Windows BBS The Place for Microsoft Windows Support! Windows, Support, Help Site

Go Back   Windows BBS > Security > Malware and Virus Removal
Reload this Page

Generic Host Process for Win32 Services

Register FAQDonate Mark Forums Read

Malware and Virus Removal Problems removing malware/viruses? Get help from our Malware removal experts.

Register your FREE account to unlock additional features at WindowsBBS.com
Register
Welcome to WindowsBBS.com
Microsoft Windows Support

Mission Statement

WindowsBBS is an online community dedicated to easily accessible technical support for those using Microsoft operating systems and other Windows software.

Our goal is to become the leading resource for computer users that require assistance with their day-to-day computer usage, including full support for networking PC's, virus & malware removal, system upgrades and general support questions.

Discussion Forums
Operating Systems
Windows 7 Windows 7
Windows Vista Windows Vista
Windows XP Windows XP
Windows Server System Windows Server System
Windows 2000 Windows 2000
Windows 95/98/Me/NT Windows 95/98/Me/NT
Internet & Networking
Networking
Internet Explorer
Microsoft Mail
Firefox, Thunderbird
      & SeaMonkey
General Internet
Security
General Security
Malware and Virus
     Removal
Other
Other Software
Hardware
Test Posts
Community
Introductions
General Discussions
Comments
      & Suggestions
News @ WindowsBBS

Forum Sponsor
Image

Reply
 
LinkBack Thread Tools
Old 27th June 2007   #1
Inactive
 
Profile:
Join Date: Jun 2007
Posts: 2
Computer Experience:
intermediate
mijellin Reputation Level
Generic Host Process for Win32 Services
WinXP Home SP2

Recently, I've started receiving this error each and everytime I've tried to connect by ethernet. The following is what invariably happens:

1. Connect to internet succesfully (ASDL)
*5-10minutes later*
2. The following error comes up:

Generic Host Process for Win32 Services has encountered a problem and needs to close. We are sorry for the inconvenience.

I also have a screenshot of the "Error signature" if that would be of help.

If I click the Don't Send Error Report button (closing the dialog box), my internet immediately stops working. If I just ignore it and move it to the side of the screen, the internet continues to work for another 3-5 minutes, before simply crashing.

When I restart the computer, everything returns to normal, the internet works and everything, until of course 5-10 minutes later...

I've tried some spyware sweeping, and have done the following:

1. run AVG antispyware
Here I must note that I was unable to save the logfile from the AVG scan, because the box was greyed out. I did jot down what it detected, besides a whole slew of cookietrackers:

worm.brontok.a
adware.sahat
adware.safesurfing
adware.begin2search

2. run superantispyware

Here's the log for that:

SUPERAntiSpyware Scan Log
Generated 06/26/2007 at 05:23 PM

Application Version : 3.6.1000

Core Rules Database Version : 3261
Trace Rules Database Version: 1272

Scan type : Complete Scan
Total Scan Time : 01:54:27

Memory items scanned : 477
Memory threats detected : 0
Registry items scanned : 4956
Registry threats detected : 45
File items scanned : 59114
File threats detected : 2

Adware.CasinoClient
HKLM\Software\Classes\CLSID\{8293D547-38DD-4325-B35A-F1817EDFA5FC}
HKCR\CLSID\{8293D547-38DD-4325-B35A-F1817EDFA5FC}
HKCR\CLSID\{8293D547-38DD-4325-B35A-F1817EDFA5FC}
HKCR\CLSID\{8293D547-38DD-4325-B35A-F1817EDFA5FC}#AppID
HKCR\CLSID\{8293D547-38DD-4325-B35A-F1817EDFA5FC}\InprocServer32
HKCR\CLSID\{8293D547-38DD-4325-B35A-F1817EDFA5FC}\InprocServer32#ThreadingModel
HKCR\CLSID\{8293D547-38DD-4325-B35A-F1817EDFA5FC}\ProgID
HKCR\CLSID\{8293D547-38DD-4325-B35A-F1817EDFA5FC}\TypeLib
HKCR\CLSID\{8293D547-38DD-4325-B35A-F1817EDFA5FC}\VersionIndependentProgID
C:\PROGRAM FILES\CMAPP\CLIENT\CMAPPMF.DLL
HKCR\PROTOCOLS\Filter\text/html
HKCR\PROTOCOLS\Filter\text/html#CLSID

Unclassified.Unknown Origin
HKLM\Software\Classes\CLSID\{8DE0FCD4-5EB5-11D3-AD25-00002100131B}
HKCR\CLSID\{8DE0FCD4-5EB5-11D3-AD25-00002100131B}
HKCR\CLSID\{8DE0FCD4-5EB5-11D3-AD25-00002100131B}
HKCR\CLSID\{8DE0FCD4-5EB5-11D3-AD25-00002100131B}\InprocServer32
HKCR\CLSID\{8DE0FCD4-5EB5-11D3-AD25-00002100131B}\InprocServer32#ThreadingModel
HKCR\CLSID\{8DE0FCD4-5EB5-11D3-AD25-00002100131B}\ProgID
HKCR\CLSID\{8DE0FCD4-5EB5-11D3-AD25-00002100131B}\Programmable
HKCR\CLSID\{8DE0FCD4-5EB5-11D3-AD25-00002100131B}\TypeLib
HKCR\CLSID\{8DE0FCD4-5EB5-11D3-AD25-00002100131B}\VersionIndependentProgID
C:\PROGRA~1\KINGSOFT\XDICT\IEPLUGIN.DLL
HKLM\Software\Microsoft\Internet Explorer\Extensions\{8DE0FCD4-5EB5-11D3-AD25-00002100131B}

Trojan.Windows Overlay Components/SysMon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OvMon#UninstallStr ing

