Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Win32 error - help me, please!
- Thread starter kumar86
- Start date
Reading some of these threads may help you.
You could see if System Restore does anything if you use it to return to a point when everything worked.
I was reading an error report from Microsoft the other day, that indicated there was a known problem with Eset's NOD32 antivirus software that caused this type of error, are you running that?
Have you looked in your Event Viewer for any clues?
What are you doing when this error occurs, is it random or repeatable?
If anyone can access your machine perhaps you should look at improving your security, do you use passwords?
Removing adware & spyware
faq608-4650
Try the free version of "Ewido"
Windows Defender
310353 - How to Perform a Clean Boot in Windows XP
316434 - HOW TO: Perform Advanced Clean-Boot Troubleshooting in Windows XP
310560 - How to Troubleshoot By Using the Msconfig Utility in Windows XP
You could see if System Restore does anything if you use it to return to a point when everything worked.
I was reading an error report from Microsoft the other day, that indicated there was a known problem with Eset's NOD32 antivirus software that caused this type of error, are you running that?
Have you looked in your Event Viewer for any clues?
What are you doing when this error occurs, is it random or repeatable?
If anyone can access your machine perhaps you should look at improving your security, do you use passwords?
Removing adware & spyware
faq608-4650
Try the free version of "Ewido"
Windows Defender
310353 - How to Perform a Clean Boot in Windows XP
316434 - HOW TO: Perform Advanced Clean-Boot Troubleshooting in Windows XP
310560 - How to Troubleshoot By Using the Msconfig Utility in Windows XP
- Thread starter
- #3
How System Restore Works
- Thread starter
- #5
- Thread starter
- #6
Start, Run, CMD
tasklist /svc
Write down the entries shown to the right of any svchost entry and report them back here. You can copy for a copy/paste back here by highlighting the tasklist output, left clicking at top left the little DOS icon, Edit, Copy
tasklist /svc
Write down the entries shown to the right of any svchost entry and report them back here. You can copy for a copy/paste back here by highlighting the tasklist output, left clicking at top left the little DOS icon, Edit, Copy
- Thread starter
- #9
Start, Run, CMD
tasklist /svc doesnt seem to work...
it says: 'tasklist'is not recognized as an internal or external comand, operable program or batch file"
I haven't tried using Safe Mode or Normal Mode.
I also get another error after the "Generic Host Process for Win32 Service" which is called
"svchost.exe - Apllication Error" and it says: "The instruction at "0x77c43dbd" referenced memory at "0x41414141". The memory could not be "written".
Click on OK to terminate program
Click to CANCEL to debug the program
tasklist /svc doesnt seem to work...
it says: 'tasklist'is not recognized as an internal or external comand, operable program or batch file"
I haven't tried using Safe Mode or Normal Mode.
I also get another error after the "Generic Host Process for Win32 Service" which is called
"svchost.exe - Apllication Error" and it says: "The instruction at "0x77c43dbd" referenced memory at "0x41414141". The memory could not be "written".
Click on OK to terminate program
Click to CANCEL to debug the program
This must be XP Home.
Users of XP home do not have tasklist.exe by default. You may download it from one of these two sites:
Users of XP home do not have tasklist.exe by default. You may download it from one of these two sites:
- Thread starter
- #11
K i'll get on that when i get back from work...but here's a log from hijackthis if it helps at all
Logfile of HijackThis v1.99.1
Scan saved at 9:23:00 AM, on 8/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Alan\Desktop\Homework\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - (file missing)
O16 - DPF: Yahoo! Chess - O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Windows Update Service (muamgrd) - Unknown owner - C:\WINDOWS\System32\muamgrd.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 9:23:00 AM, on 8/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\dwwin.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Alan\Desktop\Homework\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: (no name) - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - (file missing)
O16 - DPF: Yahoo! Chess - O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Windows Update Service (muamgrd) - Unknown owner - C:\WINDOWS\System32\muamgrd.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
- Thread starter
- #12
k i got the tasklist goin...heres what it says:
Image Name PID Services
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 600 N/A
csrss.exe 648 N/A
winlogon.exe 672 N/A
services.exe 716 Eventlog, PlugPlay
lsass.exe 728 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 904 RpcSs
svchost.exe 1008 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
lanmanserver, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
ShellHWDetection, TapiSrv, TermService,
Themes, TrkWks, uploadmgr, W32Time, winmgmt,
wuauserv, WZCSVC
svchost.exe 1144 Dnscache
svchost.exe 1192 LmHosts, SSDPSRV, WebClient
spoolsv.exe 1368 Spooler
explorer.exe 1648 N/A
GWInkMonitor.exe 1728 N/A
ctfmon.exe 1780 N/A
ewidoctrl.exe 1872 ewido security suite control
mdm.exe 1892 MDM
svchost.exe 164 stisvc
wdfmgr.exe 176 UMWdf
wuauclt.exe 2044 N/A
msnmsgr.exe 968 N/A
dwwin.exe 1320 N/A
IEXPLORE.EXE 1308 N/A
dwwin.exe 1444 N/A
cmd.exe 424 N/A
dwwin.exe 1276 N/A
tasklist.exe 1124 N/A
wmiprvse.exe 1664 N/A
Image Name PID Services
========================= ====== =============================================
System Idle Process 0 N/A
System 4 N/A
smss.exe 600 N/A
csrss.exe 648 N/A
winlogon.exe 672 N/A
services.exe 716 Eventlog, PlugPlay
lsass.exe 728 PolicyAgent, ProtectedStorage, SamSs
svchost.exe 904 RpcSs
svchost.exe 1008 AudioSrv, BITS, Browser, CryptSvc, Dhcp,
ERSvc, EventSystem,
FastUserSwitchingCompatibility, helpsvc,
lanmanserver, lanmanworkstation, Netman,
Nla, RasMan, Schedule, seclogon, SENS,
ShellHWDetection, TapiSrv, TermService,
Themes, TrkWks, uploadmgr, W32Time, winmgmt,
wuauserv, WZCSVC
svchost.exe 1144 Dnscache
svchost.exe 1192 LmHosts, SSDPSRV, WebClient
spoolsv.exe 1368 Spooler
explorer.exe 1648 N/A
GWInkMonitor.exe 1728 N/A
ctfmon.exe 1780 N/A
ewidoctrl.exe 1872 ewido security suite control
mdm.exe 1892 MDM
svchost.exe 164 stisvc
wdfmgr.exe 176 UMWdf
wuauclt.exe 2044 N/A
msnmsgr.exe 968 N/A
dwwin.exe 1320 N/A
IEXPLORE.EXE 1308 N/A
dwwin.exe 1444 N/A
cmd.exe 424 N/A
dwwin.exe 1276 N/A
tasklist.exe 1124 N/A
wmiprvse.exe 1664 N/A
Yahoo toolbar is inconsistent with XP security updates.
