Solved Generic Host process for win32

[Resolved] Generic Host process for win32

Hi. I have a problem similar to this situation. After the message "Generic Host process for win32 has encountered a problem and needs to close. Sorry for any inconvenience." shows up, my desktop theme changes to windows 98 but then turns back to my default theme. My audio system stops functioning, it says audio device not properly installed. Some on my Services (Local) are disabled like Server, Windows Audio, Windows Firewall/Internet Connection Sharing (ICS) and etc. I am using Windows XP SP3.

noahdfear, is that what i have to do too?

 

Welcome to WindowsBBS deadlyg

First read this topic and post the recommended logs here. Then I suggest you check for driver updates to your system devices, such as network adapter, sound and video card, etc.

I would also like for you to verify that you have this MS patch installed.

 

Thanks for the warm welcome

Here's my DDS Log:

DDS (Ver_09-01-18.01) - NTFSx86
Run by Shun Jokah at 14:49:16.84 on Mon 01/19/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.979 [GMT -8:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\VDOTool\TBPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shun Jokah\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
uRun: [TBPanel] c:\program files\vdotool\TBPanel.exe /A
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe "
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe "
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe "
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shunjo~1\applic~1\mozilla\firefox\profiles\jurgzir3.default\
FF - prefs.js: browser.search.selectedEngine - Orbit Search (Powered By Google)
FF - component: c:\program files\mozilla firefox\components\FFComm.dll

============= SERVICES / DRIVERS ===============

R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 111112]
R3 slnt;RTL8139D PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [2009-1-19 18004]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]

=============== Created Last 30 ================

2009-01-19 14:22 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-01-19 11:04 81,984 a------- c:\windows\system32\bdod.bin
2009-01-19 01:24 168,448 a------- c:\windows\system32\unrar.dll
2009-01-19 01:24 839,680 a------- c:\windows\system32\lameACM.acm
2009-01-19 01:24 118,784 a------- c:\windows\system32\ac3acm.acm
2009-01-19 01:24 414 a------- c:\windows\system32\lame_acm.xml
2009-01-19 01:24 795,648 a------- c:\windows\system32\xvidcore.dll
2009-01-19 01:24 217,088 a------- c:\windows\system32\yv12vfw.dll
2009-01-19 01:24 130,048 a------- c:\windows\system32\xvidvfw.dll
2009-01-19 01:24 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2009-01-19 01:24 86,016 a------- c:\windows\system32\dpl100.dll
2009-01-19 01:24 684,032 a------- c:\windows\system32\divx.dll
2009-01-19 01:24 57,344 a------- c:\windows\system32\ff_vfw.dll
2009-01-19 01:24 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2009-01-19 01:24 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-01-19 01:07 64,897 a------- c:\windows\War3Unin.dat
2009-01-19 01:07 139,264 a------- c:\windows\War3Unin.exe
2009-01-19 01:07 2,829 a------- c:\windows\War3Unin.pif
2009-01-19 01:02 850 a------- c:\windows\system32\ProductTweaks.xml
2009-01-19 01:02 385 a------- c:\windows\system32\user_gensett.xml
2009-01-19 00:34 <DIR> --d----- c:\docume~1\shunjo~1\applic~1\BitDefender
2009-01-19 00:34 <DIR> --d----- c:\program files\BitDefender
2009-01-19 00:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-01-19 00:26 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-01-19 00:26 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-01-19 00:26 <DIR> --d----- c:\windows\system32\Lang
2009-01-19 00:22 <DIR> --d----- c:\program files\common files\BitDefender
2009-01-19 00:20 237,568 a------- c:\windows\system32\rmc_rtspdl.dll
2009-01-19 00:20 156,672 a------- c:\windows\system32\rmc_fixasf.exe
2009-01-19 00:19 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2009-01-19 00:19 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-19 00:19 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-19 00:19 <DIR> --d----- c:\program files\iPod
2009-01-19 00:19 <DIR> --d----- c:\program files\iTunes
2009-01-19 00:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-19 00:18 <DIR> --d----- c:\program files\Bonjour
2009-01-19 00:15 <DIR> --d----- c:\program files\Yahoo!
2009-01-19 00:11 <DIR> --d----- c:\program files\Garena
2009-01-19 00:08 <DIR> --d----- C:\Downloads
2009-01-19 00:08 <DIR> --d----- c:\program files\Orbitdownloader
2009-01-19 00:06 18,004 a----r-- c:\windows\system32\drivers\slnt.sys
2009-01-19 00:05 <DIR> --d----- c:\windows\OPTIONS
2009-01-19 00:04 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-01-19 00:04 337,320 a------- c:\windows\system32\difxapi.dll
2009-01-19 00:04 61,440 a------- c:\windows\system32\vuins32.dll
2009-01-19 00:04 43,008 a------- c:\windows\system32\drivers\fetnd5bv.sys
2009-01-19 00:04 <DIR> --d----- c:\windows\vnDrvBas
2009-01-19 00:01 <DIR> --d----- c:\program files\Realtek
2009-01-19 00:00 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-01-18 23:51 12,256 a------- c:\windows\system32\drivers\TBPanel.sys
2009-01-18 23:51 <DIR> --d----- c:\program files\VDOTool
2009-01-18 23:45 <DIR> --d----- c:\documents and settings\Shun Jokah
2009-01-18 23:44 <DIR> --ds---- c:\windows\system32\Microsoft
2009-01-18 23:44 8,192 a------- c:\windows\REGLOCS.OLD
2009-01-18 23:41 7,680 ac------ c:\windows\system32\dllcache\migregdb.exe
2009-01-18 23:40 66,082 ac------ c:\windows\system32\dllcache\c_20880.nls
2009-01-18 23:39 23,392 a------- c:\windows\system32\nscompat.tlb
2009-01-18 23:39 16,832 a------- c:\windows\system32\amcompat.tlb
2009-01-18 23:39 316,640 a------- c:\windows\WMSysPr9.prx
2009-01-18 23:38 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-01-18 23:38 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-01-18 23:38 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-01-18 23:37 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-01-18 23:37 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-18 23:37 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-01-18 23:37 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-01-18 23:37 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-01-18 23:37 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-01-18 23:37 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-01-18 23:37 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-01-18 23:37 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-01-18 23:37 <DIR> --d----- c:\windows\system32\DirectX
2009-01-18 23:36 <DIR> --d----- c:\program files\common files\MSSoap
2009-01-18 23:34 <DIR> --d----- c:\program files\Online Services
2009-01-18 23:34 <DIR> --d----- c:\program files\Messenger
2009-01-18 23:34 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-01-18 23:33 <DIR> --d----- c:\program files\Windows NT
2009-01-18 15:28 <DIR> --d----- c:\program files\common files\ODBC
2009-01-18 15:27 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-01-18 15:27 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-01-19 01:16 192,512 a------- c:\windows\system32\txmlutil.dll
2009-01-19 01:16 242,184 a------- c:\windows\system32\drivers\bdfsfltr.sys
2009-01-19 01:16 111,112 a------- c:\windows\system32\drivers\bdfm.sys
2009-01-19 00:01 315,392 a------- c:\windows\HideWin.exe
2009-01-18 23:38 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-18 23:35 21,640 a------- c:\windows\system32\emptyregdb.dat

