Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Frequent Generic Host Process Problem on Windows XP SP3 (fault module: msi.dll - DCOM error while starting gupdate.)


  • This topic is locked This topic is locked
2 replies to this topic

#1 abycrack

abycrack

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:43 AM

Posted 01 January 2012 - 04:11 PM

I have already started a topic about the preliminary observations made for this error here:
My Original Error Topic Link Here

There are total of 2 posts by me there. Because I was asked to post log details for malware examination here so I have started this topic.I was asked there to follow basic malware removal steps from step 6 onwards.
There were a couple of hiccups when doing those procedures but I think they were mainly due to high processor usage leading once to Hanging Up of computer (perhaps due to processor going into some sort of infinite loop and I had to hard-restart) and then a Blue Screen of Death both while running DDS. But I don't suspect malware activity here(about the DDS thing) as my PC has a habit of crashing occasionally when processor fluctuates too much or sometimes it used to do so with PFNList corrupt indicating some RAM problem (My earlier RAM of 1 GB was recently proving to be too inadequate, however now I have upgraded it to 2 GB).

I suggest that you read my original topic(2 posts by me 1 reply by Broni as of now) from above link and tell me how to get rid of this error as well as the Google Update services.

Nevertheless I was able to complete the entire procedure and here are the logs :(DDS.txt pasted here as required and Attach.txt and ark.txt attached)

