Tech Problem Aggregator

# Single Machine Connectivity Issues (Generic Title For a Fairly Generic Problem)

Q: Single Machine Connectivity Issues (Generic Title For a Fairly Generic Problem)

I need help. I've been having trouble with my internet connection.

What do you mean that's not enough info to help?

Oh, ok.

Well, to some degree it works ok. On a good day, pages load in my browser fine, and I can even stream video. Steam logs in ok, and if everything's going well, I can use Skype and play games fine. Most days are not good days. Today, for example, Steam and Skype will sign in (just about, takes a while to try, and Skype doesn't seem to load my online contacts properly), web pages will generally load, but voice chat via Steam or Skype is impossible, and no games will connect. Other days voice will be fine, but browsing and/or games will be pretty impossible. Days when everything works perfectly are rare, but so are days when I get absolutely nothing at all (when browsing, pages will generally half load, no matter how bad stuff is).

I was running Windows Vista, I've since upgraded to Windows 7. I've had the same problem with three different routers on two different connections, and on both a USB dongle (tried a few, one was a Belkin if it's relevant) and an internal wifi card (Ralink, drivers up to date). I've tried turning off the power saving setting on the card ("allow my PC to turn this device off to save power"). Sometimes, just after making a change, it seems like I get a small improvement, but such impressions are generally fleeting and I'm guessing down to wishful thinking. Turning Windows Firewall off or on seems to have absolutely no effect on the connection one way or another.

I'm using Windows to manage the wifi connection (have tried using other software, such as the bundled Belkin connection manager, to no avail). It frequently reports I'm conneted but have no internet access (which generally guarantees nothing will work). If I disconnect and reconnect a few times, it will connect and say it has internet access, but that is the state described above.

My laptop, along with other computers on the network, work fine. Signal strength is reported as being medium to strong, and I'm using my rig in the same room as my laptop, so signal really shouldn't be an issue. I've also tried unplugging all my USB devices, in case it was a power draw issue (as you can probably fathom by this point, that didn't help).

At a loss as to what to do next, any advice would be appreciated.

A: Single Machine Connectivity Issues (Generic Title For a Fairly Generic Problem)

15 more replies

Hi there! Thanks for taking the time to help me out.

Yesterday, McAfee started detecting trojans in my system: Generic!Artemis, Generic.dx and Generic Rootkit.w

I don't know if these are three different trojans or one and the same. I'm not getting any pop-ups (apart from the mcafee warnings), but it is making my computer run slower and me very worried.

I'm running Windows XP Pro.

Any help most appreciated.

I can post a hijack this log if that's of any use.

A:Trojan: Generic!Artemis, Generic.dx and Generic Rootkit.w infection

Here are some of the details from the McAfee detection log ((I haven't listed all the files here because there are too many, so I'll just provide one example of each):

Detection name: Generic.dx (Trojan), Generic.dx (Trojan)

File: C:\Windows\system32\drivers\109.exe
Process: C:\windows\system32\svchost.exe
process description: generic host process for win 32 services

Detection Name: Generic!Artemis (Trojan)

File: E:\system volume information\_restore{5E0A6BCC-1246-45C3-BBAA-DBEC343BA767}\RP173\A0131417.exe
Process: C:\Program Fioles\Malwarebytes' Anti-Malware\mbam.exe
Process description: Malwarebytes' Anti-Malware

Detection name: Generic Rootkit.w (Trojan), Generic Rootkit.w (Trojan)
File: C:\Windows\system32\drivers\netsik.sys
Process: C:\Docume~1\Mike\Locals~1\Temp\BN7.tmp
Process description: (as process)

The generic.dx has been repaired and removed from 12 files so far by mcafee

The Generic!Artemis one has been quarantined from 7 files so far

The rootkit.w one has been repaired and removed from three files so far

2 more replies

Hi,

If someone could help me out, I'd really appreciate it. I don't know if it's one problem or two or several.

Here are my problems:
1. McAfee won't update, if it tries, it ends up freezing my computer and I have turn it off and on again.
2. Everytime I use google and click on a link, I get redirected to some other unrelated website.
3. And when I run a Anti-virus scan, it keeps detecting a trojan by the name of Generic.dx and it will quarantine it, but it keeps coming back.

It just started happening a couple days ago and I have no clue how to fix it. If you need me to run combo fix or something else to get a log, I will. Just let me know.

Thank you.

A:Trojan problem: Generic.dx and other issues

11 more replies

Hi, I keep getting the following message "Generic Host Process for Win32 Services has encountered a problems and needs to close." Short after that I lose my Internet connection. I went to the chat and was asked to post a HijackThis log here. I ran Adaware and Spybot and deleted what it found.Below please find my HijackThis logLogfile of HijackThis v1.99.1Scan saved at 19:12:56, on 04.09.2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Programme\AntiVir PersonalEdition Classic\sched.exeC:\Programme\AntiVir PersonalEdition Classic\avguard.exeC:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\RunDLL32.exeC:\WINDOWS\SOUNDMAN.EXEC:\Programme\AntiVir PersonalEdition Classic\avgnt.exeC:\Programme\Java\jre1.5.0_06\bin\jusched.exeC:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exeC:\WINDOWS ... Read more

A:Generic Host Problem - Loosing Internet Connection / Generic Host Problem

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. I apologize for the delay getting to your log, the helpers here are very busy.Your log is clean, so I don't think the issue is malware related. But let's see if we can figure it out for you.Click Start -> Run -> eventvwr.mscLook in SYSTEM and APPLICATIONS for anything around the time you are getting the error.Double click on anything you see with a red X, press the Copy button, and then paste it here in your next reply.

4 more replies

I have got a problem with my computer, no matter how i try to get rid of these, they will not go. i am using BitDefender internet security 2009.
which fine these trojan. but when i run my trojan remover it tell me i have no trojan and my computer is free of all..? i have not notice that my computer is not playing up. but when trying to get rid of the three trojan it tells me it cannot because it is part of the system. i tryed in safe mode but it will not let me scan. but i can scan with my trojan remover, and it come up clean, some people say my computer has been kidnap and the trojan is hiding and pretending to be part of the system. the names are....Adware.Generic.44240. Applcation.Generic.26964. Application.Keygen.BD. with thanks Erwin

1 more replies

Hello, my husband's computer seemed to contract quite a few trojans lately according to AVG free. I tried to use it to get rid of them, but I just wanted to check if it had done the job and if there is anything still lingering. Also I would like to prevent thhese infections happening again, as it seems a bit weird to me to have 5 different trojans at once. Can anyone say how the following trojans managed to download?

In temp folder: trojan horse generic 14.ABXY & trojan horse SHeur2.APYR

In system volume information _restore: trojan horse Downloader Generic 8.BJPU & another 14.ABXY

In temp internet files: trojan horse generic 13.BUBK

DDS log:

DDS (Ver_09-07-30.01) - NTFSx86
Run by Gerard Sabapathy at 21:40:44.50 on 25/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.319.64 [GMT 2:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe

A:Trying to get rid of trojans generic 14.ABXY, SHeur2.APYR, Downloader Generic 8.BJPU

2 more replies

DDS (Ver_09-01-18.01) - NTFSx86
Run by Owner at 8:21:49.90 on Wed 01/21/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.447.141 [GMT -6:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe

Please close this post. Problem has been fixed.

2 more replies

Hello all,

McAfee keeps popping up a trojan alert every couple of minutes, and as I've watched them closely for the last few days, they seem to be the same 12 or so - over and over again. I have tried full scans using both McAfee and Spybot, and while they both indicate that they fix the problems, these trojan alerts keep showing up. My comp has become very sluggish, IE in particular.

Also, every time I restart after a scan requires it, I get the error message "Owner.exe - DLL initialization failed". I noticed that this process (Owner.exe) jumps around a bit in the task manager, especially when McAfee pops up with the alerts.

-Jim

DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 20:57:27.90 on Mon 04/20/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2595 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
svchost.exe

A:repeating trojan alerts - Generic rootkit, Generic!Artemis

14 more replies

Computer Runs very slow..bit defender finds Trojan.Generic 25641 and 1)Generic Peed.Eml.Ea92)Generic.Peed.Eml.AB3)Generic.Peed.Eml.FDO4)Generic.Peed.Eml.Fad..but bit defender cant disinfect or moved these viruses...and nowadays my computer runs really slow

Deckard's System Scanner v20071014.68
Run by Bishakha on 2008-02-23 14:31:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
52: 2008-02-23 20:31:45 UTC - RP164 - Deckard's System Scanner Restore Point
51: 2008-02-23 04:52:49 UTC - RP163 - System Checkpoint
50: 2008-02-22 04:31:29 UTC - RP162 - Software Distribution Service 3.0
49: 2008-02-21 04:33:06 UTC - RP161 - Removed InterVideo DeviceService
48: 2008-02-21 04:27:18 UTC - RP160 - Removed Pando.

