Solved malware help please

[Resolved] malware help please

hi guys, i seem to have problems with my laptop, a generic host error message and general slowing down of resources, so i'm posting my hijackthis log in the hope that someone might be able to have a look at it. in the meantime i'm going to download spybot and ad-aware and see what they come up with. many thanks for your time in reading this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:42, on 06/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini20.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/en/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146256502781
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 9826 bytes

 

Welcome to WindowsBBS scubaced

Lets start with what is normally recommended for the Generic Host Process error and go from there. Download and apply the following Microsoft Security Update.
http://www.microsoft.com/downloads/...b6-03ff-4636-861a-46b3eac7a305&displaylang=en

Reboot when done and let me know if the error stops.

 

many thanks for the welcome and reply

i had already tried to run this fix, but i went to microsoft update from the link you posted to double check. the message i got on both occasions was that my service pack is newer than the update that i am trying to apply and that there is no need to install the update.

 

OK. Lets get a better look at things then. Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.scr to run the tool.
• When done, DDS.txt will open.
• Click Yes at the next prompt for Optional Scan.
• Save both reports to your desktop.

---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt


I may ask for the Attach.txt log later, so keep it handy.

 

here is the log you requested and thanks very much for your time.


DDS (Version 1.0) - NTFSx86
Run by steven webster at 23:40:45.06 on 07/12/2008
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.890 [GMT 7:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Documents and Settings\steven webster\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.mini20.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = 67.69.254.244:80
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISBMgr.exe] c:\program files\sony\isb utility\ISBMgr.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [VAIO Update 3] "c:\program files\sony\vaio update 3\VAIOUpdt.exe" /Stationary
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SonyPowerCfg] c:\program files\sony\vaio power management\SPMgr.exe
mRun: [PC Pitstop Optimize Reminder] c:\program files\pcpitstop\optimize2\Reminder.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: *.sony-europe.com
Trusted Zone: *.sonystyle-europe.com
Trusted Zone: *.vaio-link.com
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - c:\progra~1\window~4\MpShHook.dll
LSA: Notification Packages = scecli scecli

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-8 207656]
R2 aawservice;Lavasoft Ad-Aware Service; "c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-6-8 358736]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-6-8 144704]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlservr.exe -sVAIO_VEDB []
R2 WinDefend;Windows Defender; "c:\program files\windows defender\MsMpEng.exe" [2006-11-4 13592]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-6-8 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-6-8 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-6-8 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-6-8 40488]
S2 navapsvc;Norton AntiVirus Auto-Protect Service; "c:\program files\norton internet security\norton antivirus\navapsvc.exe" []
S3 G3GRUMDM;G3G R USB Modem;c:\windows\system32\drivers\g3grumdm.sys [2006-4-9 26496]
S3 G3GRUSER;G3G R USB Serial;c:\windows\system32\drivers\g3gruser.sys [2006-4-9 23296]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-6-8 34152]
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;c:\program files\microsoft sql server\mssql$vaio_vedb\binn\sqlagent.EXE -i VAIO_VEDB []

=============== Created Last 30 ================

2008-12-07 21:26 <DIR> --d----- c:\program files\common files\xing shared
2008-12-07 20:24 4,682 a------- c:\windows\system32\npptNT2.sys
2008-12-07 20:24 5,174 a------- c:\windows\system32\nppt9x.vxd
2008-12-07 20:20 <DIR> --d----- c:\program files\common files\INCA Shared
2008-12-06 23:02 <DIR> --d----- c:\documents and settings\steven webster\.housecall6.6
2008-12-06 20:25 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-06 20:25 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-06 17:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PCPitstop
2008-12-06 17:40 <DIR> --d----- c:\windows\pss
2008-12-06 17:26 289,144 a------- c:\windows\system32\VCCLSID.exe
2008-12-06 17:26 87,552 a------- c:\windows\system32\VACFix.exe
2008-12-06 17:26 82,944 a------- c:\windows\system32\o4Patch.exe
2008-12-06 17:26 82,944 a------- c:\windows\system32\IEDFix.exe
2008-12-06 17:26 82,944 a------- c:\windows\system32\IEDFix.C.exe
2008-12-06 17:26 82,432 a------- c:\windows\system32\404Fix.exe
2008-12-06 17:26 25,600 a------- c:\windows\system32\WS2Fix.exe
2008-12-06 17:26 288,417 a------- c:\windows\system32\SrchSTS.exe
2008-12-06 17:26 135,168 a------- c:\windows\system32\swreg.exe
2008-12-06 17:26 79,360 a------- c:\windows\system32\swxcacls.exe
2008-12-06 17:26 51,200 a------- c:\windows\system32\dumphive.exe
2008-12-06 12:56 <DIR> --d----- c:\program files\Lavasoft
2008-12-06 12:42 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-06 12:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-06 12:17 <DIR> --d----- c:\docume~1\steven~1\applic~1\Malwarebytes
2008-12-06 12:17 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-06 12:17 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-06 12:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-06 12:16 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-06 11:42 <DIR> --d----- c:\program files\Trend Micro
2008-11-30 19:40 <DIR> --d----- c:\program files\Defraggler
2008-11-29 20:32 66 a------- c:\windows\Ahead DVD Ripper.INI
2008-11-29 20:32 <DIR> --d----- c:\program files\Ahead DVD Ripper
2008-11-28 15:47 178,475,936 a------- C:\Coldcut - Essential Mix - Radio 1 - 29-01-2006.mp3
2008-11-21 17:38 54,156 a---h--- c:\windows\QTFont.qfn
2008-11-21 17:38 1,409 a------- c:\windows\QTFont.for
2008-11-17 23:22 <DIR> --d----- c:\program files\URUSoft
2008-11-17 19:37 <DIR> --d----- c:\program files\MSXML 4.0
2008-11-14 18:17 31 a------- c:\documents and settings\steven webster\jagex_runescape_preferences.dat
2008-11-14 18:16 <DIR> --d----- c:\windows\.jagex_cache_32
2008-11-08 19:19 2,023,936 ac------ c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-08 19:03 2,145,280 ac------ c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-08 18:29 <DIR> --d----- c:\windows\ServicePackFiles
2008-11-08 18:13 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2008-11-08 18:12 1,041,536 ac------ c:\windows\system32\dllcache\hsfdpsp2.sys