============= FINISH: 14:49:52.23 ===============



Attach Log:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-18.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/18/2009 11:42:56 PM
System Uptime: 1/19/2009 12:07:57 PM (2 hours ago)

Motherboard: BIOSTAR Group | | P4M89-M7A
Processor: Genuine Intel(R) CPU 2140 @ 1.60GHz | Socket 775 | 800/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 78 GiB total, 72.246 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 39.41 GiB free.
E: is CDROM ()
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: System Interrupt Controller
Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Manufacturer:
Name: System Interrupt Controller
PNP Device ID: PCI\VEN_1106&DEV_5327&SUBSYS_00000000&REV_00\3&2411E6FE&0&05
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PC Camera
Device ID: USB\VID_0AC8&PID_303B\5&1AB28BDE&0&2
Manufacturer:
Name: PC Camera
PNP Device ID: USB\VID_0AC8&PID_303B\5&1AB28BDE&0&2
Service:

==== System Restore Points ===================

RP1: 1/18/2009 11:46:24 PM - System Checkpoint
RP2: 1/18/2009 11:51:58 PM - Installed DirectX
RP3: 1/18/2009 11:54:40 PM - Installed DirectX
RP4: 1/19/2009 12:01:04 AM - Installed Realtek High Definition Audio Driver
RP5: 1/19/2009 12:05:23 AM - Installed REALTEK GbE & FE Ethernet PCI NIC Driver
RP6: 1/19/2009 12:06:49 AM - Update to an unsigned driver
RP7: 1/19/2009 12:10:28 AM - Removed REALTEK GbE & FE Ethernet PCI NIC Driver
RP8: 1/19/2009 12:11:14 AM - Installed Garena
RP9: 1/19/2009 12:18:58 AM - Installed iTunes
RP10: 1/19/2009 12:23:34 AM - Installed BitDefender Antivirus 2009
RP11: 1/19/2009 12:34:26 AM - Installed BitDefender Antivirus 2009