-- First Restore Point --
1: 2007-12-24 19:59:33 UTC - RP113 - Installed Windows XP KB899589.

Backed up registry hives.
Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-23 14:33:24
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\SYSTEM32\SMSS.EXE

More replies

A:Need help removing stubborn Trojans - artemis, generic.dx, generic dropp

Today another symptom: mcafee identified a buffer overflow in c:\windows\system32\svchost.exe at the same time that a host process error occurred... screen shot of all message alerts are attached. system is detriorating with frequent blue screens while rnning a virus scan or logger (ie MalwareBytes and gmer) I would appreciate a quick response if possible so I can get this one and only family pc up and running again. Thank you.

3 more replies

To Whom it may concern. On July 9th AVG Free Edition found the virus JS/Psyme which it was unable to heal and since then i have received numerous Trojan horse Generic 10 viruses that AVG states it healed but continue to hamper the performance of my computer. (Generic 10. BDVA, BEIA, BEWK, BAZL, BCCW, BVRB, BCQA, BCPW & Generic 7.SOQ & Agent AHMX. Im totally out of my witts here and i need some help. Thanks in advanceDeckard's System Scanner v20071014.68Run by Jean Marc McLean on 2008-07-27 11:25:15Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 4 Restore Point(s) --4: 2008-07-27 15:25:32 UTC - RP4 - Deckard's System Scanner Restore Point3: 2008-07-26 23:00:59 UTC - RP3 - System Checkpoint2: 2008-07-24 03:36:00 UTC - RP2 - Software Distribution Service 3.01: 2008-07-24 01:23:07 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.Percentage of Memory in Use: 81% (more than 75%).Total Physical Memory: 256 MiB (512 MiB recommended).-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-27 11:31:17Platform: Windows XP Service Pack 2 (5.01.2600)MSIE: Internet Explorer (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\SYSTEM32&... Read more

A:Infected With Trojan Horse Generic 10 Bewk And Other Generic 10 Trojans

2 more replies

Hello, my Dell running XP (SP3) responsiveness is slowly deteriorating in last 2 weeks with symptoms including

- browser (IE7) redirects
- slow processing times (usage often pegged at 100% or several activities going on at the same time),
- OExpress and IE unable to open occasionally.
-Mcafee identified and quarantined: generic.dx!(variants including tdy, tcy), Artemis!D671308b..., Generic Dropp.va, FakeAlert-FakeSpy!env.a, Obfuscated Script.i

- Have run DDS (log below, attach.txt attached) but GMER crashes system when it runs (in safe mode also).

**************************

DDS (Ver_10-03-17.01) - NTFSx86
Run by Robert at 9:31:27.43 on Sun 07/18/2010
Internet Explorer: 7.0.5730.13
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uInternet Settings,ProxyOverride = *.local

A:Need help with Trojans including - artemis, generic.dx, generic dropp

Hello again, obxhockeydad_1. Even though it's been almost a year since the last disinfection, which is ok, it's still a bit disheartening to see you back in the forums with another infection. Please be sure all who access the machine are taking great care when surfing the internet, opening emails, downloading files, etc...

Also, IE7 is not as secure as IE8. IE should be updated once the machine is clean.

I'd like to try to get a log from GMER rootkit scanner.

Let's try this version of gmer.

If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
In the right panel, you will see several boxes that have been checked. Ensure the following are unchecked IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop, and attach it in reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If you still have troubles, try running the scan in Safe Mode.

19 more replies

McAfee found those files and I wondering if they are slowing down my computer. I am also having problems removing programs and installing Microsoft security updates. When ever I try to remove certain programs I get a message that says, "This installation is forbidden by system policy. Contact your system administrator." My computer is a stand alone and I have admin privileges . Here is my log. Any help would be appreciated. Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:51:38 PM, on 4/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16827)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicen... Read more

2 more replies

Hi,

I have MacFee Virus Scan copy installed on my laptop. It displays virus detection and deleted messages for Generic.dx, Generic downloder.dx, and Puper Trojons in Temp folder. These messages keeps coming back.

Here is my HJT log file
=========================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:34 PM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe
C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe
C:\WINDOWS\system32\CmgShieldSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\Altiris\ALTIRI~1\AeXNSAgent.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\PROGRA~1\CISCOS~1\CEPS\CEPSWA~1.EXE
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Credant\Gatekeeper\Gatekeeper.exe

A:Generic downloder.dx, Generic.dx and Puper Trojon on my laptop

I had real time anti spyware enabled for my previous HiJackThis so now I have disabled the same and run HiJackThis again.

The new log is given below.
===================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46:41 PM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cisco Systems\CSAgent\bin\CSAControl.exe
C:\Program Files\Cisco Systems\CSAgent\bin\leventmgr.exe
C:\WINDOWS\system32\CmgShieldSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Funk Software\Odyssey Client\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\Altiris\ALTIRI~1\AeXNSAgent.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\PROGRA~1\CISCOS~1\CEPS\CEPSWA~1.EXE
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Credant\Gatekeeper\Gatekeeper.exe

1 more replies

Hi there Tech Support Guru! my computer has been invaded by these three trojans: generic!Artemis, generic.dx and generic rootkit.w

At least, that's what McAfee is telling me.

I am using Windows XP pro

Here is my Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:47 PM, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\ASUS\Asus Probe\AsusProb.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\RUNDLL32.EXE

Here are some of the details from the McAfee detection log ((I haven't listed all the files here because there are too many, so I'll just provide one example of each):

Detection name: Generic.dx (Trojan), Generic.dx (Trojan)

File: C:\Windows\system32\drivers\109.exe
Process: C:\windows\system32\svchost.exe
process description: generic host process for win 32 services

Detection Name: Generic!Artemis (Trojan)

File: E:\system volume information\_restore{5E0A6BCC-1246-45C3-BBAA-DBEC343BA767}\RP173\A0131417.exe
Process: C:\Program Fioles\Malwarebytes' Anti-Malware\mbam.exe
Process description: Malwarebytes' Anti-Malware

Detection name: Generic Rootkit.w (Trojan), Generic Rootkit.w (Trojan)
File: C:\Windows\system32\drivers\netsik.sys
Process: C:\Docume~1\Mike\Locals~1\Temp\BN7.tmp
Process description: (as process)

The generic.dx has been repaired and removed from 12 files so far by mcafee

The Generic!Artemis one has been quarantined from 7 files so far

The rootkit.w one has been repaired and removed from three files so far

2 more replies

Have Compaq Presario CQ56 laptop running Win7 64bit. I use Norton thru my ISP and so far so good until a few days ago! Norton popped a box saying it had detected a problem and when I expanded the box it showed 3 trojans and only 1 removed. It then began popping up a box telling me to reboot so it could make the needed fix and I did but it didn't I downloaded Housecalls and the scan found nothing. Next I tried AVG and that scan found nothing! Now I can't even get on the web or open any desktop icons.... I get a pop-up stating "There was a problem sending the command to the program" and it refuses to do anything. I can't run any of the diagnostics posted on the self help instructions above... I need HELP Please!!! Thanks,
Jan

A:TROJANS: Generic dxlb2rms and Generic Backdoor!1sw - NEED HELP TO REMOVE PLEASE!!!

Please don't forget this post.... I really need help! THANKS!

1 more replies

Hi,My device has been infected with ZeroAccess, which proceeded to bring along the 2 generic trojans. My main problems are that windows is very laggy (most things has to be done through Safe Mode at the moment), my firewall won't stay on (in normal and safe modes) and occasionally a pop-up appears with the title [Web Browser] warning that I should stop a script from running. It looks something like this: (I forgot to take a screenshot when it popped up, so here's the exact same thing that I found through google)Before I start off, here are some details about my machine.Windows 7 SP1McAfee SecurityCenter v11.0McAfee VirusScan v15.0 last updated today (17/6/12)McAfee Personal Firewall v12.0A few days ago, my friend was using my machine when McAfee popped up saying that it had quarantined some trojans and no further action was required.Afterwards, the computer was getting significantly more laggy with each reboot; McAfee Personal Firewall and Real-time protection were also unable to stay on. Looking through the quarantined list of items, there were multiple instances of the same 3 items:ZeroAccessGeneric.Backdoor!1ubGeneric.dx!b2ptAll 3 appeared in C:\Windows\Installer\post:27338360\UMy friend had already deleted the zip file which probably allowed ZeroAccess in. Since McAfee's complete scan of the computer was unable to complete due to the significant lag, I then downloaded and ran Spybot S&D and Ad-Aware Antivirus in Safe Mode, but n... Read more

A:Help with Zeroacess / Generic.Backdoor!1ub / Generic.dx!b2pt

Greetings and Welcome to The Forums!!My name is Gringo and I'll be glad to help you with your computer problems.I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of usPlease do not run any tools unless instructed to do so.
We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.Please do not attach logs or use code boxes, just copy and paste the text.
Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.Please read every post completely before doing anything.
Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.Please provide feedback about your experience as we go.
A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the ... Read more

50 more replies

My wife downloaded a file through bearshare and now the computer is lagging bad and avg keeps picking up these 2 trojans. I navigated to and deleted the file that the generic arly was in. I have tried to run malware bytes,trend micro housecall and they lock up before finishing as avg also locks up before finishing. I have run spybot and it removed several things. Also if possible i would like to remove any garbage programs i dont need. Plese let me know what else you will need.

