generic error

F

force123

New Member
a couple of days ago , my computer has start to give me "generic host 32 encountered problem and need to be closed" , then my connection to internet fail. i've install no program for a long time and didn't changed no setting ,
is this some kind of virus ?
(OS win xp pro sp2)

if i don't close it , i can still work somehow but not good, but if i close this error window , the transfering will go off, but the icon will remain.

IE 6 and FF 2 . no pluggins . except the FF 2 has yahoo serach bar by default.
it gave me this error no matter what browser i'm using.

please help
thanks

(in the past i used to format all my hard dirve and re-install windows for such problems, but now i really don't want to start all over!)

View attachment 2316

View attachment 2317

View attachment 2318
 
Last edited:
Ouch. Yes, nice that you posted that pictures. You have some viruses.
But before I suggest some fix, I have to see is that one worm the only problem...
Or are there more?
Please download HijackThis.
Install it following the prompts. Please remember that it has to be run in its' own folder.
Now open it and choose Do a system scan and save a logfile.
You will get notepad file with scan results. Please post it here in the next post.
Good luck!
 
here's the file ( i had hijack this and spy bot as well) .
spy bot didn't dtect anyting but windows security update .

i checked the log file too :
the thing you might not know : (maybe this helps)

E:\WINDOWS\system32\Fmctrl.EXE my sound card driver that load on startup .

E:\Program Files\Bonjour\mDNSResponder.exe dont' know what is this !!
E:\WINDOWS\system32\nvsvc32.exe again don't know .

E:\WINDOWS\system32\PnkBstrA.exe punk buster , for Call of duty 4. (never ever i could play online ! so got no use :( )

thanks for taking time .
BTW i don't know what you mean i run it from its own folder, i had the shortcut from it from the start menu . and i run it from there.

View attachment 2319
 
Last edited:
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).


If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In next post I want SDFix report, ComboFix report and fresh HijackThis log.
And please, tell me if your system got better!
 
mission accomplished!

first let you know i can't say it got better or not .cause this happens so randomly . sometimes i got 4 or 5 per day , sometimes none in a day. to make it more clear , i had this problem about one month ago exactly the way it is now . but then it stops giving me error till a few days ago , so i thought it has gone .

second here's the files you wanted :

View attachment 2321

View attachment 2322

won't let me upload more , so next post :
 
Last edited:
(why CF won't let me upload more ? i've seen forums let people upload over megs)

so hijackthis.log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:12:32 PM, on 1/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
F:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
F:\Program Files\VirtualCloneDrive\VCDDaemon.exe
E:\WINDOWS\system32\Fmctrl.EXE
E:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Apache2.2\bin\httpd.exe
E:\Program Files\Bonjour\mDNSResponder.exe
F:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
E:\Program Files\MySQL\MySQL Server 4.1\bin\mysqld-nt.exe
E:\Program Files\Apache2.2\bin\httpd.exe
E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\Program Files\Viewpoint\Common\ViewpointService.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\svchost.exe
F:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - f:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - f:\PROGRA~1\LONGMA~1\LAD001PE\setup\qf\IEHelp.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - E:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "f:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "f:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [CloneCDTray] "f:\Program Files\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [ISUSPM Startup] "E:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "E:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "E:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Microsoft Windows] E:\WINDOWS\system32\Kernel.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IECheck] E:\WINDOWS\IECheck.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] f:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - f:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - F:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - F:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - f:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - f:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - f:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - f:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE40051E-E6D6-4EA2-B283-08CDF7E28DB4}: NameServer = 217.218.127.104,4.2.2.4
O23 - Service: Apache2.2 - Apache Software Foundation - E:\Program Files\Apache2.2\bin\httpd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MySql - Unknown owner - E:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: MySQL41 - Unknown owner - E:\Program.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - E:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - E:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6889 bytes
 
it just gave me error right now ! so he is still there.

one important thing to mention :
i have spy bot running on this computer, as SDfix and combofix were working , spybot told me about changes in windows registry , i've saved all in images, but i can' upload more :

i denied all changes cause i wasn' sure about them , but there are the changes these 2 programs made for sure .

it gave about 6 or 7 warnings , for example one was :

desktop settings
value deleted
scrnsave.exe
e:/windows/system32/sstext3d.scr


so should i run all over again and allow all changes ? ( i guess you 'll say yes . but i'll wait for your answer)


the last thing to know :

SDfix took about 1 min to finish .
combofix didn't stop or something it run fine and took less than a min . (i have a fast pc)
 
Last edited:
Ah...I see I didn't warn you...I am sorry, my bad.
It may ask you depending on your firewall and all, whethet to accept or deny changes.
To not make it happen you have to close all applications, antivirus software and disconnect from Internet. Also, if it ask you again, accept all changes.
It's necessery if we want the tools to do their job.
Please do SDFix again and post another HijackThis log.
 
Just wondering, you are Italian?
Nevermind it just you have many Italian stuff...confusing me...
Anyway, you don't have any viruses. Anymore. All clean. All Trojans deleted ( you only had 3 of them ).
So, I'm afraid we have to search for hardware problems this time. Or at least Microsoft files...
Ok last solutions:
I didn't find svchost.exe Trojan apparently none of tools above did. This tool claims it can find it http://www.securitystronghold.com/s...onghold.com/download/solutions/TrueSword4.exe . It's called TrueSword. Anyway, if that doesn't find virus, this link will help you fix the error.
Hopefully this must work.
I count on it man...do your best...
GameMaster
 
you can check between the times i posted here. right now it gave the error again . it will be 1 error after i allowed all changes .
 
i'm not italian ! and its intresting what program are those! i look in hijack this to find those ?

there's no italian program installed on my computer ! all the things are english!
i'll give those a try too .

thanks for taking time , if you find anything let me know !
 
Yes, just do all I said ,that should definetely do the job.
Don't worry, that programs and devices...it's just made in Italy.
So I thought...don't worry.
 
true sword found about 31 things to solve . but it allowed me to solve only 10 of them !
:/ it costs me 28 euro to solve other 21!
 
Ok it helped. No matter if it's trial version or not it will remove the most important things because they want you to hook on them.
That's now clean.
Just in case, click on this link.
 
wow , it has said about my lovely error ! :D

it says scan my pc for tose following viruses, what that mean ? i just search for those names manually ?
another thing. my windows update is always off, as my internet connection speed is low , so i always turn it off that it doesn't to make it lower !

as all version of windows here in my country are cracked , so i won't update to get that windows geniune error, and this link says about updating windows.. :/

i hope talking about cracked windows do not close this thread :S
 
No it won't but don't be afraid. You can and you MUST update your Windows every while. Please, You are clean of all this things you were told to get rid of, now please make an update and then continue enjoying.
I know and I have some proves nevermind if it's cracked ( not paid version ) still you have to update it. Please, do not mention anywhere else it's cracked as it is not important and I don't want to know it. Just update your Windows and turn autoupdate on. If your connection is slow, think about buying a bigger speed.
Now, if that all didn't fix your generic error, and it must,
6) If your problem is not solved on this step, uninstall old Hewlett-Packard printer and scanner drivers (if any) and download new drivers from the manufactures web site
Click to expand...
Ok, if that not solves it,
If your problem is not solved on this step, use the following command to show all svchost.exe instances and associated services or libraries:

tasklist /svc /fi "imagename eq svchost.exe"

Then search for each of services and libraries shown in that list in the Internet to find out whether the entry is malicious or not. In case you find malicious entry, use msconfig.exe utility to disable the appropriate service entry.

This is long but effective way of Generic Host Process or svchosts.exe
Click to expand...
 
You must log in or register to reply here.
Back
Top