Welcome Guest ( Log In | Register )

Outline · [ Standard ] · Linear+

Virus/Malware What's wrong with this error?, Generic Host Process for Win 32

views
     
TSApoKalypse
post Oct 31 2008, 11:03 PM, updated 16y ago

Enthusiast
*****
Senior Member
830 posts

Joined: May 2007
From: Melaka, MALAYSIA



user posted image

When I got this error, I cannot reconnect internet again... why? sad.gif

This post has been edited by ApoKalypse: Nov 3 2008, 08:10 PM
Frostlord
post Oct 31 2008, 11:10 PM

Regular
******
Senior Member
1,723 posts

Joined: Jun 2007


post your HJT log here so that the sifus can help
TSApoKalypse
post Oct 31 2008, 11:16 PM

Enthusiast
*****
Senior Member
830 posts

Joined: May 2007
From: Melaka, MALAYSIA



here is my HJT log...

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:16:14 PM - AmZ, on 10/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lxczcoms.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{59B5E40F-5DEF-436A-8531-46B2EE7D5F36}: NameServer = 202.188.0.133 202.188.1.5
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5740 bytes
Hattori
post Nov 1 2008, 12:10 AM

(ノಠ益ಠ)ノ彡┻━┻
******
Senior Member
1,177 posts

Joined: Jun 2005
Are you still using WinXP Service Pack 1 or 2?

Solution in post #76 by sUBs :

http://forum.lowyat.net/topic/326260/+60

Otherwise update to Service Pack 3.
TSApoKalypse
post Nov 1 2008, 09:20 AM

Enthusiast
*****
Senior Member
830 posts

Joined: May 2007
From: Melaka, MALAYSIA



QUOTE(Hattori @ Nov 1 2008, 12:10 AM)
Are you still using WinXP Service Pack 1 or 2?

Solution in post #76 by sUBs :

http://forum.lowyat.net/topic/326260/+60

Otherwise update to Service Pack 3.
*
yeah Im still using Service Pack 2, why?
Hattori
post Nov 1 2008, 05:06 PM

(ノಠ益ಠ)ノ彡┻━┻
******
Senior Member
1,177 posts

Joined: Jun 2005
Your PC is being attacked from the Internet causing the netapi32.dll to overload and crash.

To solved the problem install the updated netapi32.dll :

http://www.microsoft.com/downloads/details...1a-46b3eac7a305
TSApoKalypse
post Nov 2 2008, 08:51 AM

Enthusiast
*****
Senior Member
830 posts

Joined: May 2007
From: Melaka, MALAYSIA



QUOTE(Hattori @ Nov 1 2008, 05:06 PM)
Your PC is being attacked from the Internet causing the netapi32.dll to overload and crash.

To solved the problem install the updated netapi32.dll :

http://www.microsoft.com/downloads/details...1a-46b3eac7a305
*
what is netapi32.dll ? can u explain? is that a virus?
Hattori
post Nov 2 2008, 09:44 PM

(ノಠ益ಠ)ノ彡┻━┻
******
Senior Member
1,177 posts

Joined: Jun 2005
If that file is virus, why did I ask you to update it?
TSApoKalypse
post Nov 3 2008, 04:28 PM

Enthusiast
*****
Senior Member
830 posts

Joined: May 2007
From: Melaka, MALAYSIA



i have install all file from the top posted but i still have the problem. how to fix it? sad.gif
mukhlisz
post Nov 3 2008, 06:07 PM

Casual
***
Junior Member
373 posts

Joined: Jan 2006


there's actually a pinned thread about this error here. wink.gif

http://forum.lowyat.net/topic/326260/+200

why won't u update to Service Pack 3? save u a lot of hassle u know..
TSApoKalypse
post Nov 3 2008, 07:48 PM

Enthusiast
*****
Senior Member
830 posts

Joined: May 2007
From: Melaka, MALAYSIA



update service pack 3? hurm that mean i must format my pc rite?

when i try to open the software (wwdc) i got this notice,

user posted image

This post has been edited by ApoKalypse: Nov 4 2008, 09:39 AM
TSApoKalypse
post Nov 4 2008, 09:44 AM

Enthusiast
*****
Senior Member
830 posts

Joined: May 2007
From: Melaka, MALAYSIA



anybody can help me? sad.gif
mukhlisz
post Nov 4 2008, 10:28 AM

Casual
***
Junior Member
373 posts

Joined: Jan 2006


if u are using original XP, just update to Service Pack 3. it won't format the PC but save your data elsewhere just in case.
nlinley
post Nov 4 2008, 10:29 AM

Getting Started
Group Icon
Elite
181 posts

Joined: May 2006
From: Shah Alam


Svchost.exe is a generic wrapper program for windows system services. You will see several of them running at any time on your machine, each can have more than one service under them. To get details on what services run under each process, you can run "tasklist /svc". When you get the crash notification, you should check the event log for Service Control Manager events for services that have stopped unexpectedly. Once you know what services are impacted, you can try to narrow down what might be the problem. Also, while the popup is up, you can grab the memory dumps out of the temp folders for debugging if you know what you are doing. That way you can look a the stack trace to find a better idea of what causes the error in the application.
mukhlisz
post Nov 4 2008, 10:44 AM