Browser Hijacker.Begin2Search
HKCR\btnetw.amo
HKCR\btnetw.amo\CLSID
HKCR\btnetw.amo\CurVer
HKCR\btnetw.amo.1
HKCR\btnetw.amo.1\CLSID
HKCR\btnetw.iiittt
HKCR\btnetw.iiittt\CLSID
HKCR\btnetw.iiittt\CurVer
HKCR\btnetw.iiittt.1
HKCR\btnetw.iiittt.1\CLSID
HKCR\btnetw.momo
HKCR\btnetw.momo\CLSID
HKCR\btnetw.momo\CurVer
HKCR\btnetw.momo.1
HKCR\btnetw.momo.1\CLSID
HKCR\btnetw.ohb
HKCR\btnetw.ohb\CLSID
HKCR\btnetw.ohb\CurVer
HKCR\btnetw.ohb.1
HKCR\btnetw.ohb.1\CLSID
HKU\S-1-5-21-3928480940-1740298728-810250355-1006\Software\In3rd

3. run Avira Premium Security Suite

Virus or unwanted program 'ADSPY/Sahat.F.2 [ADSPY/Sahat.F.2]'
detected in file 'C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP600\A0128683.dll.
Action performed: Delete file

Virus or unwanted program 'ADSPY/Sahat.F.1 [ADSPY/Sahat.F.1]'
detected in file 'C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP600\A0128682.exe.
Action performed: Delete file

Virus or unwanted program 'ADSPY/BargainBu.n.3 [ADSPY/BargainBu.n.3]'
detected in file 'C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP600\A0128681.exe.
Action performed: Delete file

Virus or unwanted program 'ADSPY/MyWay.V.3 [ADSPY/MyWay.V.3]'
detected in file 'C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP598\A0127461.dll.
Action performed: Move file to quarantine

Found a virus or unwanted program 'TR/Crypt.XPACK.Gen' [trojan]
in file 'C:\Documents and Settings\GYe\Local Settings\Temp\e-flde40.zip'.
Action taken:
The file was deleted!

Virus or unwanted program 'TR/Crypt.XPACK.Gen [TR/Crypt.XPACK.Gen]'
detected in file 'C:\Documents and Settings\All Users\Application Data\Avira Premium Security Suite\TEMP\AVSCAN-20070625-211921-5065A39C\AVSCAN-00009969.
Action performed: Delete file

Virus or unwanted program 'ADSPY/ConsumerAlertSystem [ADSPY/ConsumerAlertSystem]'
detected in file 'C:\Program Files\CMAPP\Client\Uninstall.exe.
Action performed: Delete file

Virus or unwanted program 'ADSPY/MAFIClient.3 [ADSPY/MAFIClient.3]'
detected in file 'C:\Program Files\CMAPP\Client\cmappmf.dll.
Action performed: Delete file

Finally, I ran HJK:

HJK Log:
Logfile of HijackThis v1.99.1
Scan saved at 5:35:58 PM, on 6/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira Premium Security Suite\avguard.exe
C:\Program Files\Avira Premium Security Suite\avfwsvc.exe
C:\Program Files\Avira Premium Security Suite\sched.exe
C:\Program Files\Avira Premium Security Suite\avesvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira Premium Security Suite\avmailc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira Premium Security Suite\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\mobile PhoneTools\WatchDog.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {02DCA195-602B-4B1F-83FF-381B7E804BDB} - C:\WINDOWS\system32\HDBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\mobile PhoneTools\WatchDog.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QBReminderFlash] "C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: PowerWord - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\PROGRA~1\Kingsoft\XDict\IEPlugin.dll (file missing)
O10 - Broken Internet access because of LSP provider 'avsda.dll' missing
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {92D0D610-A6FA-48D8-94CB-BD47FDF68655} (Launcher Class) - http://app.ipop.co.kr/ipop/ipopx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BB711E22-C07B-4CB4-9582-4301BD0767F5}: NameServer = 202.106.0.20 202.106.46.151
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O23 - Service: Avira Premium Security Suite Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avfwsvc.exe
O23 - Service: Avira Premium Security Suite MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avmailc.exe
O23 - Service: Avira Premium Security Suite Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\sched.exe
O23 - Service: Avira Premium Security Suite Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avguard.exe
O23 - Service: Avira Premium Security Suite MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira Premium Security Suite\avesvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

I'd appreciate any help I could get with this, thanks!
mijellin is offline   Reply With Quote
Didn't find the information you thought to find?
Check out these Similar Threads
Old 29th June 2007   #2
Inactive
 
Profile:
Join Date: Jun 2007
Posts: 2
Computer Experience:
intermediate
mijellin Reputation Level
bump
mijellin is offline   Reply With Quote
Reply

« Help Trojans,virus and im sure more | Pops and rung extremly slow »
Thread Tools


Similar Threads
Thread Thread Starter Forum Replies Last Post
Generic Host Process for Win32 Services has encountered an error Alangi Windows XP 5 12th September 2006 10:21
Generic host process for win32 services has encountered a problem and needs to close. Alex W Malware and Virus Removal 57 11th September 2006 02:57
hijacked homepage ugostar Malware and Virus Removal 63 7th November 2004 16:46
About:blank strikes again... JHD536 Malware and Virus Removal 17 29th September 2004 23:46
Generic Host Services Wazz Windows XP 2 8th April 2002 23:50


All times are GMT +1. The time now is 21:52.




Advertise - Contact Us - Windows BBS - Archive - Privacy Statement - Top

Advertisements do not imply our endorsement of the product or service advertised.
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.3.2
Copyright © 2002 - 2009 WindowsBBS.com. All rights reserved.
Terms of Use, Legal Information & Privacy Policy
[]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32