Virus/Malware What's wrong with this error?, Generic Host Process for Win 32
Virus/Malware What's wrong with this error?, Generic Host Process for Win 32
|
Oct 31 2008, 11:03 PM, updated 16y ago
Show posts by this member only | Post
#1
|
Senior Member
830 posts Joined: May 2007 From: Melaka, MALAYSIA |
When I got this error, I cannot reconnect internet again... why? This post has been edited by ApoKalypse: Nov 3 2008, 08:10 PM |
|
|
|
Oct 31 2008, 11:10 PM
Show posts by this member only | Post
#2
|
Senior Member
1,723 posts Joined: Jun 2007 |
post your HJT log here so that the sifus can help
|
|
Oct 31 2008, 11:16 PM
Show posts by this member only | Post
#3
|
Senior Member
830 posts Joined: May 2007 From: Melaka, MALAYSIA |
here is my HJT log...
Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:16:14 PM - AmZ, on 10/31/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\lxczcoms.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\explorer.exe C:\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKUS\S-1-5-19\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: Download All Links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{59B5E40F-5DEF-436A-8531-46B2EE7D5F36}: NameServer = 202.188.0.133 202.188.1.5 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 5740 bytes |
|
Nov 1 2008, 12:10 AM
Show posts by this member only | Post
#4
|
Senior Member
1,177 posts Joined: Jun 2005 |
Are you still using WinXP Service Pack 1 or 2?
Solution in post #76 by sUBs : http://forum.lowyat.net/topic/326260/+60 Otherwise update to Service Pack 3. |
|
Nov 1 2008, 09:20 AM
Show posts by this member only | Post
#5
|
Senior Member
830 posts Joined: May 2007 From: Melaka, MALAYSIA |
QUOTE(Hattori @ Nov 1 2008, 12:10 AM) Are you still using WinXP Service Pack 1 or 2? yeah Im still using Service Pack 2, why?Solution in post #76 by sUBs : http://forum.lowyat.net/topic/326260/+60 Otherwise update to Service Pack 3. |
|
Nov 1 2008, 05:06 PM
Show posts by this member only | Post
#6
|
Senior Member
1,177 posts Joined: Jun 2005 |
Your PC is being attacked from the Internet causing the netapi32.dll to overload and crash.
To solved the problem install the updated netapi32.dll : http://www.microsoft.com/downloads/details...1a-46b3eac7a305 |
|
Nov 2 2008, 08:51 AM
Show posts by this member only | Post
#7
|
Senior Member
830 posts Joined: May 2007 From: Melaka, MALAYSIA |
QUOTE(Hattori @ Nov 1 2008, 05:06 PM) Your PC is being attacked from the Internet causing the netapi32.dll to overload and crash. what is netapi32.dll ? can u explain? is that a virus?To solved the problem install the updated netapi32.dll : http://www.microsoft.com/downloads/details...1a-46b3eac7a305 |
|
Nov 2 2008, 09:44 PM
Show posts by this member only | Post
#8
|
Senior Member
1,177 posts Joined: Jun 2005 |
If that file is virus, why did I ask you to update it?
|
|
|
|
Nov 3 2008, 04:28 PM
Show posts by this member only | Post
#9
|
Senior Member
830 posts Joined: May 2007 From: Melaka, MALAYSIA |
i have install all file from the top posted but i still have the problem. how to fix it?
|
|
Nov 3 2008, 06:07 PM
|
Junior Member
373 posts Joined: Jan 2006 |
there's actually a pinned thread about this error here.
http://forum.lowyat.net/topic/326260/+200 why won't u update to Service Pack 3? save u a lot of hassle u know.. |
|
Nov 3 2008, 07:48 PM
|
Senior Member
830 posts Joined: May 2007 From: Melaka, MALAYSIA |
update service pack 3? hurm that mean i must format my pc rite?
when i try to open the software (wwdc) i got this notice, This post has been edited by ApoKalypse: Nov 4 2008, 09:39 AM |
|
Nov 4 2008, 09:44 AM
|
Senior Member
830 posts Joined: May 2007 From: Melaka, MALAYSIA |
anybody can help me?
|
|
Nov 4 2008, 10:28 AM
|
Junior Member
373 posts Joined: Jan 2006 |
if u are using original XP, just update to Service Pack 3. it won't format the PC but save your data elsewhere just in case.
|
|
Nov 4 2008, 10:29 AM
|
Elite
181 posts Joined: May 2006 From: Shah Alam |
Svchost.exe is a generic wrapper program for windows system services. You will see several of them running at any time on your machine, each can have more than one service under them. To get details on what services run under each process, you can run "tasklist /svc". When you get the crash notification, you should check the event log for Service Control Manager events for services that have stopped unexpectedly. Once you know what services are impacted, you can try to narrow down what might be the problem. Also, while the popup is up, you can grab the memory dumps out of the temp folders for debugging if you know what you are doing. That way you can look a the stack trace to find a better idea of what causes the error in the application.