==== Installed Programs ======================

Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
BitDefender Antivirus 2009
Bonjour
Garena
iTunes
K-Lite Codec Pack 4.5.3 (Full)
Microsoft .NET Framework 2.0
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB941833)
NVIDIA Drivers
Orbit Downloader
PDF Settings
QuickTime
Realtek High Definition Audio Driver
VDOTool 6.4
VIA Rhine-Family Fast Ethernet Adapter
Warcraft III: All Products
WebFldrs XP
Winamp
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinRAR archiver
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

1/19/2009 12:31:44 AM, error: Service Control Manager [7000] - The Cardex service failed to start due to the following error: Cannot create a file when that file already exists.
1/18/2009 11:43:18 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.

==== End Of File ===========================


I already have the MS Patch.
Thanks for the help noahdfear, will wait for your reply.

 

I need sleep. Will have to study these logs tomorrow evening and get back to you.

 

Okay

 

After studying your logs, I'm having a bit of trouble determining what to try next. These Generic Host errors can be very difficult to track down ... the causes seem to follow no specific pattern. Lets do a couple more scans just to make sure it cannot be contributed to an infection.

Download RootRepeal to your Desktop.

• Extract the compressed file to it's own folder.
• Open the folder and doubleclick on RootRepeal.exe to run it.
• Click on the Report tab, and then click on: Scan
• A window opens asking what to include in the scan.
• Check the following boxes then click OK:
  • Drivers
  • Files
  • Processes
  • SSDT
  • Stealth Objects
  • Hidden Services
• You will then be asked which drive to scan.
• Check C: (or the drive your operating system is installed on, if not C)
• Click OK once again.

The tool will begin scanning and may take a while to complete, so please be patient.

When the scan finishes, click on: Save Report
Name the log RootRepeal.txt and save it to your Documents folder (it should default there).

Post the contents of the report in a reply here.

Next, please do an online scan with Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
• The program will then begin downloading and installing and will also update the database.
• Please be patient as this can take several minutes.
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
• Click View scan report at the bottom.
• Click the Save Report As... button.
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Post the Kaspersky log here.

 

Hey, thanks for coming back


Here's my RootRepeal Log:

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/01/20 16:13
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6B5D000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADC6000 Size: 8192 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB585F000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\Documents and Settings\Shun Jokah\NTUSER.DAT.LOG
Status: Size mismatch (API: 1024, Raw: 61440)

Path: C:\WINDOWS\Prefetch\ROOTREPEAL.EXE-0E0DB65D.pf
Status: Size mismatch (API: 15420, Raw: 15200)

Path: C:\Documents and Settings\Shun Jokah\Local Settings\Temp\hsperfdata_Shun Jokah\2316
Status: Invisible to the Windows API!


and my Kaspersky Scan Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, January 21, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, January 20, 2009 13:54:02
Records in database: 1654213
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 56289
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 01:23:00


File name / Threat name / Threats count
D:\Gee\Gee's Files\wpe09a_nodelayedit.rar Infected: HackTool.Win32.Sniffer.WpePro.a 1
D:\Gee\Gee's Files\wpe09a_nodelayedit.rar Infected: HackTool.Win32.Sniffer.WpePro.w 1

The selected area was scanned.


By the way, i have checked for my driver updates and they're seem to be all up-to-date. Will wait again for your reply.

 

I'm guessing you know what this file is and what it's used for?

D:\Gee\Gee's Files\wpe09a_nodelayedit.rar

I'll have to do some more digging to see if I can come up with other recommendations. In the meantime, I'd suggest you continue searching for possible causes as well.

 

Yes, i use that file to edit packets.

Okay sir, thanks for helping me.

 

Please go to Windows Update and do a custom scan for updates. If KB958644 is available, please install it and restart the computer. Let me know if the problem persists.

If that update is not offered, go to the Windows Update Catalog and search for KB958644
Add the download for your system to the basket, download it and install. Reboot when done and let me know the results.

 

Hey it worked! My PC has been running for 4 hours now and that error message doesn't show up anymore. Thanks a lot noahdfear!

 

That's good news! Please let us know in a few days if you continue to have success.

 

3 days had passed and that error didn't show up anymore. Thank you, i really appreciated for helping me

 

Happy to hear that. I'll go ahead and mark this topic resolved then.