Thanks a lot

1. DDS LOG
DDS (Ver_09-06-26.01) - NTFSx86
Run by Jamion at 12:40:26.86 on Mon 07/06/2009
Internet Explorer: 8.0.6001.18783
Microsoft? Windows Vista? Home Premium 6.0.6002.2.1252.1.1033.18.3034.1773 [GMT -4:00]

SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs

A:Trojan generic 11zne and generic arly

7 more replies

I hate to trouble anyone with my problems but I'm in need of some, ANY, assistance right now. I've been invaded(!) with pop ups for about a week, and I just remembered the super nice community dedicated to helping loners like myself fix it.

So as I understand it I'll just post my first hijackthis log here and wait for a kind soul to help me sort my mess

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:50:50 PM, on 5/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Documents and Settings\David Valdez\My Documents\yztbr103\YzToolBar.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

A:Solved: [Generic, "I Have SpyWare" Title Here]

15 more replies

Here is my HijackThis Log:Logfile of HijackThis v1.99.1Scan saved at 9:07:22 PM, on 10/14/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\windows\System32\smss.exeC:\windows\SYSTEM32\winlogon.exeC:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\svchost.exeC:\windows\System32\svchost.exeC:\windows\system32\spoolsv.exeE:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exeC:\windows\Explorer.EXEC:\windows\system32\nvsvc32.exeC:\windows\system32\svchost.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exeC:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exeC:\Program Files\Softwin\BitDefender9\vsserv.exeC:\windows\SOUNDMAN.EXEC:\Program Files\CyberLink\PowerDVD\PDVDServ.exeE:\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Java\jre1.5.0_06\bin\jusched.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Softwin\BitDefender9\bdmcon.exeC:\Program Files... Read more

A:Infected With Generic.xpl.iespoof.79e52b4a And Generic.xpl.iespoof.cd88c331, Both Located In My Temporary Internet Files Folder.

Reboot into Safe mode then follow these steps.Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet ExplorerGo to Control Panel > Internet Options > General tabClick the "Delete Cookies" buttonNext to it, Click the "Delete Files" buttonWhen prompted, place a check in: "Delete all offline content", click OK* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu on the left side of the Options window.Click the Clear button located to the right of each option (History, Cookies, Cache).Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.Does that remove them?

2 more replies

Hi! McAfee detected two trojans (generic.dx) a few days ago, which I chose to remove. The computer had been running slowly and freezing quickly after booting up. Later during another scan, McAfee detected a generic downloader which really alarmed me because it was in my program files for all my passcodes (?)

I have not seen any pop-ups so far in Firefox, no strange or unusual messages; just a really slow boot-up and a new trojan found every time McAfee runs scans. It doesn't seem to go away =(

If you could help me that would be great!!!! Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:32:38 PM, on 9/26/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\OEM02Mon.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Creative\SBLive 24-Bit External\Volume Panel\VolPanlu.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AIM\AIM Pro\aimpro.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe

More replies

Hello,

I noticed last week that my browsers (Mozila and IE) were not working properly: all the searches I was doing were redirected. I can't access to some websites as this one or McAfee...
I can't update my McAfee Security Center software nor perform a restore system and Malwarebytes doesn't launch.
McAfee found the following trojans: Generic.dx, JS/Tenia.d and Generic PUP.z and I deleted them. However, my problems are still not solved. I was wondering if someone here could please help me to fix theses issues or if I should just reformat my hard drive (will this get rid of all viruses/trojans for sure?)?

Fanny

You'll find here below the contents of the DDS.txt log:

DDS (Ver_09-01-19.01) - NTFSx86
Run by Fanny at 13:11:49,90 on 26/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.509 [GMT -8:00]

AV: McAfee VirusScan *On-access scanning disabled* (Outdated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

A:Infected with Generic.dx, JS/Tenia.d and Generic PUP.z

3 more replies

About every week or two McAfee finds either generic.dx or generic downloader.dx. It's installed as a service. I have to run McAfee in safe mode to remove it. My fear is that something is installed on my PC that activates every week or two and re-installs this trojan. I've run a complete McAfee which doesn't find anything. I did the on-line Kapersky primary area scan. I've also run SpyBot and MalwareBytes and they haven't found anything. I also have Windows Defender installed. I run the Windows Xp firewall. I run Secunia PSI and MS Baseline Security so Im pretty up to date on my patches. My fear is that something is installed that hasn't been found that wakes up every week or two and tries to re-install this trojan. I've attached the hijack this log and info below. thanks for looking at this.info.txt logfile of random's system information tool 1.04 2008-12-01 06:58:34======Uninstall list======-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe /uninstall-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}3CIPCalc-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\3Com\3CIPCalc\Uninst.isu&... Read more

6 more replies

I can't get rid of the the Generic Rootkit w. My virus software warning window keeps popping up saying the Trojan is detected even after I ran SDFix.

Generic Rootkit w
File: c\WINDOWS\system32|securetm.sys
Process: c:\Docume~1\Valerie\LOCALS~1|Temp|BNF6FD.tmp

File: c:\Documents & Settings\Valerie\Valerie.exe
Process: c:c:\Documents & Settings\Valerie\Valerie.exe
Valerie
______________________________________

DDS (Ver_09-03-16.01) - NTFSx86
Run by Valerie at 9:30:34.68 on Wed 04/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1283 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

Hello and welcome to TSF.

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don?t hear from you in three days this thread will be closed.