|
|
|
|
Nov 4 2008, 10:44 AM
|
Junior Member
373 posts Joined: Jan 2006 |
QUOTE(nlinley @ Nov 4 2008, 10:29 AM) Svchost.exe is a generic wrapper program for windows system services. You will see several of them running at any time on your machine, each can have more than one service under them. To get details on what services run under each process, you can run "tasklist /svc". When you get the crash notification, you should check the event log for Service Control Manager events for services that have stopped unexpectedly. Once you know what services are impacted, you can try to narrow down what might be the problem. Also, while the popup is up, you can grab the memory dumps out of the temp folders for debugging if you know what you are doing. That way you can look a the stack trace to find a better idea of what causes the error in the application. IMO this is too technical. the problem usually can be resolved by : 1. running a good antivirus and removing the worm 2. updating windows (provided using original OS ) i don't know why he can't open the wwdc though. i still can open it just fine.. |
|
Nov 4 2008, 11:21 AM
|
Senior Member
2,152 posts Joined: Feb 2006 |
Good day,
Lets do the below. Look at your Event Viewer in Administrator Tool under Control Panel In your CP, switch it to classic view then you will see Administrator Tool Launched the Administrator Tool and you shall see it. In Event Viewer look at both System Log and Application Log. You can save a copy of your log and upload it here. Use the Action toolbar and choose Save Log As Then, save the log as .txt file and upload it here. Next, Look at Dr. Watson Debugger log. Please search for the log file at the below location (if present) C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp In your next reply, please post:
This post has been edited by francischuahcw: Nov 4 2008, 11:22 AM |
|
Nov 4 2008, 11:31 AM
|
Elite
181 posts Joined: May 2006 From: Shah Alam |
To help prevent problems, for home users of XP, I would suggest also reducing the attack surface of your machine by disabling unnecessary and unsecure services. Here is a list below of what can be disabled.
Alerter ClipBook Computer Browser Distributed Link Tracking Client Distrubuted Transaction Coordinator DNS Client Fast User Switching Compatibility Help and Support Indexing Service IPSEC services Logical Disk Manager Messener Net Logon Network DDE NT LM Security Support Provider Remote Registry Removable Storage Routing and Remote access Secondary Login Server Shell Hardware Detection SSDP Discovery Service Task scheduler Telnet Terminal Services Universal Plug and play device host (if not needed by hardware) Volume Shadow Copy WebClient I have run an XP system connected to the internet with no firewalls, having all of these turned off, a few defense dept type of security registry hacks, plus having standard antivirus with definitions typically 1 month old, and never had a problem. |
|
Nov 4 2008, 11:49 AM
|
Senior Member
1,177 posts Joined: Jun 2005 |
Alright everyone, I have some update on this problem :
This problem is similiar to the problem & solution posted by sUBs 2 years ago in post #76 of this topic : http://forum.lowyat.net/topic/326260 The Microsoft article : http://www.microsoft.com/technet/security/...n/MS06-040.mspx All freshly installed WinXP with SP2 will still face this problem unless you install the updated patch. Your PC that are connected directly to the modem & using Window's PPPOE dailer, or PCs that are behind a router but was set as the DMZ PC would be hit by this problem. As of 23 October 2008, Microsoft has released a new update to solve this new attack that affect even fresh installed WinXP with Service Pack 3 and Vista with Service Pack 1. http://www.microsoft.com/technet/security/...n/MS08-067.mspx Install this update for 32-bit WinXP SP2/SP3 users : http://www.microsoft.com/downloads/details...76-2067B73D6A03 Install this update for 32-bit Vista users : http://www.microsoft.com/downloads/details...5C-CAC7D8713B21 For other Windows version please, select the appropriate version from http://www.microsoft.com/technet/security/...n/MS08-067.mspx If you are interested in the technical details of this problem: http://blogs.technet.com/swi/archive/2008/...t-MS08-067.aspx This post has been edited by Hattori: Nov 4 2008, 12:16 PM |
|
Nov 4 2008, 12:44 PM
|
Senior Member
830 posts Joined: May 2007 From: Melaka, MALAYSIA |
QUOTE(francischuahcw @ Nov 4 2008, 11:21 AM) Good day, here is Apps log and system log.. http://www.mediafire.com/?jnnf5uqjeaoLets do the below. Look at your Event Viewer in Administrator Tool under Control Panel In your CP, switch it to classic view then you will see Administrator Tool Launched the Administrator Tool and you shall see it. In Event Viewer look at both System Log and Application Log. You can save a copy of your log and upload it here. Use the Action toolbar and choose Save Log As Then, save the log as .txt file and upload it here. Next, Look at Dr. Watson Debugger log. Please search for the log file at the below location (if present) C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp In your next reply, please post:
