appreciated.

PLEASE SOMEONE ###### HELP ME!!!

MY CURRENT THEME KEEPS ON CHANGING TO THE CLASSIC THEME.

THANKS IN ADVANCE

farbar

PLEASE SOMEONE ###### HELP ME!!!

MY CURRENT THEME KEEPS ON CHANGING TO THE CLASSIC THEME.

THANKS IN ADVANCE

I am going to assist you. But I want you to follow the steps I am suggesting, it means not to fix anything by yourself or on the suggestion of others. We may not finish the cleaning today. Reply if you agree to that.

alexcrist

PLEASE SOMEONE ###### HELP ME!!!

MY CURRENT THEME KEEPS ON CHANGING TO THE CLASSIC THEME.

THANKS IN ADVANCE

Well, well, well... the great user that thinks he's the most important person on the planet, and everyone else are just "dumb" users asks for help on BitDefender forum.

Taking into consideration your behavior in other topics, related to Boris_N.Vasilev and hasbullah, I'd like to ask you: why would me (or anyone else) help you?

Of course, I cannot stop anyone from helping you. Everyone has a choice here. But until I will read your "Help!" message, I'm waiting for apologies in the name of the aforementioned users.

Cris.

farbar

Well, well, well... the great user that thinks he's the most important person on the planet, and everyone else are just "dumb" users asks for help on BitDefender forum.

Taking into consideration your behavior in other topics, related to Boris_N.Vasilev and hasbullah, I'd like to ask you: why would me (or anyone else) help you?

Of course, I cannot stop anyone from helping you. Everyone has a choice here. But until I will read your "Help!" message, I'm waiting for apologies in the name of the aforementioned users.

Cris.

I was not aware of the mentioned history and I am not still aware of that, and I don't want to know that because what Cris mentions is enough for me to stop helping. I have better things to do.

adt

Happened again:

EventType : BEX P1 : svchost.exe P2 : 5.1.2600.2180 P3 : 41107ed6

P4 : netapi32.dll P5 : 5.1.2600.2180 P6 : 411096ac P7 : 0000a3c0

P8 : c0000409 P9 : 00000000

That's the error signature. There was no massive CPU changes, though a file which started with "w" and ended with ".exe" got closed and the error reporting thing started hogging CPU usage.

Then it popped up saying "Generic Host Process for Win32 Services has encounted a problem and needs to close.

This was after I ran notepad. Also, the taskbar changed to classic then back to normal. Hopefully this'll provide a bit more information.

I have taken off this firewall program I was using. And I'm back to the original windows one, so it seems to work for now, the first stated problem will probably still occur though.

alexcrist

The Generic Host Process error is a known vulnerability of MS Windows XP. Microsoft released two patches to fix this problem:

WindowsXP-KB921883-x86-ENU.exe

WindowsXP-KB894391-x86-ENU.exe

Download and install them.

Cris.

P.S.: I hope you won't repeat your previous actions.

farbar

Now that the apologies are made and accepted let me give you the good news that your log is clean and I don't see any infection on it.

It may not help the error thing but in general you could do a few thing.

I recoment you uninstall Freerecorder toolbar, it has changed your IE SearchHook, and it is known to have adware/trackware funcionality.

You can fix the following starup entries with hijackthis. These programs need not to run at startup, they make the boot time longer and their processes are running all the time without doing anything.

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programs\Adobe\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

If after uninstalling Freerecorder toolbar this item remains, you should fix it also:

R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program

Files\Freecorder\tbFre0.dll

adt

Updates didn't work cause i have a static ip address

alexcrist

So what if you have a static IP?

I also had this issue about a year ago, I also have a static IP, and those updates fixed the problem. Also the problem was fixed for many other users all over the world...

Cris.