2 more replies

I received notifacation by McAfee on Generic!atr & Generic dx $DNSChanger.o. Must have gotten them from DVD X Copy pro download, it is the only file download I did. I do not check email on this computer. It is the only thing I can think of unless I got them surfing. I did all the things in log 793721 as It looked identical but I just want to make sure so I am posting a few logs. Thank you very much for looking into this for me. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:01, on 2009-01-24 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\McAfee\MBK\MBackMonitor.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\program files\common files\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe c:\program files\microsoft corporation\msn remote record service\remoterecordclient.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\e... Read more More replies Answer Match 74.34% McAfee installed on computer but was "complaining" that the computer wasn't protected but when clicking fix - nothing changed. Finally tonight was able to get the updates and now it says machine is protected and it quarantined: Generic Dropper.cx, Generic Downloader.x. I can see from the logs that on 1/25 it supposedly removed Generic.dx. Obviously, this machine still had a problem so I ran dds and mbam - although in reverse meaning ran mbam first. Logs below. Perhaps MBam has fully resolved but I'd like an expert to confirm. Thank you. ***************************************************************** Malwarebytes' Anti-Malware 1.33 Database version: 1736 Windows 6.0.6000 2/6/2009 8:39:56 PM mbam-log-2009-02-06 (20-39-56).txt Scan type: Quick Scan Objects scanned: 51894 Time elapsed: 10 minute(s), 10 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 5 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT... Read more A:Generic Dropper.cx Generic Downloader.x Welcome to the BleepingComputer Forums. Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Please post the contents of log.txt. Thank you for your patience.Please see Preparation Guide for use before posting about your potential Malware problem. If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped. Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so. While we are working on your HijackThis log, please: Reply to this thread; do not start another! Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so. Do not run any other tool until instruc... Read more 2 more replies Answer Match 73.5% Good Afternoon, I'm having a problem with one of my systems. Somehow the AV didn't get updated on it for a couple of weeks and of course, I have an issue(s). I'm seeing PAK_Generic.001 and Troy_vundo.bmf errors in the Trend Micro logs. I have updated my virus defs and ran a couple of different AV and AS scanners. But I think I still have problem. I only able to function in Safe Mode. If I try to boot normal, 95% of the time, I get a message about not enough resources to load profile. The other 5%, I can login, but Task Manager will not work along with lots of other things. I can only run HJT in safe mode. I hope someone can help. This is an in-laws computer and they are calling me every 5 minutes to see if it is working. Here a copy of my latest HJT log: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 4:22:20 PM, on 4/19/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Temp\HiJackThis_v2.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name)... Read more More replies Answer Match 72.66% My Mcafee says it can't be removed. Google points me here with a HJT log. Random windows popup while online, not normal popups that can be blocked.. Thinkpad w XP sp2 Thanks for any help... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:31:09 PM, on 12/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\ibmpmsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\FolderSize\FolderSizeSvc.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe C:\WINDOWS\System32\TPHDEXLG.exe C:\WINDOWS\system32\TpKmpSVC.exe C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe C:\WINDOWS\system32\Ati2evxx.exe C:... Read more More replies Answer Match 72.66% While running a scan with AVG, an alert came up from McAfee saying i have a generic.dx trojan (named A0191863.exe) located in C:\Program Files\Grisoft\AVG7\avgwb.dat.It says "deleted" but will come up again if I run another AVG scan. In addition to this, the AVG scan keeps detecting a "change" in shell32.dll (location: C:\WINDOWS\system32\shell32.dll) as well as in hosts (location: C:\WINDOWS\system32\drivers\etc\hosts). Any help with these issues would be appreciated. Also one last side note... for some reason McAfee can never finish a virus scan. It starts but then at some point it decides it just can't get past a file and will sit there and scan it indefinitely. I tried booting in safe mode and reinstalling with no effect... Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:57:37 AM, on 6/9/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Apoint\Apoint.exe C:... Read more More replies Answer Match 72.66% This problem began after my grandkids were introduced to my computer. (at this time Windows Defender would open, but was not enabled for some reason) They have downloaded many different kid's games and I have noticed new toolbars showing up over time (AIM toolbar, Google, Yahoo, MyWebSearch). I have uninstalled the MyWebSearch toolbar and all of the "extra" programs/Toolbars that the kiddos downloaded/installed. I have installed a new version of McAfee (SecurityCenter SE from AOL) which found four files associated with MyWebSearch and Generic!Artemis virus. McAfee quarrantined these files. After the McAfee fix, Windows Defender will not open, or reinstall. It also does not appear in the add/uninstall programs screen for me to uninstall it. I tried the three steps that Microsoft recommends to reinstall Defender, but none worked. McAfee does not find any more issues after running a complete scan. Lastly, the AIM toolbar reappeared in IE without prompting. The fact that Windows Defender does not run is my concern at this point. I am not really sure if there is something looming, but this just does not sit right with me. Thanks for your help! DDS (Ver_09-06-26.01) - NTFSx86 Run by Bud at 21:42:42.82 on Mon 07/27/2009 Internet Explorer: 7.0.6000.16851 Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.1.1033.18.894.86 [GMT -4:00] AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} SP: McAfee VirusSca... Read more A:Generic!Artemis and other issues Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more 2 more replies Answer Match 72.66% Sorry if this is a double post....Good Evening,I hope that someone can help me. I have a system that is saying that it is infected with Pak.Generic.001, troj_vundo.bmf and other serious issue. Currently, I can only boot my computer to safe mode with network to do anything. If I attempt to boot normal, when I login, I receive a message about Insufficent Resources. I have scanned my computer with multiple AV/AS products and nothing seems to fix this.I hope someone can help me!!!!Here my HJT Log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 20:30, on 2008-04-19Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\csrss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\WINDOWS\system32\wbem\wmiprvse.exeR1 - HKLM\Software\Micros... Read more A:Pak.generic.001, Troj_vundo.bmf And Other Issues Hello Mrmuggyd and welcome to BleepingComputer,1. * Clean your Cache and Cookies in IE:Close all instances of Outlook Express and Internet Explorer Go to Control Panel > Internet Options > General tabUnder Browsing History, click Delete. Click Delete Files, Delete cookies and Delete historyClick Close below.* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):Go to Tools > Options.Click Privacy in the menu..Click the Clear now button below.. A new window will popup what to clear.Select all and click the Clear button again.Click OK to close the Options window* Clean other Temporary files + Recycle bin Go to start > run and type: cleanmgr and click ok. Let it scan your system for files to remove. Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.Press OK to remove them.2. Please download Malwarebytes' Anti-Malware from Here or HereDoubleclick mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish,so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is complete... Read more 3 more replies Answer Match 72.66% Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:08:04 PM, on 7/7/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\AVG\AVG9\avgwdsvc.exeC:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Common Files\LightScribe\LSSrvc.exeC:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exeC:\Program Files\AVG\AVG9\avgnsx.exeC:\Program Files\PDF Complete\pdfsvc.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exeC:\WINDOWS\system32\SearchIndexer.exeC:\Program Files\Canon\CAL\CALMAIN.exeC:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exeC:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exeC:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\SMINST\Scheduler.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\WINDOWS\system32\wuauclt.exeC:\Program Files\ATI Technologies\AT... Read more A:Trojan Issues / Generic 18.VHH Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more 2 more replies Answer Match 71.82% Hiya! I'd originally come aboard with the intention of asking why I see one or two "Generic volume shadow copy" driver installs EVERY DAY in perfmon/Reliability Monitor. After reading other threads on this topic, I'm now convinced this is related to my leaving a USB drive plugged into my PC 24/7 for ReadyBoost, and ditto for an external USB-attached hard disk (for backups). My questions have now become: 1. I have 98(!!!) Generic volume shadow copy entries in the "Storage volume shadow copies" element in Device Manager (and my rebuilt Vista install is about 5 weeks old, installed on 8/7/08). Should I be concerned? What can I do to get this number down? How do I keep it down? The obvious bonehead answer appears to me to be "Delete them all, and keep it up every day, or write a script to do likewise." Is this even reasonable? 2. I have 5 "Generic volume" entries in the "Storage Volumes" element in Device Manager. Same questions as before... 3. I can't get any meaningful info from the Properties windows under either heading, though complete coverage of "Storage Volumes" and random sampling of "Generic volume shadow copy" entries all say "The device is working properly" Any input, ideas, advice, or references that will help me understand how to proceed from here will be greatly appreciated. TIA for your help and support, --Ed-- A:Device Mgr: 98 Generic volume shadow copy, 5 Generic volume entries Just FYI in scanning elsewhere on the Web I've found other posts that report this same behavior. For example: http://www.vistax64.com/vista-genera...talling-s.html (no resolution). This posting may offer some relief, and recommends uninstalled the USB Root Hub drivers so they can be rediscovered upon bootup: http://www.vistax64.com/vista-genera...ecognized.html. Haven't tried this yet, though, so I don't know if it helps or not. HTH, --Ed-- 3 more replies Answer Match 71.82% iv tried looking for whatever is doing this to my computer but i just cant find it, please help. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:57:13 PM, on 1/21/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\WLTRAY.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless... Read more More replies Answer Match 71.82% my modems been running well until i played with the settings...now it start downloading at about 6k the slowly decreases to around 3k. When i play an online game it runs fine then after a minute or 2 i get a sudden hit of lag and then its fine then i get lagg then its fine? Ive also followed your guide on the site with no avail either. Does anyone know how i could solve this prob? ps im running xp and dont know the manufacturer sorry the device manager just shows it as a generic 56k hcf data fax modem. A:generic hcf data fax modem issues Download Dr. TCP here: http://www.dslreports.com/drtcp It will optimize your internet-connection (best program for both modems and broadband) 3 more replies Answer Match 70.98% I am having multiple issues with this laptop. It freezes at any given time. Google results are often redirected to ad sites. I occasionally get an error reading something similar to "Generic Host Process for Win32 Services encountered a problem and needed to close." after which I can do nothing. I have tried to follow the instructions at http://www.bleepingcomputer.com/forums/topic34773.html but could not get past running dds.scr. I also could not get past running gmer.exe. The laptop would freeze upon trying to run either of those and would force me to do a hard reboot. I have once run Malwarebytes Anti-malware and it found nothing. I installed AVG a day ago and it quarantined a few files. I appreciate any advice you could lend me. TIA A:Freezing, redirects, generic hosts issues, etc. Hi, Have you tried to run DDS in safe mode? 21 more replies Answer Match 70.98% Hello I am running Windows XP SP3 and have recently been receiving a "generic host process for win32 services has encountered a problem and needs to close" error. When it occurs it turns off my "Sounds and Audio Device Properties" and I am no longer able to select anything due to it all being grayed out. I have attempted to run a simple system restore but after my PC restarts it says "System Restore can not be completed." I have run Malwarebytes, CCleaner, and an AVG virus scan and nothing has come up. It also changes the explorer shell from the XP graphics to the, what looks like, classic Windows shell. When I restart my computer it fixes the problem, only temporarily(It always occurs but it happens randomly). If more information is needed let me know please, and next time I see the error I will get a screen shot of both the error and what my settings are doing.Thanks in advance.PS - i just got this issue again so here are a couple screen shots of what I was talking about. More replies Answer Match 70.98% I have been infected for a few weeks with a range of ugly attacks I have ran all the programs recommended here and I do not seem to have anymore pop ups or redirecting of search engine pages or security alerts or generic host alerts I do still have a yield sign that pops up over my AVG icon in the tray but it disappears after a couple of seconds. I am not sure if I have removed all the malware and am clean or not please take a look for me. Thank you so much. A:Security Alert, Generic Host and other issues It appears you didn't post the logs.Please go here....Preparation Guide ,do steps 6 - 9.Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.If Gmer won't run,skip it and move on.Also post your HJT log.Let me know if that went well. 3 more replies Answer Match 70.98% First off, I'd like to thank everyone who contributes to this forum. I just found it and I've already learned a lot from the stickies and other posts. I really appreciate the time put into it. Now, I have a problem I was hoping to get some help with. I'm running Windows XP and for the past week my McAfee SecurityCenter has been reporting a lot of trojans/viruses/PUPs that have been removed or quarantined or that could not be repaired. Since this has happened, I've noticed my computer (especially web applications) running incredibly slowly from time to time for no obvious reason. I've also occasionally been redirected from websites that I frequent to websites I've never been to. Below I've included a list of the items detected by McAfee and the actions it took (minus duplications) and a current HijackThis log. Any help would be appreciated, thanks. Generic Dropper (quarantined) Generic.dx (quarantined) Generic Downloader (quarantined) Generic.dx (removed) Generic Dropper (removed) Adware-PurityScan (cannot be repaired) Downloader-BCF (removed) Adware-ISM (removed) Adware-BHO.gen.c (cannot be repaired) Generic Pup.d (removed) W32/Sdbot.worm (quarantined) FakeAlert-AB!htm (removed) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:59:24 PM, on 11/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winl... Read more More replies Answer Match 70.14% Help, Nothing seem to work. I tried scanning with BitDefender but beside finding the virus, it cannot put both virus in quarantine. I tried doing the technic that includes, rebooting in safe mode, using ATF Cleaner then doing a full scan with ewido (ewido 4.0). But ewido cannot spot the virus. Can anyone help? A:Infected With Generic.xpl.iespoof.79e52b4a And Generic.xpl.iespoof.cd88c331 I just updated to AVG Anti-Spyware 7.5 2 more replies Answer Match 68.88% I am constantly getting "generic host win32" error which causes my computer's internet to stop running and internet explorer to change the way I view it. Internet explorer and firefox also redirects after i click a link when i do a search. I have sp3 installed and have run many malware programs. please help. A:generic host win32 error and internet browser redirect issues Please download TDSSKiller.zipExtract it to your desktopDouble click TDSSKiller.exePress Start Scan Only if Malicious objects are found then ensure Cure is selected If suspicious objects are found select skipThen click Continue > Reboot nowCopy and paste the log in your next reply A copy of the log will be saved automatically to the root of the drive (typically C:\) 1 more replies Answer Match 68.88% Downloaded AVG?. Found: Trojan horse Collected Z C:\Windows\toolbar.exe Trojan horse Downloader.Generic.FCB C:\Windows\tool1exe Updated AVG files?. Found: Trojan horse Downloader.Generic.ITN C:\Windows\loadnew.exe Trojan horse PSW.Generic.DYD C:\Windows\kl.exe Trojan horse Downloader.Generic.ITN C:\Windows\1sv22cb9.exe Trojan horse PSW.Generic.DYD C:\Windows\ibm00001.exe Trojan horse PSW.Generic.DYD C:\Windows\ibm00001.dll Trojan horse PSW.Generic.DYD C:\Windows\ibm00002.dll Trojan horse Startpage.UN C:\Windows\paytime.exe I then Rebooted?.. AVG Boot-up Scanner (ver 7.1) Detected a virus C:\Winstall.exe spyware spytrooper.G Recommend reboot and restart system from virus free diskette then use AVG Rescue Disk and remove the virus by healing. Did this and it found nothing. Ran AVG found nothing. Still detects [C:\Winstall.exe spyware spytrooper.G] on boot-up HJT Log: Logfile of HijackThis v1.99.1 Scan saved at 12:05:23 AM, on 11/18/05 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v5.00 (5.00.2614.3500) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\OFFICE51\SOINTGR.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAM FI... Read more A:Downloader.Generic.FCB + PSW.Generic.DYD + others just a bump 14 more replies Answer Match 68.88% Hi, I can't get rid of either or these trojans. Please help!!!! I ran the HiJackThis and here is the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:04:34 PM, on 1/16/2008 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\PackethSvc.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe C:\WINDOWS\System32\CTsvcCDA.exe c:\program files\mcafee.com\agent\mcdetect.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\OasClnt.exe C:\WINDOWS\System32\NMSSvc.exe C:\WINDOWS\System32\nvsvc32.exe c:\program files\mcafee.com\vso\mcvsshld.exe c:\program files\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\lanmanwrk.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:... Read more A:Generic.dx and generic RookKit.a Hi, niki804 Welcome. We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time. Click here Apply the update, reboot, and post a fresh Hijackthis log. 2 more replies Answer Match 68.88% Received this computer with numerous issues. 1. Cannont install programs - receive error 1306. 2. Microsoft FIXIT programs "Failed to process" 3. Malwarbytes Generates errors on install (both with mbam-exe and 3f34l3faa.exe). Program gives error: "CoCreateInstance failed; code 0x080040154. Class not registered." 5 times, but then is able to run, update and scan. Finds no problems. This is both in normal and safe mode. In addition. removed hard drive from PC and scanned from another computer, no virus found. Also manually updated virus definition files from usb drive, nothing found on both quick and full scans. 4. Sophos Virus Removal Tool finds 2 infections: "Mal/Generic-L" and "Mal/Generic-S", but fails on removal: "Virus removal failed". 5. IE opens and immediately closes. Uninstalled IE8, IE7, and reinstalled, no help. Firefox works (using Firefox to post this message). 6. When plugging in flash drive, get windows dialog box with one option to open folder to view files. Clicking on that does nothing. Have to open drive through my computer or windows explorer. 8. start>search fails to run. 7. Ran GMER without incident, log attached. DDS log below. . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Owner at 19:42:12 on 2012-08-15 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1983.1351 [GMT -5:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD... Read more A:Damage to XP After MAL/Generic-L and MAL/Generic-S Update: Ran Sophos again, and here is the log. it shows 3 different scans I have run. 34 more replies Answer Match 68.04% This isn't my machine. I do know it's having a lot of trouble connecting to POP3.. it doesn't seem to want to do all the windows updates either. With Kaspersky last night I found: not-a-virus:Adware.Win32.MyWay.v (2 instances) Worm.Win32.AutoRun.pnl Here are the logs: DDS (Ver_09-02-01.01) - NTFSx86 Run by John Teahen at 8:25:33.90 on Fri 03/06/2009 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.636 [GMT -5:00] AV: Norton Internet Security *On-access scanning enabled* (Outdated) FW: Norton Internet Security *enabled* ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