Casual
***
Junior Member
373 posts

Joined: Jan 2006


QUOTE(nlinley @ Nov 4 2008, 10:29 AM)
Svchost.exe is a generic wrapper program for windows system services.  You will see several of them running at any time on your machine, each can have more than one service under them.  To get details on what services run under each process, you can run "tasklist /svc".  When you get the crash notification, you should check the event log for Service Control Manager events for services that have stopped unexpectedly.  Once you know what services are impacted, you can try to narrow down what might be the problem.  Also, while the popup is up, you can grab the memory dumps out of the temp folders for debugging if you know what you are doing.  That way you can look a the stack trace to find a better idea of what causes the error in the application.
*

IMO this is too technical. sweat.gif

the problem usually can be resolved by :

1. running a good antivirus and removing the worm
2. updating windows (provided using original OS tongue.gif )

i don't know why he can't open the wwdc though. i still can open it just fine.. sweat.gif
francischuahcw
post Nov 4 2008, 11:21 AM

Retired. Do Not Disturb
*******
Senior Member
2,152 posts

Joined: Feb 2006
Good day,
Lets do the below.

Look at your Event Viewer in Administrator Tool under Control Panel
In your CP, switch it to classic view then you will see Administrator Tool

Launched the Administrator Tool and you shall see it.
In Event Viewer look at both System Log and Application Log.
You can save a copy of your log and upload it here.
Use the Action toolbar and choose Save Log As
Then, save the log as .txt file and upload it here.

Next,

Look at Dr. Watson Debugger log.
Please search for the log file at the below location (if present)

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

In your next reply, please post:
  • Event Viewer log (System and Application)
  • Dr.Watson Debugger log
Thanks

This post has been edited by francischuahcw: Nov 4 2008, 11:22 AM
nlinley
post Nov 4 2008, 11:31 AM

Getting Started
Group Icon
Elite
181 posts

Joined: May 2006
From: Shah Alam


To help prevent problems, for home users of XP, I would suggest also reducing the attack surface of your machine by disabling unnecessary and unsecure services. Here is a list below of what can be disabled.

Alerter
ClipBook
Computer Browser
Distributed Link Tracking Client
Distrubuted Transaction Coordinator
DNS Client
Fast User Switching Compatibility
Help and Support
Indexing Service
IPSEC services
Logical Disk Manager
Messener
Net Logon
Network DDE
NT LM Security Support Provider
Remote Registry
Removable Storage
Routing and Remote access
Secondary Login
Server
Shell Hardware Detection
SSDP Discovery Service
Task scheduler
Telnet
Terminal Services
Universal Plug and play device host (if not needed by hardware)
Volume Shadow Copy
WebClient

I have run an XP system connected to the internet with no firewalls, having all of these turned off, a few defense dept type of security registry hacks, plus having standard antivirus with definitions typically 1 month old, and never had a problem.
Hattori
post Nov 4 2008, 11:49 AM

(ノಠ益ಠ)ノ彡┻━┻
******
Senior Member
1,177 posts

Joined: Jun 2005
Alright everyone, I have some update on this problem :

This problem is similiar to the problem & solution posted by sUBs 2 years ago in post #76 of this topic :

http://forum.lowyat.net/topic/326260

The Microsoft article :

http://www.microsoft.com/technet/security/...n/MS06-040.mspx

All freshly installed WinXP with SP2 will still face this problem unless you install the updated patch.

Your PC that are connected directly to the modem & using Window's PPPOE dailer, or PCs that are behind a router but was set as the DMZ PC would be hit by this problem.


As of 23 October 2008, Microsoft has released a new update to solve this new attack that affect even fresh installed WinXP with Service Pack 3 and Vista with Service Pack 1.

http://www.microsoft.com/technet/security/...n/MS08-067.mspx


Install this update for 32-bit WinXP SP2/SP3 users :

http://www.microsoft.com/downloads/details...76-2067B73D6A03

Install this update for 32-bit Vista users :

http://www.microsoft.com/downloads/details...5C-CAC7D8713B21


For other Windows version please, select the appropriate version from

http://www.microsoft.com/technet/security/...n/MS08-067.mspx




If you are interested in the technical details of this problem:

http://blogs.technet.com/swi/archive/2008/...t-MS08-067.aspx

This post has been edited by Hattori: Nov 4 2008, 12:16 PM
TSApoKalypse
post Nov 4 2008, 12:44 PM

Enthusiast
*****
Senior Member
830 posts

Joined: May 2007
From: Melaka, MALAYSIA



QUOTE(francischuahcw @ Nov 4 2008, 11:21 AM)
Good day,
Lets do the below.

Look at your Event Viewer in Administrator Tool under Control Panel
In your CP, switch it to classic view then you will see Administrator Tool

Launched the Administrator Tool and you shall see it.
In Event Viewer look at both System Log and Application Log.
You can save a copy of your log and upload it here.
Use the Action toolbar and choose Save Log As
Then, save the log as .txt file and upload it here.

