Solved generic host process for win32 service has encountered a problem

[Resolved] generic host process for win32 service has encountered a problem

Hello everyone, I've read the other threads on this subject and I understood that each case is specific. So here I am I'm using Service pack 3. I found a recomendation about two updates that fix this problem, but they are for SP 2 users. I also tried this http://support.microsoft.com/kb/931852. I' ve scanned my system with Avira Personal both in normal and safe mode, in administrator account and in my usual account, just incase. I have also performed a full scan and cleanup twice with SDFix, which I downloaded from a link in the malware and virus section of this forum. Now I'm no expert, but the report showed it found nothing and so did Avira, but if recuested I will post it. The things metioned above led me to belive that it's not a Rootkit and that's why I post this topic in this section.If I was wrong I appologise. Thak you in advance for any help. And here is the report from Hijack:





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:04, on 18/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20815)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ProcessGuard\pgaccount.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ProcessGuard\procguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Datecs\FlexType 2K\FType2K.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program files\Program Installation files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!1_pgaccount] "C:\Program Files\ProcessGuard\pgaccount.exe "
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [!1_ProcessGuard_Startup] "C:\Program Files\ProcessGuard\procguard.exe" -minimize
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: FlexType 2K.lnk = C:\Program Files\Datecs\FlexType 2K\FType2K.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{15C5B3A7-47C9-4D4E-91FE-50F8F080F364}: NameServer = 172.16.2.22 172.16.2.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{44CA1FA1-E744-4F9A-AC3E-3475122DCFAF}: NameServer = 172.16.2.1,172.16.2.22
O17 - HKLM\System\CS1\Services\Tcpip\..\{15C5B3A7-47C9-4D4E-91FE-50F8F080F364}: NameServer = 172.16.2.22 172.16.2.100
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: DiamondCS ProcessGuard Service v3.200 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4581 bytes

 

I'm so stupid I forgot to mention, that after I click the "Don't send" button and close the message my internet connetction stops functioning. I connect to a VPN, if that is of any importance. After I close the message i can't open the dialog that lets me connect again, the window just flashes and disappears. Also I forgot to mention that I'm using Process Guard for Rootkit prevention and from what I've read it acts by preventing processes to terminnte each other. I am using a torrent program, but I always download from one torrent tracker, which is perfectly legal and everything there gets checked, doublechecked and then checked again.

 

Welcome to WindowsBBS airstrike

Please verify that you have this MS patch installed.

Make sure you drivers for sound, video and network interfaces are up-to-date.

Lets get a more comprehensive look at things too. Download DDS from one of the 3 mirrors and save it to your desktop.

Mirror 1 Mirror 2 Mirror 3

• Disable any script blocking protection
• Double click the dds icon to run the tool.
• When done, DDS will open two (2) logs:
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.

Include the contents of both logs in your new topic.
The scan will instruct you to post Attach.txt as an attachment.
No need for that though ..... just post it's contents as you would any other log.

 

Hello noahdfear, thank you for the reply. Ok, first the patch - itried to install it but it showed a message, that the service pack on the system is newer than the patch. My sound and video drivers are the latest, I downloaded them from the sites of the manifacturers. As for the LAN card, it's integrated in the motherboard. That is the only driver I haven't tried to update, if you think i should, I wil. I just did'nt want to mess with the motherboard, that's why I haven't done it so far. By the way the message has not appeared in some time, but I haven't used the PC for long periods, since I posted the thread, so I suppose it's just a matter of time. And here is the logs from DDS:


DDS (Ver_09-01-18.01) - NTFSx86
Run by My PC at 15:48:04.37 on 19/01/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1251.44.1033.18.511.306 [GMT 2:00]

AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ProcessGuard\pgaccount.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Datecs\FlexType 2K\FType2K.exe
C:\Documents and Settings\My PC\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [!1_ProcessGuard_Startup] "c:\program files\processguard\procguard.exe" -minimize
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [!1_pgaccount] "c:\program files\processguard\pgaccount.exe "
mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\flexty~1.lnk - c:\program files\datecs\flextype 2k\FType2K.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
TCP: {15C5B3A7-47C9-4D4E-91FE-50F8F080F364} = 172.16.2.22 172.16.2.100
TCP: {44CA1FA1-E744-4F9A-AC3E-3475122DCFAF} = 172.16.2.1,172.16.2.22
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mypc~1\applic~1\mozilla\firefox\profiles\6p60ygiy.default\

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-17 11840]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-17 52032]
R4 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-17 68865]
R4 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-17 151297]
R4 DCSPGSRV;DiamondCS ProcessGuard Service v3.200;c:\program files\processguard\DCSUserProt.exe [2009-1-16 61440]
R4 procguard;procguard;c:\windows\system32\drivers\procguard.sys [2009-1-16 27968]
S3 DarkSpy;DarkSpy;c:\windows\system32\DarkSpyKernel.sys [2009-1-16 129536]

=============== Created Last 30 ================

2009-01-17 23:31 <DIR> --d----- c:\windows\ERUNT
2009-01-17 18:35 <DIR> --d----- c:\program files\Avira GmbH
2009-01-17 13:41 <DIR> --d----- c:\windows\system32\CatRoot2
2009-01-17 13:33 <DIR> --d----- c:\windows\pss
2009-01-17 13:10 <DIR> --d----- c:\program files\CleanUp!
2009-01-17 03:37 169 a------- c:\windows\RtlRack.ini
2009-01-17 03:20 376 a------- c:\windows\ODBC.INI
2009-01-17 03:20 17,920 a------- c:\windows\system32\mdimon.dll
2009-01-17 03:19 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-01-17 03:19 <DIR> --d----- c:\windows\SHELLNEW
2009-01-17 03:14 186,097 a------- c:\windows\system32\nvapps.xml
2009-01-17 03:14 446,464 a------- c:\windows\system32\nvudisp.exe
2009-01-17 03:14 18,070 a------- c:\windows\system32\nvdisp.nvu
2009-01-17 03:14 <DIR> --d----- c:\windows\nview
2009-01-17 03:14 446,464 a------- c:\windows\system32\NVUNINST.EXE
2009-01-17 03:14 <DIR> --d----- C:\NVIDIA
2009-01-17 03:12 <DIR> --d----- c:\program files\Avira
2009-01-17 03:12 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-01-17 03:11 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-01-17 03:09 577,536 -----r-- c:\windows\soun69bc.rra
2009-01-17 03:09 40,960 -----r-- c:\windows\system32\ChCfg.exe
2009-01-17 03:09 <DIR> --d----- c:\program files\Realtek Sound Manager
2009-01-17 03:09 <DIR> --d----- c:\program files\AvRack
2009-01-17 03:09 164 -----r-- c:\windows\avrack.ini
2009-01-17 03:09 <DIR> --d----- c:\program files\Realtek AC97
2009-01-17 03:08 315,392 -----r-- c:\windows\alcupd.exe
2009-01-17 03:08 <DIR> --d----- c:\windows\OPTIONS
2009-01-17 03:08 <DIR> --d----- c:\program files\Realtek
2009-01-17 03:06 139,264 a----r-- c:\windows\system32\IDEproperty.dll
2009-01-17 03:06 49,024 a----r-- c:\windows\system32\drivers\sisidex.sys
2009-01-17 03:06 9,472 a----r-- c:\windows\system32\drivers\sisperf.sys
2009-01-17 03:06 4,096 a----r-- c:\windows\system32\drivers\siside.sys
2009-01-17 03:06 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-01-17 03:06 304,128 a------- c:\windows\IsUninst.exe
2009-01-17 03:05 <DIR> --d----- c:\documents and settings\my pc\WINDOWS
2009-01-17 03:02 <DIR> --d----- c:\documents and settings\My PC
2009-01-17 03:01 <DIR> --ds---- c:\windows\system32\Microsoft
2009-01-17 03:01 8,192 a------- c:\windows\REGLOCS.OLD
2009-01-17 02:59 4,096 ac------ c:\windows\system32\dllcache\rpcref.dll
2009-01-17 02:58 66,082 ac------ c:\windows\system32\dllcache\c_20285.nls
2009-01-17 02:57 16,832 a------- c:\windows\system32\amcompat.tlb
2009-01-17 02:57 23,392 a------- c:\windows\system32\nscompat.tlb
2009-01-17 02:57 316,640 a------- c:\windows\WMSysPr9.prx
2009-01-17 02:56 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-01-17 02:56 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-01-17 02:56 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-01-17 02:56 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-01-17 02:56 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-17 02:56 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-01-17 02:56 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-01-17 02:56 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-01-17 02:56 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-01-17 02:56 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-01-17 02:56 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-01-17 02:56 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-01-17 02:56 <DIR> --d----- c:\windows\system32\DirectX
2009-01-17 02:55 <DIR> --d----- c:\program files\common files\MSSoap
2009-01-17 02:53 <DIR> --d----- c:\program files\Online Services
2009-01-17 02:53 <DIR> --d----- c:\program files\Messenger
2009-01-17 02:53 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-01-17 02:52 <DIR> --d----- c:\program files\Windows NT
2009-01-16 20:14 <DIR> --d----- c:\program files\C-Media PCI Audio Device
2009-01-16 18:56 <DIR> --d----- c:\program files\The KMPlayer
2009-01-16 18:49 <DIR> --d----- c:\program files\ProcessGuard
2009-01-16 18:46 <DIR> --d----- c:\program files\common files\ODBC
2009-01-16 18:45 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-01-16 18:45 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-01-16 18:19 <DIR> --d----- c:\program files\Datecs
2009-01-16 18:03 <DIR> --d----- c:\program files\uTorrent
2009-01-16 18:02 <DIR> --d----- c:\docume~1\mypc~1\applic~1\uTorrent