A:Machine having POP3 Connectivity Issues, some viruses found

I've done some work on it following the major geeks initial guide lines.. I think it's a lot cleaner now.. you can close this thread.

Thanks

2 more replies

Trojan Horse Generic7.VWR, Adware Generic.ANL, Trojan Horse generic 10.BDQU, YLG & ARQZ, Backdoor Generic9.UXL, Trojan Horse SHeur.AZUV & JS/PsymeMy wifes freind complained that her computer was too slow and needed some new hardware. She wanted me to have a look> I was thinking check for RAM, Vid card, Sound card kind of stuff. What I found instead was a computer that was so slow it was near unusable and virus/ad/mal/spyware infested. Further research found that this was one of the Packard Bell's that was shipped with Norton Internet Security 2004, but she had not updated the license. So basicaly, since 2006, she has been online with no protection at all. I wwent to the Packard Bell site and got the application to uninstall Norton and replaced it with AVG (Free version) and Sygate Personal Firewall (Free version) and turned off Windows Firewall.I have scanned with AVG, installed and ran ad-aware, Spybot S&D, Bit Defender, Mcafee Stinger, Updated the OS and installed HiJack this. Here is the log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:20, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe

A:Trojan Horse Generic7.vwr, Adware Generic.anl, Trojan Horse Generic 10.bdqu, Ylg & Arqz, Backdoor Generic9.uxl, Trojan Hors...

I apologize for the very long delay. We have a huge backlog of HijackThis Logs to handle and it has been taking us greater time than normal to get caught up. If you are still having a problem, and want us to analyze your information, please reply to this topic stating that you still need help and I will work with you on resolving your computer problems.

Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, feel free to create a new one.

Once again, I apologize for the delay in responding to this topic.

1 more replies

Hi. I am hoping you may be able to help. I was using Youruninstaller (which I now think was infected) to uninstall a programme. I noticed the CPU usage and processor were working overtime. I did a scan with Spyware Doctor and it detected Email-worm.Zhelatin which I removed and thought I was in the clear.

I then tried to uninstall Youruninstaller with Revo Uninstaller. When doing this Kaspersky internet security quarantined riskware Trojan.generic.

I did another Spyware doctor scan which detected no further virsuses. However, the processor is still working overtime and often spikes, making the computer slow. Also, I cannot install new programmes without getting a error message.

What should I do to restore the system? I have deleted TEMP and TIF files and enabled Show Hidden Files & Folders. Thank you for any help.

Here is my DSS report

DDS (Ver_09-01-07.01) - NTFSx86
Run by Family at 18:40:26.73 on 08/01/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.44.1033.18.1790.1181 [GMT 0:00]

AV: Kaspersky Internet Security *On-access scanning enabled* (Updated)
FW: Kaspersky Internet Security *enabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss

A:Riskware Trojan.generic & riskware worm.P2P.Generic

3 more replies

Hello All,
I am new here. So pls forgive me if i am doing any mistake.
Few days back i downloaded a Game from a torrent. And when i installed it
on my machine, got alert from McAfee that its a Virus named Generic.dx
I scanned my pc thru mcafee and it showed some files with name generic.dx name and deleted it.
now there is no error but just problem. I can not open my drives directly. i have to right click it and then explore. is there something wrong with the system. is that virus still in there? how do i remove it?