Next,

Look at Dr. Watson Debugger log.
Please search for the log file at the below location (if present)

C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp

In your next reply, please post:

  • Event Viewer log (System and Application)
  • Dr.Watson Debugger log
Thanks
*
here is Apps log and system log.. http://www.mediafire.com/?jnnf5uqjeao

dr watson log is around 83MB, so big to upload with my poor internet connection sad.gif

QUOTE(Hattori @ Nov 4 2008, 11:49 AM)
Alright everyone, I have some update on this problem :

This problem is similiar to the problem & solution posted by sUBs 2 years ago in post #76 of this topic :

http://forum.lowyat.net/topic/326260

The Microsoft article :

http://www.microsoft.com/technet/security/...n/MS06-040.mspx

All freshly installed WinXP with SP2 will still face this problem unless you install the updated patch.

Your PC that are connected directly to the modem & using Window's PPPOE dailer, or PCs that are behind a router but was set as the DMZ PC would be hit by this problem.


As of 23 October 2008, Microsoft has released a new update to solve this new attack that affect even fresh installed WinXP with Service Pack 3 and Vista with Service Pack 1.

http://www.microsoft.com/technet/security/...n/MS08-067.mspx
Install this update for 32-bit WinXP SP2/SP3 users :

http://www.microsoft.com/downloads/details...76-2067B73D6A03

Install this update for 32-bit Vista users :

http://www.microsoft.com/downloads/details...5C-CAC7D8713B21
For other Windows version please, select the appropriate version from

http://www.microsoft.com/technet/security/...n/MS08-067.mspx
If you are interested in the technical details of this problem:

http://blogs.technet.com/swi/archive/2008/...t-MS08-067.aspx
*
okay i'll try n post the result here...
nlinley
post Nov 4 2008, 08:03 PM

Getting Started
Group Icon
Elite
181 posts

Joined: May 2006
From: Shah Alam


11/4/2008 12:35:20 PM - AmZ RemoteAccess Information None 20158 N/A THE-12A36E1A436 The user diny59@streamyx successfully established a connection to Streamyx using the device PPPoE4-0.
11/4/2008 12:34:26 PM - AmZ Service Control Manager Information None 7036 N/A THE-12A36E1A436 The IMAPI CD-Burning COM Service service entered the stopped state.
11/4/2008 12:34:20 PM - AmZ Service Control Manager Information None 7036 N/A THE-12A36E1A436 The IMAPI CD-Burning COM Service service entered the running state.
11/4/2008 12:34:20 PM - AmZ Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM THE-12A36E1A436 The IMAPI CD-Burning COM Service service was successfully sent a start control.
11/4/2008 12:34:09 PM - AmZ Service Control Manager Error None 7034 N/A THE-12A36E1A436 The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s).
11/4/2008 12:34:09 PM - AmZ Service Control Manager Error None 7034 N/A THE-12A36E1A436 The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
11/4/2008 12:34:09 PM - AmZ Service Control Manager Error None 7034 N/A THE-12A36E1A436 The lxcz_device service terminated unexpectedly. It has done this 1 time(s).
11/4/2008 12:34:09 PM - AmZ Service Control Manager Error None 7034 N/A THE-12A36E1A436 The PDEngine service terminated unexpectedly. It has done this 1 time(s).
11/4/2008 12:34:09 PM - AmZ Service Control Manager Error None 7034 N/A THE-12A36E1A436 The PDAgent service terminated unexpectedly. It has done this 1 time(s).
11/4/2008 12:34:09 PM - AmZ Service Control Manager Error None 7034 N/A THE-12A36E1A436 The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
11/4/2008 12:34:09 PM - AmZ Service Control Manager Error None 7034 N/A THE-12A36E1A436 The Capture Device Service service terminated unexpectedly. It has done this 1 time(s).\


From this system log it looks like any one of the above services might have a problem. Since most are not Microsoft related, I doubt system hotfixes are going to help you. You might need to look at software updates for the apps, or hope for better information in the Dr Watson log if the errors there are related. From my experience though if you get the popup error you had posted in your initial message, whatever is in Dr Watson is probably not related at all to this problem. You can open Dr Watson up (drwtsn32) and it shows the various events that have been captured and the source. If the source was not the same svchost.exe you are wasting your time looking at that. The events in Dr Watson might be old and not related, as by default it only captures 10 application crashes then stops capturing. I would think there would be an event in the system log for Dr Watson as well if it was involved. I would ensure all the software you use is compatible with Xp and your hardware and there are no known issues.


Added on November 4, 2008, 8:06 pmAlso from apps log i'm thinking it is capture service related to HPQCXS08. Do you have an HP scanner or printer installed or connected to this machine?

This post has been edited by nlinley: Nov 4 2008, 08:06 PM

2 Pages  1 2 >Top
 

Change to:
| Lo-Fi Version
0.0195sec    0.40    5 queries    GZIP Disabled
Time is now: 29th March 2024 - 05:12 PM