==================== Find3M ====================

2009-01-19 15:48 88,624 a------- c:\windows\system32\pghash.dat
2009-01-19 15:40 147,048 a------- c:\windows\system32\pguard.dat
2009-01-17 02:54 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-01-16 18:38 129,536 a------t c:\windows\system32\DarkSpyKernel.sys
2009-01-16 18:37 7,680 a------- c:\windows\system32\drivers\RKL66.tmp.sys
2008-12-03 14:32 1,519,424 a------- c:\windows\system32\drivers\cmudax3.sys

============= FINISH: 15:48:37.50 ===============





UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-18.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 17/01/2009 03:00:32
System Uptime: 19/01/2009 10:37:21 (5 hours ago)

Motherboard: Foxconn | | 662 7MA
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3000/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 30 GiB total, 27.437 GiB free.
D: is FIXED (NTFS) - 123 GiB total, 114.633 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Reader 9 Lite
Avira AntiVir Personal - Free Antivirus
Avira RootKit Detection
C-Media PCI Audio Device
CleanUp!
DiamondCS ProcessGuard v3.200
FlexType 2K
HijackThis 2.0.2
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB941833)
NVIDIA Drivers
Realtek AC'97 Audio
REALTEK GbE & FE Ethernet PCI NIC Driver
The KMPlayer
WebFldrs XP
Windows Rights Management Client Backwards Compatibility SP2
Windows Rights Management Client with Service Pack 2
WinRAR archiver
µTorrent