Pls help me with this problem..

Again sorry if i have done anything wrong in my request.
Thanks,
Ezaz

Here is what i got from HJT and i dont understand a single word of it.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:18 AM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe

A:Generic.dx Problem - Pls Help

-----Bump-----

3 more replies

I have been plagued by this Mal/Generic-L virus for a while now and I have not yet found a solution. I hope you can help me. I have Webroot AntiVirus with Spy Sweeper and Trend Micro Internet Security. The Webroot regularly alerts me that it has encountered and quarantined Mal/Generic-L and when looking at further information of this quarantine, it regularly says that it is in the program file
"c:\program files\trend micro\internet security\vsienhm6f.o0a" or similarly named files with the only change occuring in the phrase after the last backslash.

After I am alerted of the quarantine, I select the item and delete it. However, shortly later I am alerted again of Mal/Generic-L attached to a file named something similar to that above. This process has repeated for weeks. It initially persisted as Mal/Generic-A, but that doesnt ever appear anymore and now it is Mal/Generic-L.

I hope you might find a solution. And thanks in advance. Here is my HiJackThis log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:53:54 AM, on 12/7/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe

A:Mal/Generic-L Problem

My apologies for posting again, my first attempt at creating a logfile for Hijackthis didn't come out correctly. I managed to get a full report this time, I would have edited my post but couldn't find where to do that at.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:48:07 PM, on 12/8/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Users\Owner\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\HijackThis2.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =... Read more

2 more replies

I'm having the same problem as several other posters. McAfee finds Generic.dx and deletes it but this does not seem to last and it reappears. I ran HJT. Below is my log. Any help would be greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:27 PM, on 1/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe

More replies

I'm running webroot spysweeper on my computer (XP operating system) and it quaranteened something called "Mal/Generic-A problem" It is still in quaranteen , but my computer is running very slowly, and several days ago spysweeper kept intercepting various websites that my computer was trying to go to and webroot posted a message that it stopped it. That is not happening now, but the computer is just slow. Any help would be appreciated. I'm running AGV antivirus (free ware) and webroot spysweeper. Thanks in advance Here is my hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:07 PM, on 5/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe

A:Mal/Generic-A problem

16 more replies

Using belkin Hi-Speed USB 2.0 7-Port Hub. For unknown reason, the generic usb hub in the device manager shows a exclaimation mark. I had refer to this guide http://forums.techguy.org/hardware/587579-solved-hi-speed-usb-device.html to solve the usb hub problem, but it didnt works.

I guarantee that the hub is still functioning as I had tried it on my laptop and other PC.

A:Generic USB HUB problem

Does the pc usb port that the hub is connected to work ok?

2 more replies

I have a problem with my computer and a trojan seems to be messing with firefox/internet explorer.
ATT Yahoo online protection scan had a log of infected files which included one entry: Win32Kyo!!generic.
Following the instructions for deletion only created a new directory in which the trojan went.
The virus is preventing file uploading so I will copy/paste extra.txt in a new post.
there might be some illegal software on my computer. I attempted to remove all illegal software but other people use this computer

Deckard's System Scanner v20071014.68
Run by Compaq_Owner on 2008-06-27 17:59:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
84: 2008-06-27 23:59:54 UTC - RP372 - Deckard's System Scanner Restore Point
83: 2008-06-27 23:36:25 UTC - RP371 - System Checkpoint
82: 2008-06-26 22:50:18 UTC - RP370 - Last known good configuration
81: 2008-06-26 22:50:13 UTC - RP369 - System Checkpoint
80: 2008-06-26 22:50:13 UTC - RP368 - System Checkpoint

-- First Restore Point --
1: 2008-06-26 22:49:24 UTC - RP289 - System Checkpoint

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Compaq_Owner.exe) ----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

A:win32kyo!!generic problem

Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear, a lack of symptoms does not mean that it is no longer present.

========

=========

P2P

P2P - I see you have P2P software BitComet 0.99 and BitTorrent - installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk... Read more

1 more replies

Hi everione i have a problem i have aSapphire Radeon HD 5670 Ultimate 1GB Video Card connected to a LCD monitor 22"w E -line-220E1SB1/00 and i have the latest ati drivers for my video card, my windows 7 ultimate 64 bit is up to date too but wen i try to obtain the 1920 x 1080 it says that my max rezolution is 1600x 1200...and at display it says 1.Generic Non-Pnp Monitor...i tried to fix the problem using the Pheonix solution posted on seven forum but i didn't manage to fix anythyng...please help me...i really need some help....

Quote: Originally Posted by aronaxmann

Hi everione i have a problem i have aSapphire Radeon HD 5670 Ultimate 1GB Video Card connected to a LCD monitor 22"w E -line-220E1SB1/00 and i have the latest ati drivers for my video card, my windows 7 ultimate 64 bit is up to date too but wen i try to obtain the 1920 x 1080 it says that my max rezolution is 1600x 1200...and at display it says 1.Generic Non-Pnp Monitor...i tried to fix the problem using the Pheonix solution posted on seven forum but i didn't manage to fix anythyng...please help me...i really need some help....

Hey mate. Have you tried this tutorial? I wasn't sure if this was the solution you were talking about.

Force DVI/HDMI resolutions and refresh rates

9 more replies

Hi there,

Back once again

Yesterday my girlfriend told me she opened something at msn and now the comp was bleeped.
I thought she was over reacting but she seems to be right.

The problem is I get about 5 pop-ups a minute now. I tried scanning with ad-aware wich shows nothing.

So I scanned with avg wich came up with 14 infected files.
This are two kind of files. Adware.generic.scb (the latest.scb extention is different everytime I scan....)

AVG also says it removes these files everytime but after reboot nothing changes.
I runned it in normal and in save mode but no difference whatsoever.

According to my girlfriend this infection keeps sending through to other people on msn when you start it up.
So I am afraid to even go online.

Anyone in here know what to do now?
With my last problem I needed to re-install my entire comp so I would like to try and avoid that

Cheers,
Bart

Ps. some of the basic info would be: Dell dimension 5150 , windows xp home with sp2 and all the official dell software.

8 more replies

hi there. i have been tackling a generic.dv trojan problem with help from the mcafee forum, who eventually recommended a number of steps posted on this site. following their instructions, i have to attach the following logs...

DSS report:
Deckard's System Scanner v20070426.43
Run by Administrator on 2007-05-06 at 12:19:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 12:22:18, on 06/05/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\antivirus.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\CTSvcCDA.EXE
C:\WINNT\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\MsPMSPSv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe

A:problem with generic.dv trojan

Hi and welcome to TSF.

My name is Keneth and I would be helping you clean up your computer.

I am currently reviewing your log and will be back with a fix for your problem as soon as possible.

13 more replies

I am having a generic host win 32 as well. Here is what my event planner and malwayre scan say.

Malwarebytes' Anti-Malware 1.44
Database version: 3641
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/26/2010 3:30:52 PM
mbam-log-2010-01-26 (15-30-52).txt

Scan type: Quick Scan
Objects scanned: 105129
Time elapsed: 7 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Generic Host Process for Win32 Services
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x0091857c.

Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

A:generic host win 32 problem

FirstReboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before t... Read more

3 more replies

i keep getting this box pops uo saying "generic host needs to close" process for win 32 services. then task bar turns to a yelow color as if im in safe mode and things dont work right.Same exact problem here also but my task bar is white looking for some help too)

A:Generic Host32 Problem

My computer was running perfect until I installed the comcast norton, now I get pop ups, my task bar has changed color, I get a generic host 32 error, my speakers don't work and my computer will not shut down unless I force it. I spent several hours with comcast (via india) and they blamed it on windows and told me to contact them. very frustrating.

2 more replies

We have a LJ 4240 that recognizes the generic cartridge, and won't print. Is there a way around this so we can use the cart?
Appreciate any help.
Tom

A:HP LJ generic cartridge problem

That's a big freakin' toner cartridge - how clean are the contacts? Have you tried putting the cartridge in with 'wet' contacts (IE: Take a paper towel, spritz it with Windex, 409 or Fantasik [not water] and moistened the contacts, leaving them wet as the cart is inserted)?

The problem with generics is that they sometimes have 'sleeping' chips on them. You need to treat them sometimes as if they were an old Nintendo Game Cartridge - to get an old game to work sometimes, you need to wet the contacts so they get a good connection when inserted. The same goes for all ink and toner cartridges that need a contact with another circuit to function. Make the contacts wet and see what happens.

MIND YOU - do NOT get any moisture on the DRUM which is near where you're going to be messing about with a liquid - that is why you need to apply it with a paper towel or napkin, so you don't ruin a \$100+ toner cartridge!