==================== Find3M ====================

2008-12-07 21:26 348,160 a------- c:\windows\system32\msvcr71.dll
2008-11-08 18:34 76,487 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-29 05:36 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-10-29 05:36 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-10-29 05:35 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-10-29 05:35 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-10-29 05:35 684,032 a------- c:\windows\system32\DivX.dll
2008-10-24 18:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-09-25 15:03 524,288 a------- c:\windows\system32\DivXsm.exe
2008-09-25 15:03 196,608 a------- c:\windows\system32\dtu100.dll
2008-09-25 15:03 81,920 a------- c:\windows\system32\dpl100.dll
2008-09-25 15:03 53,248 a------- c:\windows\system32\dpuGUI10.dll
2008-09-25 15:03 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-09-25 15:03 344,064 a------- c:\windows\system32\dpus11.dll
2008-09-25 15:03 57,344 a------- c:\windows\system32\dpv11.dll
2008-09-25 15:03 294,912 a------- c:\windows\system32\dpu11.dll
2008-09-25 15:03 294,912 a------- c:\windows\system32\dpu10.dll
2008-09-25 15:03 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-20 04:57 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-09-20 04:57 120,056 -------- c:\windows\system32\pxcpyi64.exe
2008-09-20 04:57 118,520 -------- c:\windows\system32\pxinsi64.exe
2008-09-20 04:55 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-09-20 04:55 200,704 a------- c:\windows\system32\ssldivx.dll
2008-09-20 04:54 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-09-15 19:12 1,846,400 a------- c:\windows\system32\win32k.sys
2008-09-10 08:14 1,307,648 a------- c:\windows\system32\msxml6.dll

============= FINISH: 23:41:36.50 ===============

 

Did you knowingly setup a proxy server connection via a canadian proxy?

Did MBAM or SmitfraudFix find and remove anything? If so, please post their logs.

 

i've been messing about with proxy settings for an online game on my system, i haven't run the smitfraudfix yet. i was waiting till i was asked to do so, i will run it now and post the logs.

 

here's the smitfraudfix log you asked for.


SmitFraudFix v2.381

Scan done at 1:24:11.48, 08/12/2008
Run from C:\Documents and Settings\steven

webster\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] -

Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows

Defender\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program

Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program

Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasv

c.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mc

proxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Microsoft SQL

Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event

Service\VESMgr.exe
C:\Program Files\Common Files\Sony

Shared\VAIO Entertainment

Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Sony

Shared\VAIO Entertainment

Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Sony

Shared\VAIO Entertainment

Platform\VzCdb\VzFw.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony\VAIO Update

3\VAIOUpdt.exe
C:\Program Files\Windows

Defender\MSASCui.exe
C:\Program Files\Sony\VAIO Power

Management\SPMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.ex

e
C:\Program Files\Common

Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common

Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common

Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»»

C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»»

C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»»

C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and

Settings\steven webster


»»»»»»»»»»»»»»»»»»»»»»»»

C:\DOCUME~1\STEVEN~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and

Settings\steven webster\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»

