PDA

View Full Version : Generic Host Process Failed



csinclair83
18-04-2009, 12:12 PM
Heya
am writing this 4 mum - shes emailed me with a computer problem and I cant seem to figure it out.

Shes with slingshot and has xcelerator installed - dialup.

Lately shes had a window pop up saying "Generic Host Process Win32" has failed and needs to be shut down. and if i want an error report sent to microsoft etc...

when shes shut it down it forces her internet to cut off and it hangs as well - the 2 window symbol is still showing as connected but internet hangs by not loading and if u try going on a website it asks if u want to connect so she clicks connect then it says modem still active....


avg is updated and did a scan and all clean - am thinking of getting her to download hijack this and posting a log - let me know if needed :)

feersumendjinn
18-04-2009, 01:13 PM
Try this
http://majorgeeks.com/download4372.html
or do this in Vista
http://www.mydigitallife.info/2007/06/18/repair-and-reset-windows-vista-tcpip-winsock-catalog-corruption/

csinclair83
18-04-2009, 01:26 PM
Sorry yeah its XP Service Pack 1...got her downloading that fix and spybot...

heres the hijack log


Logfile of HijackThis v1.99.1
Scan saved at 11:59:43 AM, on 4/18/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\System\MSASP32.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
C:\Program Files\Slingshot Xcelerator\slipcore.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB EP.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Slingshot Xcelerator\components\NOWImaging.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Slingshot Xcelerator\slipcore.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX3900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB EP.EXE /FU "C:\WINDOWS\TEMP\E_S83.tmp" /EF "HKCU"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Slingshot Xcelerator.lnk = C:\Program Files\Slingshot Xcelerator\slipgui.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/ZwinkyInitialSetup1.0.1.0.cab
O16 - DPF: {EF732B7C-BFF6-49B1-A32C-3C74C318FDCC} (VPlayer Control) - http://www.thesecret.tv/movie/player/player_ocx.jpeg
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9068CA5-BFFB-41ED-9530-57EE0BC424FC}: NameServer = 202.180.64.10 202.180.64.11
O23 - Service: Advance Service Process - Unknown owner - C:\Program Files\Common Files\System\MSASP32.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Windows Hosts Controller - Unknown owner - C:\WINDOWS\Fonts\unwise_.exe

feersumendjinn
18-04-2009, 01:49 PM
O23 - Service: Windows Hosts Controller - Unknown owner - C:\WINDOWS\Fonts\unwise_.exe
This looks suss, but wait for Speedy or WT to have a look.

Speedy Gonzales
18-04-2009, 01:56 PM
I would update the service pack for a start. Youre asking for trouble

Yup that entry Feer posted looks suss. Disable system restore.

Tick these then tick fix checked

Close browsers

Then update XP

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

This maybe suss

C:\Program Files\Common Files\System\MSASP32.exe

This maybe spyware

C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE

O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...tup1.0.1.0.cab

O23 - Service: Advance Service Process - Unknown owner - C:\Program Files\Common Files\System\MSASP32.exe

O23 - Service: Windows Hosts Controller - Unknown owner - C:\WINDOWS\Fonts\unwise_.exe

Reboot then get trojan remover / malwarebytes below. Update both then scan. Then select all options under utilities in trojan remover

Blam
18-04-2009, 03:27 PM
This maybe spyware

C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE


That is VERY nasty..download SpywareTerminator and perform a full scan, then post a fresh HJT log.

Blam

csinclair83
18-04-2009, 05:25 PM
just an update -
went around to hers..
Have installed latest updates to SP3....
fixed what was required in HJT...
currently downloading spyware terminator
will post new HJT when completed

csinclair83
19-04-2009, 10:24 AM
heya
finally got it all fixed I think - no generic error since spyware scans etc last night but who knows if I'm speaking 2 soon...

heres the latest HJT... HMMM...i removed DSS agent via spyware and restarted just b4 the scan but its still showing in HJT...is tehre another removal tool?
Spyware terminator is uptodate with latest one (did the update this morning)

Logfile of HijackThis v1.99.1
Scan saved at 9:23:34 AM, on 4/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Slingshot Xcelerator\slipcore.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB EP.EXE
C:\Program Files\Slingshot Xcelerator\slipgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spyware Terminator\SpywareTerminator.exe
C:\WINDOWS\system32\OOBE\msoobe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

csinclair83
19-04-2009, 10:27 AM
ok now I'm confused - Just posted the posting and noticed dssagent not there but in HJT window it shows up there...

Speedy Gonzales
19-04-2009, 10:32 AM
Where's all the entries in startup, in your last log??

I cant see dssagent, in your last log

Get malwarebytes and trojan remover, like I posted in the 5th post

csinclair83
19-04-2009, 10:46 AM
i've done trojan...

heres a new HJT incase I stuffed the last one 1...

ahh - spyware terminator blocked something...i just clicked ok, but have shut down terminator and did HJT...

and oddly this time dssagent is gone...but thats a good thing!!

Logfile of HijackThis v1.99.1
Scan saved at 9:46:33 AM, on 4/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Slingshot Xcelerator\slipcore.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB EP.EXE
C:\Program Files\Slingshot Xcelerator\slipgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\OOBE\msoobe.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.stuff.co.nz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Slingshot Xcelerator\components\NOWImaging.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Slingshot Xcelerator\slipcore.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [EPSON Stylus CX3900 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIB EP.EXE /FU "C:\WINDOWS\TEMP\E_S83.tmp" /EF "HKCU"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Slingshot Xcelerator.lnk = C:\Program Files\Slingshot Xcelerator\slipgui.exe
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Slingshot Xcelerator\gui_resource.dll/327
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Slingshot Xcelerator\gui_resource.dll/328
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {EF732B7C-BFF6-49B1-A32C-3C74C318FDCC} (VPlayer Control) - http://www.thesecret.tv/movie/player/player_ocx.jpeg
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9068CA5-BFFB-41ED-9530-57EE0BC424FC}: NameServer = 202.180.64.10 202.180.64.11
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Speedy Gonzales
19-04-2009, 10:49 AM
These dont have to be in startup

O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

csinclair83
19-04-2009, 10:56 AM
ok will remove those...
I've been connected 2hrs now and no generic error...
will try again lata see what happens :)

Speedy Gonzales
19-04-2009, 11:07 AM
Cool, that should be it then !

Does Xcelerator actually make it faster?? If it doesnt uninstall it