Tech Support banner

Status
Not open for further replies.
1 - 12 of 12 Posts

·
Registered
Joined
·
7 Posts
Discussion Starter #1
Hello,

After installing SP2 I rebooted my cpu only to find the following message everytime I reboot:

AppName: explorer.exe
Appver: 6.0.2800.1221
ModName: Kernel32.dll
ModVer: 5.1.2600.2180
Offset: 0000ac9b

Now I have gone to the microsoft website for sloutions but there is nothing to be found. I have a completely reformatted cpu with only spybot, and microsoft anti-spyware (beta) no virtual drives or anything. If anyone has had this problem or knows how to resolve this issue I would be very grateful.

Thanks for any info that any can pass on.

Melliketang
 
P

·
Guest
Joined
·
0 Posts
Greetings and Welcome to TSF,

How did you upgrade to sp2 ? Was it via windows upgrade ( repair option in windows setup with a copy of windows xp with sp2 ) , windows update or from a cd which had sp2 on it or a fresh install of windows with sp2 ?

If yu had the system running for a while there is a good chance of having an infection. If you do an upgrade on an infected OS you might experience problems like you are right now. Having Antivirus, Antispyware or firewall softwares can not protect you %100. And during clean up we use many tools and some of them are spesific to the infection type. If you think you are experiencing an infection ( which i think so ) Please click on greyknights link below and follow the steps. After all if there is an indication of a windows system corruption we would give you further instructions.

Have a great day
Regards.
 

·
Registered
Joined
·
7 Posts
Discussion Starter #3
PurpleSky,

Thanks for the reply I will try your suggestion. By the way, I upgraded through automatic updates. i had trouble with the CD and the downloaded file as they wouldn't extract properly due to "corrupt files", I tried re-downloading them like 10 times with no success, and I finally got lucky throughauto updates after trying that 5-8 times. Like I said I will give it a shot and hopt it works. Thanks, I'll let you know.

Meliketangs
 
P

·
Guest
Joined
·
0 Posts
It is never a good idea to upgrade to sp2 without making sure the OS is %100 malware free. Do you have a system restore point created before the upgrade ?
 

·
Registered
Joined
·
7 Posts
Discussion Starter #5
PurpleSky,

I did everything that was metioned on the site, here was the last step. No Malware, except for an alexa miner. Other than that everything came up without any problems. I am still having the same problem. I do have a restore point. I have yet to try it. But that point was also before SP2.

If you know of anything else I can do I would appreciate it. Thanks.

Meliketang

====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" +c

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 3:37:19 PM, on 10/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\HJT (Hijack This)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe
O4 - HKLM\..\RunOnce: [ICDRegOCX0] rundll32.exe advpack.dll,RegisterOCX C:\WINDOWS\System32\LegitCheckControl.DLL
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126299840730
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)


End of KRC HijackThis Analyzer Log.
====================================================================
 

·
Registered
Joined
·
7 Posts
Discussion Starter #7
This was the full log file.

I still can't get it to work. I even tried chkdsk /r. Nothing, same error message.

If anyone has anything that can help I would love to hear it. I am getting desperate and don't feel like re-formatting the whole thing again.
--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:37:19 PM, on 10/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\devldr32.exe
C:\HJT (Hijack This)\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack\RAM_XP.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Ad-Aware] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe" +c
O4 - HKLM\..\RunOnce: [ICDRegOCX0] rundll32.exe advpack.dll,RegisterOCX C:\WINDOWS\System32\LegitCheckControl.DLL
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126299840730
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
 

·
Registered
Joined
·
7 Posts
Discussion Starter #10
Sorry, PurpleSky, it's just that I am not really that great with computers. So, if these questions appear to be really stupid or basic, then I apologize.

Meliketangs
 
1 - 12 of 12 Posts
Status
Not open for further replies.
Top