Generic host

Could be a worm or trojan (http://startup.iamnotageek.com/srch-Generic%20Host%20Process%20for%20Win32%20Services.html)

I suggest you get the self-extracting version of HijackThis from here (in line 2):
http://www.malwareremoval.com/downloads.html

Close any open browser windows, 'Scan and Save Log' with hijackthis, copy the log and paste it into a new thread in the Virus forum.

Windows uses generic host processes to connect apps to the network on behalf of the app. Basically, it acts as a proxy to protect other processes. However, this also allows malware from getting access to the network without being detected by the destination host because it thinks it is coming from a legitimate service. If you don't know what apps are using the generic host processes, then I would suggest you follow dlh6312's advice.

Andy

Hello!
Thanks for your reply!
I did as you said.
Here is the result:

Logfile of HijackThis v1.99.1
Scan saved at 14:40:25, on 2005/04/27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\CAP4RSK.EXE
C:\WINDOWS\System32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Downloads\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Bookshelf検索(&L) - res://C:\Program Files\Microsoft Reference\Microsoft Bookshelf 3.0\bsdef.dll/#1001
O8 - Extra context menu item: Microsoft Excel エクスート(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.vaio.sony.co.jp/
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5763F8E8-0DD7-4A0F-ADB0-9F64C8F2C349} (Pixami/Snapfish Upload UI Control) - http://www.snapfish.com/SnapfishUploader.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} - http://www.imagestation.com/common/classes/batchdwnl.cab?version=4,3,2,20802
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096515566766
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} ( On-Line Scan) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://digitalflip.net/fvlite/fvliteY.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/ydropper/ydropper1_4us.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,5,0,4323/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7255124B-0BB2-4A70-84F5-3F76B256E950}: NameServer = 164.161.40.121,164.161.161.21
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = minato.tokyo-u-fish.ac.jp,tokyo-u-fish.ac.jp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = minato.tokyo-u-fish.ac.jp,tokyo-u-fish.ac.jp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = minato.tokyo-u-fish.ac.jp,tokyo-u-fish.ac.jp
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO SonicStage Server (Application) (VAIOMediaPlatform-SonicStage-AppServer) - Unknown owner - C:\Program Files\sony\SonicStage\SSSvr\SSSvr.exe" /Service=VAIOMediaPlatform-SonicStage-AppServer /displayName=VAIO SonicStage Server (Application) (file missing)

At first glance I don't see anything blantantly obvious that shouldn't be there. So, my next suggestion would be to Google each of the processes that you don't recognize to find out what they are. The process may be legitimate.

Andy

As nicentral noted, there are no obviously suspicious or abnormal processes/programs listed in your log.

It keeps appearing in my computer when I have to restart

If you are saying that you get an error or message concerning the process, please post the full contents of the message. If you mean something else, please be more specific.

Thank you very much for your help!!

You're welcome. :)

Did you find out where the error/message/whatever was coming from?

HI!
No, I didnt find... my computer is in japanese, so I dont understand what it says... but lately thiat message it is not appearing anymore...
Thanks again
Ceci