Virus:
zangocash is Adware, and blamed for IE instability.
DAP is adware.
ipfox.com is a URL redirector.
dwwin.exe -- Dr. Watson. You should disable this for now.
I would start by having HijackThis "fix" any entry above where it shows "file missing".
Virus:
zangocash is Adware, and blamed for IE instability.
DAP is adware.
ipfox.com is a URL redirector.
dwwin.exe -- Dr. Watson. You should disable this for now.
I would start by having HijackThis "fix" any entry above where it shows "file missing".
UPDATE YOUR COPY OF XP!!!
according to HiJackThis you have SP1 meaning that you are missing SP2 Updates and all these HotFixes:
KB834707 KB867282 KB873333 KB873339 KB883939 KB884020 KB884883 KB885222 KB885250 KB885626 KB885835 KB885836 KB885884 KB885894 KB886185 KB886677 KB886716 KB887472 KB887742 KB887797 KB888113 KB888302 KB889016 KB890046 KB890047 KB890175 KB890831 KB890859 KB890923 KB891781 KB893066 KB893086 KB893357 KB893756 KB893803V2 KB894391 KB896256 KB896358 KB896422 KB896423 KB896424 KB896428 KB896626 KB896688 KB896727 KB899271 KB899587 KB899588
KB899589 KB899591 KB900725 KB901017 KB901190 KB901214 KB902400 KB903235 KB904706 KB905414 KB905749 KB905915 KB906569 KB908519 KB908531 KB911280 KB911562 KB911567 KB911927 KB912812 KB912919 KB913446 KB913580 KB914388 KB914389 KB916281 KB917159 KB917344 KB917422 KB917537 KB917953 KB918439 KB918899 KB920214 KB920670 KB920683 KB921398 KB921883 KB922616
Besides that follow what bcastner mentioned...
Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
according to HiJackThis you have SP1 meaning that you are missing SP2 Updates and all these HotFixes:
KB834707 KB867282 KB873333 KB873339 KB883939 KB884020 KB884883 KB885222 KB885250 KB885626 KB885835 KB885836 KB885884 KB885894 KB886185 KB886677 KB886716 KB887472 KB887742 KB887797 KB888113 KB888302 KB889016 KB890046 KB890047 KB890175 KB890831 KB890859 KB890923 KB891781 KB893066 KB893086 KB893357 KB893756 KB893803V2 KB894391 KB896256 KB896358 KB896422 KB896423 KB896424 KB896428 KB896626 KB896688 KB896727 KB899271 KB899587 KB899588
KB899589 KB899591 KB900725 KB901017 KB901190 KB901214 KB902400 KB903235 KB904706 KB905414 KB905749 KB905915 KB906569 KB908519 KB908531 KB911280 KB911562 KB911567 KB911927 KB912812 KB912919 KB913446 KB913580 KB914388 KB914389 KB916281 KB917159 KB917344 KB917422 KB917537 KB917953 KB918439 KB918899 KB920214 KB920670 KB920683 KB921398 KB921883 KB922616
Besides that follow what bcastner mentioned...
Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
Bleeping Computer -> Startup Programs Database -> muamgrd.exe Information
This is an undesirable program.
I don't see any evidence of Antivirus or Firewall software, combined with no passwords, this is a recipe for problems to say the least.
This is an undesirable program.
I don't see any evidence of Antivirus or Firewall software, combined with no passwords, this is a recipe for problems to say the least.
- Thread starter
- #16
Start, Run, msconfig
But you would be happier with AutoRuns by sysinternals:
But you would be happier with AutoRuns by sysinternals:
- Thread starter
- #18
You cannot do it through MSCONFIG.
Use regedit as exlained in this KB article:
Use regedit as exlained in this KB article:
- Thread starter
- #20
- Status
Similar threads
