0

Hi!
Every time I connetct to the Internet this error comes up "Generic Host Process for Win32 Services" and afer i click the option send/don't send error report everything freezes and I have to restart the computer.

Logfile of HijackThis v1.99.1
Scan saved at 12:21:58 PM, on 5/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\user\My Documents\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 80.96.19.1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.96.19.1:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 81.181.30.*
81.181.31.*;<local>
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [mwavscan] "C:\Kaspersky\mwavscan.com" /s
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsysmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Can you please help me?
Thanks

5
Contributors
5
Replies
6
Views
12 Years
Discussion Span
Last Post by hubox1
0

Hi dragos, welcome to DaniWeb :D

I've split your post into it's own thread so the fixes don't get confused.

Scan with hijackthis and have it fix the following entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R3 - Default URLSearchHook is missing
If these IP addresses are not related to your ISP, have HJT fix the related R1 entries also -- 80.96.19.1, 81.181.30, and 81.181.31.
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: NT login service (ntlogin32) - Unknown owner - C:\WINDOWS\System32\libsysmgr.exe (file missing)

Be sure to close any open windows, other then hijackthis, before hitting Fix checked.

Go to the following locations and delete the highlighted files:

C:\WINDOWS\web\related.htm
C:\WINDOWS\System32\libsysmgr.exe

Reboot; if the problem still exists, try this:

Put your XP CD into your CD drive.

Click Start, Run, and type SFC /SCANNOW into the box (note the space before the /), and then click OK.

Close any open browser windows, scan with hijackthis, and post a new log please.

0

do all the thing that were said by others .i belive that wont solve the problem as it didnt solved my problem. see, any thing u want to tackle u need to know the cause of it.actually the problem of getting the internet dead after sometime when to connect in the internet is the problem of a WORM. if u delete the worm or u close the path of its operation then only u win. i am sending a file which will kill the worm it worked for me may be it will work for u, unless not so damage has been done to ur system. u can mail me on moumitsjinx@gmail.com. click all the buttons of the programs.if problem arises ask for help by putting the name of the program in google.

0

do all the thing that were said by others .i belive that wont solve the problem as it didnt solved my problem. see, any thing u want to tackle u need to know the cause of it.actually the problem of getting the internet dead after sometime when to connect in the internet is the problem of a WORM. if u delete the worm or u close the path of its operation then only u win. i am sending a file which will kill the worm it worked for me may be it will work for u, unless not so damage has been done to ur system. u can mail me on moumitsjinx@gmail.com. click all the buttons of the programs.if problem arises ask for help by putting the name of the program in google.

THAT IS A DISGRACEFUL LIE!!! I downloaded the link and installed the program, only to be alerted that "wwdc" was a virus. it is an atrocity that your presence and malicious link are maintained on what proclaims itself as a safe, informative site. my positive thoughts have dropped greatly.

0

Probably a false positive, but I have removed the file anyway seeing how this thread is a little long in the tooth :).

0

You've got it, mate. I guess I was a tad grumpy and not a little surprised. also, the topic was quite the fossil, but following "dlh6213" s advice, has healed the problem for me. thank you! :)

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.