Good Luck!

A-N

2 more replies

i've done some researching online and found out that this supposedly irremovable program (when run by mcafee, anyway) may be the cause of my occasional system slow-downs. if you guys can suggest a way to get rid of it, that would be great.

here is my HJT logfile:

Logfile of HijackThis v1.99.1
Scan saved at 13:27:05, on 04/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe

A:Solved: generic pup problem

10 more replies

Its Trojan that has attached itself to one of my game files and every time excute the program it pops up and gives me a false positive.

I just registered today, i ran the scan i got the reports i need so where do i go from here?

~Syn
*********************************************

Heres my DDS.txt

DDS (Ver_09-01-07.01) - NTFSx86
Run by Dean at 23:05:29.89 on Thu 01/15/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3070.1897 [GMT -6:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

A:I have a Generic!Artemis problem

Mcaffe caught it by the way

1 more replies

Hi:

I'm having a problem with my computer. There's an error message that keeps opening up. It says "Generic Host Problem has encountered a problem and needs to close".
How can I get rid of this problem?
I have atached a Hijackthis log file.
Thanks.

More replies

Hi my comp was scanned with AVG and found some kind of Trojan generic17. Imd or somethinglike that. Each time I turn on the comp AVG says that some .dll file in windows system32 is infected by Trojan genric or anoher kind. I tried installing malwarebytes but I get an error saying can't find Mbab.exe. Also I get a windows error saying that it cannot find the .dll file called zeveluh.dll. Help please and thank you! I tried to get a respond for 6 days on another forum but no one responded. Thank you!

A:Trojan generic problem?

Sorry about posting it in the wrong section. scanned my comp again with avg and ad-aware and now it doesn't find anything but all the problems still exist including the avg warning about a trojan when my computer starts. Also I get random popups from IE when I'm surfing the net with firefox. The website is like cpvfeed. Thank you!!!

1 more replies

After finding the problem I seem to have on your help list and downloading and running the Hijack this program to generate a log I could do with a lttle help checking the boxes

A:Win 32 Generic Host Problem

7 more replies

generic host win32 encountered a problem - what is that and how can it be

fixed?
as you can see little glits.

thanks

rita g

A:generic host problem???

What is the exact error message and when do you receive it?

2 more replies

OK, I have been trying to deal with this problem myself for a few days now. I have gotten the pop up ads to cease when using the web, however, my McAfee still tells me that it has detected the Generic! Artemis trojan in C:\WINDOWS\system32|cliconf.dll. I cannot delete the file, I can't do anything with it in fact. MsAfee can't seem to touch it either. As a last resort before comletely wiping my hard drive, I figured I would give the HijackThis a try, here is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 7:45:38 AM, on 2/10/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16762)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Analog Devices\Core\smax4pnp.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\CyberLink\PowerDVD\DVDLauncher.exeC:\WINDOWS\system32\dla\tfswctrl.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Dell\Media Experience\DMXLauncher.exeC:\Program Files... Read more

A:Yet another problem with Generic!Atremis

Hi,

If you still need help with this post a fresh hjt log, please.

2 more replies

A:generic host process problem.

Hello,actually, I might need to edit this post, or reply to it, since I can't find the attach file option.That's because the Am I Infected forum does not allow attachments. Further, we do not analyze such logs in this forum.64 freaking views! zero replies! *sigh*View count includes everyone that looks at a topic: folks looking for a solution, guests, even yourself. That said, you're going to have to exercise patience. There are a LOT of people looking for assistance.That said,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them. Since you have run OTL, please include that log in the new topic.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

1 more replies

Hi Guys
There is a problem, I try to connect to broadband using a network cable, and it never picks up any IP Address and always says the limited connectivity icon, but yet I connect fine on Wireless Internet.

Then I always get a error message at start up saying a error with the Generic Host Process and it says something about IP Address.
HELP!

Andy

A:Problem with Generic Host Process on Win XP

It sounds like you need to make a new connection to connect to your router using the ethernet cable.

Which Windows op sys do you have?

6 more replies

We have a new Toshiba Satellite 80GB, Win/xp Home, Phys Mem
512, Svc pack 1.(I won't put SP2 on till I hear better
news), Norton 2004 AV,AVG,& lastly Zone Alarm(free version).

In the last few days a message has been showing up that
states "Generic Host Process for Win32 Services has
encountered a problem and needs to close. We are sorry for
the inconvenience". So am I.
There is an option to send a report to MS, which we have
done.When the error occurs we get disconnected from
the net and have to reboot to reconnect.
Since this machine is about two months old I can't imagine
why this is occurring.
I will post a HJT log if you ask.
Thanks...

A:Solved: Generic Host problem

12 more replies

When i am doing surfing.. suddenly i got this message" Generic Host Process for Win32 serviceshas encountered a problem and needs to close". (Picture Attached}. Please tell me what can be the problem.

Windows XP SP2 is installed.

A:Generic Host Process doing problem

Please someone help me on this...

1 more replies

More replies

A:Generic Host Process Problem

2 more replies

my computer is infected with win32/slenfbot! generic and I can't get rid of it. I've tried different free spyware but it never goes away.I know that it's effecting my computer performance, by running slower has lots of low threat viruses. Can you please help me.
sorry it took so long, here are the logs that you requested

DDS (Ver_09-06-26.01) - NTFSx86
Run by Admin at 22:27:30.63 on Thu 07/23/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.192 [GMT -4:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

A:win32/slenfbot!generic problem

hi.

Welcome to TSF once again.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe

-------------------------------------------------------------------------
Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

-----------------------------------------------------------------------
I am sorry to inform you that one or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

----------------------------------------------------------------------

Before beginning the fix, read this post completely. If there's any... Read more

17 more replies

Generic.Ardamax.5A6CA3D9

i dono how to get rid of it and/or cure the system of this problem
i have other viruses to but i wana fix this one right now

A:i have this problem Generic.Ardamax.5A6CA3D9

Hi, Welcome to TSG!!

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

1 more replies

Mainboard Asus P5L VM, intel E6420 core 2 duo, Vista premium 64 bit 2 gig ram, 250 gb sata drive geforce 8600 gt vid card.

My card reader has apparently stopped working tho I must admit I have not used it in about a month and as tower is at ground level I never noticed that power light on cardreader was not on. I don't know the name of the card reader wich was built in when I bought the system last month. I've had the card reader out to check for a name but there is none except for a barcode number. I do not recognise any names in the device manager which might point to the card reader. So I do not know which driver to look for.

I downloaded a generic driver from Driverguide but am not sure wehther to install it cos is say's os's 98 upwards to Win2K.

Anything else I can check before taking it back to the shop.

Many Thanks

i get the same problem every couple of weeks you need to unplug it then boot up into vista then plug it back in and it should work if its a similair problem to mine

ps i have noticed when it happens it gets halfway through the bootup and the light goes out and doesnt come back on
when its working properly the light goes out and comes straight back on

1 more replies

Hi, my laptop have been getting dis problem since last week. Im using norton antivirus and it does detect the virus and removes it but it just keeps coming back. I just used the HijackThis program suggested by another thread and this is the logfile i got. I hope you can help me about the problem. And another thing is that when i run lavasoft ad-aware SE Pro to fully scan my laptop after a while an error regarding winlog pops up and crashes my computer. Any reason why this happens?

Logfile of HijackThis v1.99.1
Scan saved at 9:22:29 PM, on 10/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe

A:Solved: Dialer.Generic Problem

8 more replies

Whenever I use IE or Firefox, an error box pop up saying 'generic host process is shutting down'. After that, a 60 seconds box pop up telling me that it is shutting down the computer.

This all start after I got (at least) two viruses on the computer. One was AntiVirus 2008 and the other was a virus that would cause me to goto 'asiuoqgusdbaked.com' when I search for things on the internet. I tried to remove them with McAfee antivirus, Malwarebytes and Smitfraudfix. The Antivirus 2008 is gone, I believe; but the 'asiuopgusdbaked.com' one is still.

What do I need to do?

Thanks.

A:Generic Host Process Problem

Hi and welcome to BC!I highly recommend posting here to get rid of those virus'. This sounds like a security vulnerability that Microsoft has patched, I also highly recommend visiting Windows Update first and getting all the updates possible.Regards,Adam

3 more replies

hi
i was getting the Generic host prob. as defined

Generic host process for win 32 services has encountered a problem and needs to close. we are sorry for inconvenience.

I install service pack 3.0 as recommended by many persons but sill i m getting this message again and again.

someone can help?

A:generic host problem for win32

Apply all of the patches below.

WindowsXP-KB921883-x86-ENU
WindowsXP-KB958644-x86-ENU

or Winsock xp Fix from http://www.snapfiles.com/get/winsockxpfix.html

http://en.kioskea.net/telecharger/te...-doors-cleaner
Run the program and Close port 445 & 135.

1 more replies

Hi

You guys really helped me 4 years ago on an old PC.

