Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I NEED HELP [resolved]

Started by milanboy , Nov 14 2004 09:39 AM

Please log in to reply

#1
milanboy

Posted 14 November 2004 - 09:39 AM

Member

Member
10 posts

I GUYS ive this problem
Generic Host Process for Win32 Services
Generic Host Process for Win32 Services has encountered a problem and needs to close.

And the Data error report contained:

szAppName : szAppVer: 0.0.0.0 szModName: unknown szModVer: 0.0.0.0
offset: 00000000

i cant delete this virus someone coud help me please , i know its not sasser worm
i am try to delete this virus for few days please help me, all the anti-virus i use coud catch nathing

my mail is {edited for your protection <_<

}

#2
-=jonnyrotten=-

Posted 14 November 2004 - 02:38 PM

Member 2k

Retired Staff
2,678 posts

Please click the "Hijack This Guide" in my signature and download the latest version of Hijack This. Close all running programs and disconnect from the internet. Scan with Hijack this and save the log. Post the contents of the log to be analyzed. Please do not delete anything from the log yourself.

-=jonnyrotten=- <_<

#3
coachwife6

Posted 14 November 2004 - 02:40 PM

SuperStar

Retired Staff
11,413 posts

Hi Milanboy. Welcome to GTG. <_<

Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log back here with the results.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.

#4
milanboy

Posted 14 November 2004 - 08:07 PM

Member

Topic Starter
Member
10 posts

Logfile of HijackThis v1.98.2
Scan saved at 2:05:21, on 15-11-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sporting.pt/
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~1\Toolbar\cnbabe.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [tcactive] C:\Programas\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Programas\The Cleaner\tcm.exe
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100207615109
O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}

#5
-=jonnyrotten=-

Posted 14 November 2004 - 08:22 PM

Member 2k

Retired Staff
2,678 posts

Go to control panel, add/remove programs and uninstall all toolbar/searchbars except for google (if you have it)
Reboot.

Rescan your computer with hijack this and put a check in the box next to the following line.
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~1\Toolbar\cnbabe.dll
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe

Please reboot into safe mode - How do I boot into "Safe" mode?.
Be sure you're able to view hidden files, and remove the following files in bold (if found):

C:\PROGRA~1\COMMON~1\Toolbar
Run a search for this file: vpc32.exe Delete it.

Reboot and post new log. Do you use norton antivirus? If you don't then remove this line also.

-=jonnyrotten=- <_<

#6
milanboy

Posted 15 November 2004 - 11:26 AM

Member

Topic Starter
Member
10 posts

Logfile of HijackThis v1.98.2
Scan saved at 17:24:41, on 15-11-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programas\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sporting.pt/
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~1\Toolbar\cnbabe.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [tcactive] C:\Programas\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Programas\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100207615109
O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}

i ve done all indications

#7
-=jonnyrotten=-

Posted 15 November 2004 - 11:50 AM

Member 2k

Retired Staff
2,678 posts

Restart into safe mode and use hijack this to remove these entries:

O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~1\Toolbar\cnbabe.dll (file missing)
O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}

Tell us how your system is working.. <_<

-=jonnyrotten=-

#8
milanboy

Posted 15 November 2004 - 12:49 PM

Member

Topic Starter
Member
10 posts

tanks for help but i still whith the same problem

Generic Host Process for Win32 Services
Generic Host Process for Win32 Services has encountered a problem and needs to close.

And the Data error report contained:

szAppName : szAppVer: 0.0.0.0 szModName: unknown szModVer: 0.0.0.0
offset: 00000000

next i see the report and i have this two files

c: DOCUME~1\ANDRE~1.LOB\DEFINI~1\TEMP\WER2.TEMP.DIR00\SVCHOST.EXE.MDMP

c: DOCUME~1\ANDRE~1.LOB\DEFINI~1\TEMP\WER2.TEMP.DIR00\APPCOMPAT.TXT

PLEASE COUD YOU HELP TO SLOVE THIS I APPRICIATE

THANK YOU

#9
admin

Posted 15 November 2004 - 01:36 PM

Founder Geek

Community Leader
24,639 posts

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin
Click OK and Disk Cleanup will delete those files for you.

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working. <_<

#10
milanboy

Posted 16 November 2004 - 11:40 AM

Member

Topic Starter
Member
10 posts

Logfile of HijackThis v1.98.2
Scan saved at 17:35:14, on 16-11-2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sporting.pt/
O2 - BHO: BabeIE - {00000000-0000-0000-0000-000000000000} - C:\PROGRA~1\COMMON~1\Toolbar\cnbabe.dll (file missing)
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programas\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL
O4 - HKLM\..\Run: [tcactive] C:\Programas\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Programas\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe
O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\freescan\freescan.exe -FastScan
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: ppctlcab - http://www.pestscan....er/ppctlcab.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100207615109
O18 - Protocol hijack: cn - {9346A6BB-1ED0-4174-AFB4-13CD4EC0AA40}

#11
milanboy

Posted 16 November 2004 - 11:41 AM

Member

Topic Starter
Member
10 posts

Server=watson.microsoft.com
UI LCID=2070
Flags=99090
Brand=WINDOWS
TitleName=Generic Host Process for Win32 Services
DigPidRegPath=HKLM\Software\Microsoft\Windows NT\CurrentVersion\DigitalProductId
RegSubPath=Microsoft\PCHealth\ErrorReporting\DW
ErrorText=Se estava a trabalhar em algo, a informação que estava a utilizar pode ser perdida.
Stage1URL=
Stage1URL=/StageOne//0_0_0_0/unknown/0_0_0_0/00000000.htm
Stage2URL=
Stage2URL=/dw/stagetwo.asp?szAppName=&szAppVer=0.0.0.0&szModName=unknown&szModVer=0.0.0.0&offset=00000000
DataFiles=C:\DOCUME~1\ANDRE~1.LOB\DEFINI~1\Temp\WER3.tmp.dir00\svchost.exe.mdmp|C:\DOCUME~1\ANDRE~1.LOB\DEFINI~1\Temp\WER3.tmp.dir00\appcompat.txt
Heap=C:\DOCUME~1\ANDRE~1.LOB\DEFINI~1\Temp\WER3.tmp.dir00\svchost.exe.hdmp
ErrorSubPath=\0.0.0.0\unknown\0.0.0.0\00000000

how i do to stop this files enter in my cpu i ive clean all this type of files but the come in again to my cpu

#12
milanboy

Posted 17 November 2004 - 12:59 PM

Member

Topic Starter
Member
10 posts

please somebody help me

#13
-=jonnyrotten=-

Posted 17 November 2004 - 01:05 PM

Member 2k

Retired Staff
2,678 posts

Did you clean your temp files out?

-=jonnyrotten=-

#14
milanboy

Posted 17 November 2004 - 02:01 PM

Member

Topic Starter
Member
10 posts

can i clean all my temp files whith no error in pc sll the syteams will work

#15
coachwife6

Posted 17 November 2004 - 10:04 PM

SuperStar

Retired Staff
11,413 posts

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Please delete your temporary files. Double Click My Computer (WinXP: Navigate to Start --->My Computer)
You will see an icon representing your harddrive (most likely C: Drive) Right Click on the hard drive icon and click Properties at the
bottom of the fly out window. One the very first tab (General) you will see a button labeled "Disk Cleanup"...click that button.
Make sure the following are checked:
Downloaded Program Files
Temporary Internet Files and
Recycle Bin
Click OK and Disk Cleanup will delete those files for you.

Reboot your PC.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and let us know how your system's working.