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.1
Run by Owner at 1:21:01 on 2012-01-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1491 [GMT 5.5:30]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
E:\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
E:\My Education\Troubleshooting\Cpu 99perc by explorerExe when in mp4 folder\ProcessExplorer\procexp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - e:\micros~1\office12\GRA8E1~1.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [GrooveMonitor] "e:\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
mPolicies-explorer: MaxRecentDocs = 18 (0x12)
mPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
mPolicies-explorer: MemCheckBoxInRunDlg = 1 (0x1)
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - e:\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - e:\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - e:\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - e:\micros~1\office12\GR99D3~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - e:\micros~1\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\vik3soub.default\
FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\new_plugin\npjp2.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-3 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-3 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-3 20568]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-3 44768]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2011-12-3 10752]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-12-3 1691480]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-3 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-3 136176]
.
=============== Created Last 30 ================
.
2011-12-31 14:17:01 -------- d-----w- c:\windows\OPTIONS
2011-12-30 17:14:07 -------- d-----w- c:\documents and settings\owner\local settings\application data\Sun
2011-12-29 08:23:11 -------- d-----w- c:\documents and settings\owner\.m2
2011-12-29 08:21:47 -------- d-----w- c:\documents and settings\owner\.netbeans
2011-12-28 14:23:10 -------- d-----w- c:\documents and settings\owner\.nbi
2011-12-28 14:07:48 -------- d-----w- c:\documents and settings\owner\application data\JCreator
2011-12-28 14:07:48 -------- d-----w- c:\documents and settings\all users\application data\JCreator
2011-12-28 14:06:03 -------- d-----w- c:\program files\Xinox Software
2011-12-28 13:32:16 -------- d-----w- c:\windows\system32\appmgmt
2011-12-28 13:27:22 -------- d-----w- c:\program files\Oracle
2011-12-28 13:23:19 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2011-12-26 05:28:11 1589248 ----a-w- c:\windows\system32\libmysql_d.dll
2011-12-26 05:10:22 -------- d-----w- c:\documents and settings\all users\application data\MySQL
2011-12-19 21:53:49 567184 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-19 21:53:49 141312 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-19 00:01:11 -------- d-----w- c:\documents and settings\owner\local settings\application data\Apple Computer
2011-12-16 09:37:03 -------- d-----w- c:\documents and settings\owner\local settings\application data\PCHealth
2011-12-11 12:33:15 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2011-12-11 12:33:15 32592 ----a-w- c:\windows\system32\msonpmon.dll
2011-12-11 12:27:16 -------- d-----w- c:\windows\SHELLNEW
2011-12-11 12:26:29 -------- d-----w- c:\documents and settings\owner\local settings\application data\Microsoft Help
2011-12-03 12:51:25 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-12-03 09:22:09 180224 ----a-w- c:\windows\system32\WinVd32.sys
2011-12-03 09:22:07 7680 ----a-w- c:\windows\system32\WinFLsrv.exe
2011-12-03 09:22:07 10752 ----a-w- c:\windows\system32\WinFLdrv.sys
2011-12-03 09:22:06 -------- d-sh--w- c:\documents and settings\owner\application data\.#
2011-12-03 09:21:30 -------- d-----w- c:\program files\Folder Lock 6
2011-12-03 09:10:45 -------- d-----w- c:\documents and settings\owner\application data\ProgSense
2011-12-03 09:10:38 -------- d-----w- C:\downloads
2011-12-03 09:10:38 -------- d-----w- c:\documents and settings\owner\application data\GrabPro
2011-12-03 09:10:34 -------- d-----w- c:\program files\Orbitdownloader
2011-12-03 08:56:16 -------- d-----w- c:\documents and settings\owner\local settings\application data\Opera
2011-12-03 08:33:25 75208 ----a-w- c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
2011-12-03 08:28:11 -------- d-----w- c:\program files\uTorrent
2011-12-03 08:27:05 -------- d-----w- c:\documents and settings\owner\application data\uTorrent
2011-12-03 08:13:51 -------- d-----w- c:\program files\Wise Registry Cleaner
2011-12-03 08:06:56 -------- d-----w- c:\program files\The KMPlayer
2011-12-03 08:04:38 -------- d-----w- c:\program files\VideoLAN
2011-12-03 08:01:35 -------- d-----w- c:\program files\BurnAware Free
2011-12-03 07:53:30 -------- d-----w- c:\documents and settings\owner\application data\URSoft
2011-12-03 07:53:26 -------- d-----w- c:\program files\Your Uninstaller 2008
2011-12-03 07:42:19 -------- d-sh--w- c:\documents and settings\owner\IECompatCache
2011-12-03 07:40:57 -------- d-sh--w- c:\documents and settings\owner\PrivacIE
2011-12-03 07:31:21 -------- d-----w- c:\documents and settings\owner\local settings\application data\Google
2011-12-03 07:31:18 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-03 07:31:07 41184 ----a-w- c:\windows\avastSS.scr
2011-12-03 07:30:57 -------- d-----w- c:\program files\AVAST Software
2011-12-03 07:30:57 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-12-03 07:12:12 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-12-03 07:12:11 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-12-03 07:12:10 52864 ----a-w- c:\windows\system32\drivers\DMusic.sys
2011-12-03 07:12:09 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-12-03 07:12:08 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-12-03 07:12:08 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-12-03 07:12:07 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-12-03 07:12:06 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2011-12-03 07:12:05 7552 ----a-w- c:\windows\system32\drivers\MSKSSRV.sys
2011-12-03 07:12:04 4992 ----a-w- c:\windows\system32\drivers\MSPQM.sys
2011-12-03 07:12:02 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2011-12-03 06:53:04 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-12-03 06:48:04 -------- d-----w- c:\program files\Realtek
2011-12-03 06:48:02 1251944 ----a-w- c:\windows\RtlExUpd.dll
2011-12-03 06:48:01 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2011-12-03 06:48:01 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2011-12-03 06:48:01 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-12-03 06:48:01 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2011-12-03 06:48:01 204800 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2011-12-03 06:48:00 757760 ----a-w- c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2011-12-03 06:45:43 -------- d-----w- c:\windows\system32\ReinstallBackups
2011-12-03 06:45:41 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-12-03 06:45:20 -------- d-----w- C:\Intel
2011-12-03 06:29:25 -------- d-----w- c:\program files\MediaLooks
2011-12-03 06:29:24 90112 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-12-03 06:29:24 57344 ----a-w- c:\windows\system32\QuickTime.qts
2011-12-03 06:29:20 -------- d-----w- c:\program files\QuickTime Alternative
2011-12-03 06:28:42 -------- d-----w- c:\program files\Foxit Software
2011-12-03 06:28:42 -------- d-----w- c:\documents and settings\owner\application data\Foxit
2011-12-03 06:28:39 -------- d-----w- c:\program files\Unlocker
2011-12-03 06:28:29 -------- d-----w- c:\windows\Downloaded Installations
2011-12-03 06:28:25 -------- d-----w- c:\program files\UPHClean
.
==================== Find3M ====================
.
2011-12-02 22:43:09 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 1:21:45.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:13 AM

Posted 06 January 2012 - 12:00 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system. [/b]
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,768 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:13 AM

Posted 12 January 2012 - 09:01 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users