Now I have a new conundrum.

Yesterday, started getting new messages from AVG that there was a Trojan Horse dropper Generic_c mmi, in the Windows\system32\services.exe. It said it to ignore the threat

Nothing untoward happened until this morning, when the webbrowser (Chrome) started sending me to all kinds of different URLs, Facebook and Google Mail won't let me in due weak signature on a certificate, and I have a strange audio clip I can't stop.

I ran CC Cleaner and cleaned the junk.
I ran AVG scan, and it found 3 infections, 2 of which it cleaned, but it couldn't clean this one, it said: the object was white-listed (critical/system fix could not be removed)/

Any help would be appreciated.

DDS text is below:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by prnapper at 11:41:45 on 2012-06-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2933.912 [GMT 1:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

A:Trojan Horse Generic problem

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please be patient with me during this time.

19 more replies

about every other time I turn my comouter on I get a popup message saying Generic Host Process for Win32 services has encountered a problem and needs to close. I hit the debug button and I can still get on the internet but some of the features of IE7 do not work and addres bar and task bar look funny. if I restart computer everything is normal. can anyone help with this problem? thanks

A:Solved: generic host problem

8 more replies

On my Windows computer I think I have a block on adding new storage devices As if i plug in a usb hard drive I get a Yellow ! point under Storage Devices as well if I add a new sata HDD internally.
Any Ideas
Thanks for any help.

A:Generic volume yellow problem

What is this computers make and model? What version of Windows is it running?

4 more replies

I have encountered a new Trojan: Trojan Generic2_c AFKI problem. I am trying to download an update to Trend Micro's Housecall, but the update will not finish. I continue to get the error message that my internet connection has failed.My internet connection is fine. I have uploaded the screen shot.I have not tried to do the procedure in safemode. That is my next step.Many thanks,Harvey T.EDIT: Moved from XP to more appropriate Am I Infected forum ~ Hamluis>

A:Trojan Generic 2 c_AFKI problem

For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.When the installation begins, follow the prompts and do not make any c... Read more

3 more replies

I have Windows XP Pro. I formatted the disc and everything went fine until i had trouble installing a new printer. So i guess i deleted a "generic printer driver" ( I Was trying to install my printer,but since it kept giving me error messages what i did several times was to delete the driver and re-install). I guess i deleted a generic driver because now everytime i turn on the computer it finds a new hardware called "printer" but it cant find the driver!! So it is very annoying that everytime i turn on the computer even if i fallow the instructions on the plug and play screen, the computer never finds the driver. If i check what drivers are installed there is no visible information that there is a problem with any of the drivers. I am going crazy and do not know what to do but to re-format again my drive and install everything again. Any suggestions?

A:Generic Printer Driver problem

Try the method here, use the CD that came with the printer as the source for the driver(s) :-

http://www.laptopvideo2go.com/forum/index.php?showtopic=33

2 more replies

In my system Windows XP SP2 is installed and i scan the system with Lavasoft Adware, Spybot, Kaspersky Online Virus scan and everything is fine and updated. But still i am getting a "Generic Host Encountered problem in Win32 services" (image attached).

Please tell me how to solve i also installed the WindowsXP-KB894391-x86-ENU patch but all in vain. I am also adding a Hijackthis log file. Please help...this problem coming up when i start surfing the net..
Code:
Logfile of HijackThis v1.99.1
Scan saved at 11:21:42 PM, on 9/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Anti-Virus 6.0\avp.exe
C:\Program Files\WorldTime\WorldTime.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Anti-Virus 6.0\avp.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
D:\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\svchost.exe

More replies

Having problems with generic host process error, keeps cutting off wireless internet connection. Hijackthis log is below if that helps. Tried a few different virus scans and it is'nt finding anything wrong. Might just re-install windows. Any help would be great. Cheers.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 20:29:42, on 29/12/2010Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\SYSTEM32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\COMODO\COMODO Internet Security\cmdagent.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\ehome\ehtray.exeC:\WINDOWS\stsystra.exeC:\WINDOWS\system32\hkcmd.exeC:\WINDOWS\system32\igfxpers.exeC:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exeC:\Program Files\Common Files\AOL\1196793453\ee\AOLSoftware.exeC:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exeC:\Program Files\Alwil Software... Read more

A:Generic host process 32 problem

2 more replies

Hello!

Unfortunately, I have problem again. I didn't update my antivirus (BitDefender) program for some time, and I downloaded and run a patch for one program. Because my antivirus was not updated, it didn't detect that the patch was virus. After I updated my antivirus, and scanned my system, it found that the patch is virus, Trojan Generic. My antivirus deleted the patch, but considering that I already run that virus and that my computer is completely slow, I think that I am still infected.

A:Trojan Generic problem/ Moved

As no logs have been posted, I am shifting this topic from the specialized HJT forum to the Am I Infected forum.

PLEASE DO NOT NOW POST LOGS unless a log has been specifically requested.

Please tell us what your operating system is: Windows XP, Vista, etc.

What security programs do you have installed other than BitDefender?

Orange Blossom

11 more replies

I keep getting a variety of popups from "Resident shield alert" saying that I have a trojan call Backdoor.Generic 12.AAVT located in C:/WINDOWS/system32/drivers/intelppm.sys. I am frustrated and I really need some help to find out whats actually going on. I have run AVG, Ad-Aware, Malwarebytes', and Spybot. Nothing on all of them. I just keep "X-ing" out of the pop-ups because I am suspicious that I will actually just be downloading the virus if I acknowledge them. Please help!!!!Here is the DDS:DDS (Ver_09-12-01.01) - NTFSx86 Run by whiting field at 13:09:45.98 on Mon 01/25/2010Internet Explorer: 7.0.5730.13Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.356 [GMT -8:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exeC:\Program Files\AVG\AVG9\avgchsvx.exeC:\Program Files\AVG\AVG9\avgrsx.exesvchost.exeC:\Program Files\AVG\AVG9\avgcsrvx.exeC:\Program Files\Lavasoft\Ad-Aware\AAWService.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Apoint2K\Apoint.exeC:\Program Files\Atheros\ACU.exeC:\Program Files\Camera Assistant Software for Toshiba\tray... Read more

A:Backdoor Generic 12.AAVT Problem

2 more replies

I am running Windows XP SP 2. When my computer boots up in normal mode, usually right after I log in (sometimes after a minute or so), it gives the Generic Host Process problem and reboots. It lists a problem with my lsass.exe file. It works fine in safe mode. I have Trend Micro PC Cillin updated every day. Sorry for the lack of really specific information, this just happened a half hour before I had to go to work. I'll post more info once I get back to my comp. Thanks a bunch for your time and help.

A:Generic Host Process problem

You can check your event viewer for any critical problems that might have occured, and it will give you a little bit of a better desctiption of your problem.

BTW
:wave:Welcome to TechSpot:wave:

4 more replies

Hello,

I'm getting this error:
Generic Host for system 32 has encountered a problem.......
When it happens the error window opens and asks if I want to send the error report. This happens after my comp has been started for about 10 minutes of so. I have run several antivirus scans - Maywarebytes, Adaware, and ESET Nod32. All run in safe mode and all using Rootkill first. I have also tried system restore - Restore runs ok but problem still exists.
After the error window - things get weird. My task bar changes from royal blue to light blue, some programs are very slow or wont open, and now and then my network connections are lost and can't be reopened. Everything seems to work when I reboot for approx another 10 mins.

Below is my Hijack this log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:53:58 PM, on 5/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe

A:Generic System 32 has encountered a problem

14 more replies

Thanks to anyone who takes a look at this. My virus program keeps prompting me telling me that it can not remove this generic loader trojan it seems to be located in windows/system32dll, but I have no idea how to tell with these logs. Any help will be greatly appreciated. MY OS is windows XP Pro, and My AV is Macafee

Here is My hijack LOG:

Logfile of HijackThis v1.99.1
Scan saved at 2:14:43 PM, on 11/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Select the first option, to run Windows in Safe Mode, then press Enter.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

then when it has rebooted

* Double-click combofix.exe & follow the prompts.
* When finished, it shall produce a log for you. Post that log in your... Read more

1 more replies

Hi there folk

Every 20 - 30 minutes I get this message: Header reads "generic host process for Win32 services." The body reads "generic host process for win32 services has encounterd a problem and needs to stop."
l
It doesn't crash but although I'm still connecrted to the Intternet, I can't use it; A pop-up appears sayimg something like "Can't use phonebook" In fact nothing works, whichever Icon I hit. It's as if the link doesn't exist, and the only remedy is to reboot. I must have rebooted at lesr 25 - 30 times today alone! This message started about two weeks ago, but then it only appeared maybe once only, occaionally twice.

I was using AVG antivirrus, but a few days ao I bought BitDefender Internet security. This too found no viruses or malware - I update daily. Platform is XP home.

Can anyone tell me what is going on and to please suggest a remedy ?

Thanks

Larry (MoreProblems)

More replies