On 8/18/2015 11:56 AM, Jon TURNEY wrote:
> On 18/08/2015 15:59, Dennis Putnam wrote:
> > I found a suggestion to run 'strace -o log XWin'. The output does not
> > mean much to me but hopefully it will to someone on this list. It is
> > attached.
>
> Thanks.
>
> On 18/08/2015 15:59, Dennis Putnam wrote:
>> --- Process 1776 created
>> --- Process 1776 loaded C:\Windows\System32\ntdll.dll at
>> 00000000778B0000
>> --- Process 1776 loaded C:\Windows\System32\kernel32.dll at
>> 0000000077790000
>> --- Process 1776 loaded C:\Windows\System32\KernelBase.dll at
>> 000007FEFD690000
>> --- Process 1776 loaded C:\cygwin64\bin\cygwin1.dll at 0000000180040000
>> --- Process 1776 loaded C:\cygwin64\bin\cygiconv-2.dll at
>> 00000003F20C0000
>> --- Process 1776 loaded C:\cygwin64\bin\cygintl-8.dll at
>> 00000003F01E0000
>> --- Process 1776 loaded C:\cygwin64\bin\cygncursesw-10.dll at
>> 00000003ED880000
>> --- Process 1776 loaded C:\cygwin64\bin\cygreadline7.dll at
>> 00000003EC170000
>> --- Process 1776 loaded C:\Windows\System32\user32.dll at
>> 0000000077690000
>> --- Process 1776 loaded C:\Windows\System32\gdi32.dll at
>> 000007FEFDA50000
>> --- Process 1776 loaded C:\Windows\System32\lpk.dll at 000007FEFDEB0000
>> --- Process 1776 loaded C:\Windows\System32\usp10.dll at
>> 000007FEFE580000
>> --- Process 1776 loaded C:\Windows\System32\msvcrt.dll at
>> 000007FEFFB20000
>>      2       2 [main] sh (1776)
>> **********************************************
>>   1585    1587 [main] sh (1776) Program name: C:\cygwin64\bin\sh.exe
>> (windows pid 1776)
>>    252    1839 [main] sh (1776) OS version:   Windows NT-6.1
>>    265    2104 [main] sh (1776)
>> **********************************************
>>   1128    3232 [main] sh (1776) sigprocmask: 0 = sigprocmask (0, 0x0,
>> 0x1802FF128)
>>    413    3645 [main] sh 1776 child_copy: cygheap - hp 0x48C low
>> 0x18031F400, high 0x18032C4F8, res 1
>>    399    4044 [main] sh 1776 child_copy: done
>>    144    4188 [main] sh 1776 open_shared: name shared.5, n 5, shared
>> 0x180030000 (wanted 0x180030000), h 0x70, *m 6
>>    369    4557 [main] sh 1776 user_heap_info::init: heap base
>> 0x600000000, heap top 0x600000000, heap size 0x20000000 (536870912)
>>    851    5408 [main] sh 1776 open_shared: name (null), n 1, shared
>> 0x180020000 (wanted 0x180020000), h 0x58, *m 6
>>    275    5683 [main] sh 1776 user_info::create: opening user shared
>> for '' at 0x180020000
>>    265    5948 [main] sh 1776 user_info::create: user shared version
>> AB1FCCE8
>>    379    6327 [main] sh (1776) open_shared: name cygpid.1776, n
>> 1776, shared 0x180010000 (wanted 0x180010000), h 0x78, *m 6
>>    801    7128 [main] sh 1776 time: 1439909775 = time(0x0)
>>    230    7358 [main] sh 1776 pinfo::thisproc: myself dwProcessId 1776
>>    294    7652 [main] sh 1776 fhandler_base::fixup_after_exec: here
>> for '/var/log/xwin/XWin.0.log'
>>    318    7970 [main] sh 1776 fhandler_base::fork_fixup: handle 0x2AC
>> already opened
>>    918    8888 [main] sh 1776 fhandler_base::fork_fixup: handle 0x2B0
>> already opened
>> --- Process 1776 loaded C:\Windows\System32\ws2_32.dll at
>> 000007FEFE260000
>> --- Process 1776 loaded C:\Windows\System32\rpcrt4.dll at
>> 000007FEFDD80000
>> --- Process 1776 loaded C:\Windows\System32\nsi.dll at 000007FEFDA20000
>> 31569   40457 [main] sh 1776 wsock_init: res 0
>>    226   40683 [main] sh 1776 wsock_init: wVersion 514
>>     34   40717 [main] sh 1776 wsock_init: wHighVersion 514
>>     21   40738 [main] sh 1776 wsock_init: szDescription WinSock 2.0
>>     19   40757 [main] sh 1776 wsock_init: szSystemStatus Running
>>     19   40776 [main] sh 1776 wsock_init: iMaxSockets 0
>>     19   40795 [main] sh 1776 wsock_init: iMaxUdpDg 0
>> --- Process 1776 loaded C:\Windows\System32\LavasoftTcpService64.dll
>> at 00000000004A0000
>> --- Process 1776 loaded C:\Windows\System32\mswsock.dll at
>> 000007FEFCE40000
>> --- Process 1776 loaded C:\Windows\System32\IPHLPAPI.DLL at
>> 000007FEFC7B0000
>> --- Process 1776 loaded C:\Windows\System32\winnsi.dll at
>> 000007FEFC7A0000
>> --- Process 1776 loaded C:\Windows\System32\advapi32.dll at
>> 000007FEFF4C0000
>> --- Process 1776 loaded C:\Windows\System32\sechost.dll at
>> 000007FEFDA30000
>> --- Process 1776 loaded C:\Windows\System32\ole32.dll at
>> 000007FEFDEC0000
>> --- Process 1776 loaded C:\Windows\System32\oleaut32.dll at
>> 000007FEFDCA0000
>> --- Process 1776 loaded C:\Windows\System32\version.dll at
>> 000007FEFC790000
>> --- Process 1776, exception c0000005 at 00000000778FD8F1
>> --- Process 1776 exited with status 0xc000041d
>
> This is almost identical to [1]. See also [2].
>
> I'd suggest you try upgrading or uninstalling "Lavasoft Web Companion".
>
> [1] https://cygwin.com/ml/cygwin/2015-06/msg00195.html
> [2] https://cygwin.com/ml/cygwin/2015-07/msg00134.html
>
Interesting reply. Thanks. That software was installed as malware a
while back. I used Revo uninstaller to get rid of it so I am surprised
that it shows up anywhere.Apparently I am infected with this malware.
I'll have to figure out how to get rid of it. Thanks.