dr watson log is around 83MB, so big to upload with my poor internet connection QUOTE(Hattori @ Nov 4 2008, 11:49 AM) Alright everyone, I have some update on this problem : okay i'll try n post the result here...This problem is similiar to the problem & solution posted by sUBs 2 years ago in post #76 of this topic : http://forum.lowyat.net/topic/326260 The Microsoft article : http://www.microsoft.com/technet/security/...n/MS06-040.mspx All freshly installed WinXP with SP2 will still face this problem unless you install the updated patch. Your PC that are connected directly to the modem & using Window's PPPOE dailer, or PCs that are behind a router but was set as the DMZ PC would be hit by this problem. As of 23 October 2008, Microsoft has released a new update to solve this new attack that affect even fresh installed WinXP with Service Pack 3 and Vista with Service Pack 1. http://www.microsoft.com/technet/security/...n/MS08-067.mspx Install this update for 32-bit WinXP SP2/SP3 users : http://www.microsoft.com/downloads/details...76-2067B73D6A03 Install this update for 32-bit Vista users : http://www.microsoft.com/downloads/details...5C-CAC7D8713B21 For other Windows version please, select the appropriate version from http://www.microsoft.com/technet/security/...n/MS08-067.mspx If you are interested in the technical details of this problem: http://blogs.technet.com/swi/archive/2008/...t-MS08-067.aspx |
|
Nov 4 2008, 08:03 PM
|
Elite
181 posts Joined: May 2006 From: Shah Alam |
11/4/2008 12:35:20 PM - AmZ RemoteAccess Information None 20158 N/A THE-12A36E1A436 The user diny59@streamyx successfully established a connection to Streamyx using the device PPPoE4-0.
11/4/2008 12:34:26 PM - AmZ Service Control Manager Information None 7036 N/A THE-12A36E1A436 The IMAPI CD-Burning COM Service service entered the stopped state. 11/4/2008 12:34:20 PM - AmZ Service Control Manager Information None 7036 N/A THE-12A36E1A436 The IMAPI CD-Burning COM Service service entered the running state. 11/4/2008 12:34:20 PM - AmZ Service Control Manager Information None 7035 NT AUTHORITY\SYSTEM THE-12A36E1A436 The IMAPI CD-Burning COM Service service was successfully sent a start control. 11/4/2008 12:34:09 PM - AmZ Service Control Manager Error None 7034 N/A THE-12A36E1A436 The Ulead Burning Helper service terminated unexpectedly. It has done this 1 time(s). 11/4/2008 12:34:09 PM - AmZ Service Control Manager Error None 7034 N/A THE-12A36E1A436 The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s). 11/4/2008 12:34:09 PM - AmZ Service Control Manager Error None 7034 N/A THE-12A36E1A436 The lxcz_device service terminated unexpectedly. It has done this 1 time(s). 11/4/2008 12:34:09 PM - AmZ Service Control Manager Error None 7034 N/A THE-12A36E1A436 The PDEngine service terminated unexpectedly. It has done this 1 time(s). 11/4/2008 12:34:09 PM - AmZ Service Control Manager Error None 7034 N/A THE-12A36E1A436 The PDAgent service terminated unexpectedly. It has done this 1 time(s). 11/4/2008 12:34:09 PM - AmZ Service Control Manager Error None 7034 N/A THE-12A36E1A436 The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s). 11/4/2008 12:34:09 PM - AmZ Service Control Manager Error None 7034 N/A THE-12A36E1A436 The Capture Device Service service terminated unexpectedly. It has done this 1 time(s).\ From this system log it looks like any one of the above services might have a problem. Since most are not Microsoft related, I doubt system hotfixes are going to help you. You might need to look at software updates for the apps, or hope for better information in the Dr Watson log if the errors there are related. From my experience though if you get the popup error you had posted in your initial message, whatever is in Dr Watson is probably not related at all to this problem. You can open Dr Watson up (drwtsn32) and it shows the various events that have been captured and the source. If the source was not the same svchost.exe you are wasting your time looking at that. The events in Dr Watson might be old and not related, as by default it only captures 10 application crashes then stops capturing. I would think there would be an event in the system log for Dr Watson as well if it was involved. I would ensure all the software you use is compatible with Xp and your hardware and there are no known issues. Added on November 4, 2008, 8:06 pmAlso from apps log i'm thinking it is capture service related to HPQCXS08. Do you have an HP scanner or printer installed or connected to this machine? This post has been edited by nlinley: Nov 4 2008, 08:06 PM |
Change to: | 0.0195sec
0.40
5 queries
GZIP Disabled
Time is now: 29th March 2024 - 05:12 PM |