==== Event Viewer Messages From Past Week ========

17/01/2009 12:10:44, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
16/01/2009 20:08:13, error: System Error [1003] - Error code 1000007e, parameter1 c0000005, parameter2 ba121518, parameter3 f8abefb0, parameter4 f8abecac.
16/01/2009 19:24:21, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
16/01/2009 19:24:21, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
17/01/2009 03:00:45, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information.
17/01/2009 18:44:07, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
17/01/2009 18:44:08, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
17/01/2009 18:45:09, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
17/01/2009 18:45:09, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
17/01/2009 18:45:09, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
17/01/2009 18:45:09, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
17/01/2009 18:45:09, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
17/01/2009 22:54:03, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
17/01/2009 22:55:12, error: Service Control Manager [7034] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s).
17/01/2009 22:55:12, error: Service Control Manager [7031] - The Help and Support service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
17/01/2009 22:55:12, error: Service Control Manager [7034] - The Network Connections service terminated unexpectedly. It has done this 2 time(s).
17/01/2009 22:55:12, error: Service Control Manager [7034] - The Network Location Awareness (NLA) service terminated unexpectedly. It has done this 2 time(s).
19/01/2009 07:04:22, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
19/01/2009 10:35:38, error: Tcpip [4198] - The system detected an address conflict for IP address 172.16.26.132 with the system having network hardware address 00:0F:EA:A5:50:AA. The local interface has been disabled.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdindev.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdinguj.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdinhin.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdinkan.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdinmar.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdinpun.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdintam.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdintel.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdlk41a.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.5512.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdlk41j.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.5512.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdnec95.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdnecat.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdnecnt.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdth0.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdth1.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdth2.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdth3.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdusa.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdvntc.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdibm02.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.5512.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdheb.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdgeo.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdfa.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdax2.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.5512.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdarmw.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbdarme.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbda3.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbda2.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbda1.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbd106n.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.5512.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbd101a.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.0.
16/01/2009 18:19:22, information: Windows File Protection [64001] - File replacement was attempted on the protected system file c:\windows\system32\kbd101.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 5.0.2180.1, the version of the system file is 5.1.2600.5512.
17/01/2009 13:11:48, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\resources\themes\luna\luna.msstyles. This file was restored to the original version to maintain system stability. The file version of the system file is 1.0.0.1.
17/01/2009 13:42:08, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuweb.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.1.6001.65.
17/01/2009 13:42:18, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuapi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.1.6001.65.
17/01/2009 13:43:06, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuauclt.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 7.1.6001.65.
17/01/2009 13:43:40, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuaucpl.cpl. This file was restored to the original version to maintain system stability. The file version of the system file is 7.1.6001.65.
17/01/2009 13:44:08, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuaueng1.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.8.0.2694.
17/01/2009 13:44:20, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuaueng.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.1.6001.65.
17/01/2009 13:44:56, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wuauserv.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.1.6001.65.
17/01/2009 13:45:14, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wucltui.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.1.6001.65.
17/01/2009 13:45:39, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\wups.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.1.6001.65.

==== End Of File ===========================

 

Nothing in the log that would suggest malware as a cause. If still getting the error, do check for LAN driver updates.

 

Ok , thanks a lot. I hope it's ok and I won't have to bother you anymore

 

I'll keep my fingers crossed for you that you don't have any more trouble with it.

 

Well I'm sory to say, that the message keeps appearing. I updated the LAN drivers, but no effect. And if you say that nothing in the reports indicates the presence of malware I suppose then this isn't the right sectoin for my thread. I don't mean to dramatise, but this problem causes big problems sometimes. So my point is Heeeeeelp

 

Thought tihis might help - the details of the message:



Error signature
szAppName: svchost.exe szAppVer 5.1.2600.5512
szModName: AcGenral.dll szModVer 5.1.2600.5512



The following files will be included in this error report:

C:\DOCUME~1\MYPC~1\LOCALS~1\Temp\WER678a.dir00\svchost.exe.mdmp
C:\DOCUME~1\MYPC~1\LOCALS~1\Temp\WER678a.dir00\appcompat.txt

 

Please go to Windows Update and do a custom scan for updates. If KB958644 is available, please install it and restart the computer. Let me know if the problem persists.

If that update is not offered, go to the Windows Update Catalog and search for KB958644
Add the download for your system to the basket, download it and install. Reboot when done and let me know the results.

 

I'm sorry it took me so long to reply, but I haven't used my PC a lot lately and i need a longer session to see if the message will appear. So I installed the suggested update, along with many others and I believe the problem is resolved. Thanks a lot noahdfear !!! I hope this thread was useful to others too, again thanks !

 

I'm happy to receive your good news. Thanks for posting back!