C:\DOCUME~1\STEVEN~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop

Components

[HKEY_CURRENT_USER\Software\Microsoft\Inter

net Explorer\Desktop\Components\0]
"Source "= "About:Home "
"SubscribedURL "= "About:Home "
"FriendlyName "= "My Current Home Page "


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably

infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably

infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably

infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably

infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»»

Sharedtaskscheduler
!!!Attention, following keys are not inevitably

infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably

infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft

\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs "=" "
"LoadAppInit_DLLs "=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably

infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft

\Windows NT\CurrentVersion\Winlogon]
"Userinit "= "C:\\WINDOWS\\system32\\userinit.ex

e, "
"System "=" "


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network

Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{8FB04192

-20E8-4E9D-B17F-132725E58DD3}:

DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8FB04192

-20E8-4E9D-B17F-132725E58DD3}:

DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8FB04192

-20E8-4E9D-B17F-132725E58DD3}:

DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters:

DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters:

DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters:

DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for

wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

 

the mbam log is as follows


Malwarebytes' Anti-Malware 1.31
Database version: 1466
Windows 5.1.2600 Service Pack 3

06/12/2008 13:29:50
mbam-log-2008-12-06 (13-29-50).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 104514
Time elapsed: 52 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

I did not ask you to run SmitfraudFix, nor did I want you to. The following entries from your DDS log suggest that you had already run it, and I only wanted to see it's log.

Did the problem exist prior to messing with the proxy settings? If you reset to automatic dns with no proxy, do you still get the generic host error?

Did you assign the following IE start page?

google.mini20.com

 

very sorry if i jumped ahead by opening the smitfraudfix app, i didn't run it only opened it, so i had no log for you. then misunderstood you and ran it yesterday to get you a log. the generic host error started a few weeks ago, then went away and in the last few days has come back with a vengeance, as it were. i didn't set the ie homepage, that was set like that by a wifi service that i have been using, you know 'pay for a set amount of hours' by opening browser, their home log in page comes up automatically, you log in and are then redirected to your homepage. the fact is i was logging in on ie then minimising the window and switching to firefox. so i never gave any thought to the google.mini20, should i change this??. i am now using a normal dsl connection. i was messing with the proxy settings a couple of days ago and have now reset it all to the way it was, but it doesn't affect the problem, nor ever did.

 

Do you by chance have an HP printer?

 

no i don't, in fact i've never printed anything from this computer. strange but true

 

Would you mind uninstalling INCA to see if it has any effect on the error? BTW, you might want to read about the security risk associated with INCA.

http://www.securityfocus.com/archive/1/387574

 

hi,

i think i ought to mention that around the time of this error first occuring, that i was playing a game in my browser, which uses java. i have come to understand that if java runtime environment is not properly updated then there can be security issues. as it turned out my version was only updated to no.7. so i uninstalled the java platform completely and reinstalled. the current runtime environment, as i'm sure you know, is no.11

i have deleted the program using inca, on your advice but this program i will admit has been installed since the errors started.

thanks again for your time in looking into this.

 

So I'm guessing that after updating Java and uninstalling INCA, and a reboot, there is no change? The error message still appears?
Please give me a full description of the error, and what effect it has.

 

ok, this is how it goes.

i boot up. everything is very slow for approximately 2-3 minutes. after this time i get the 'generic host process for windows 32 has to close' message along with the error message sending box. then sometimes the taskbar goes into a windows 2000 format and sometimes it doesn't. everything else seems to run normally until the computer has been running for a while. sometimes i cannot enable my wireless network connection (i don't need it atm but i think that it is relevant to furnish you with as much information as possible) and also the sound card seems to become disabled after the computer has been running for a while.

you are correct in your assumption that updating java and uninstalling inca makes no difference to the error.

the error message for the wireless network is as follows:
'it is not possible to connect at this time. no network was detected. you may need to plug in your network cable to complete the connection.'

the only reason i can think for this is the fact that when i was using the 'pay for your time' wifi service, i was needing to use 2 computers. so i used the wifi service on a mac and enabled internet connection sharing on it. then plugged an ethernet cable directly to the pc to use the internet on it. i didn't have to do this all the time and sometimes used the wireless connection directly form the pc. this did occasionally throw up conflicts which meant that i just manually set up the ip address when connecting to the mac and reset the settings to default when only using the pc. sounds overly complicated when i read this back! incidentally, even though technically the pc and mac are still networked through the dsl router, the mac can no longer 'see' the pc since the error messages have returned.

 

Thanks. That sheds another light on things. The generic host error is most often a problem for users when using the internet - it cuts off their connection. We'll have to take a different approach with yours.

The first thing I'd like you to do is open the computer case and visually verify that all fans are working. You may also need to check the power supply at the back of the machine. It's fan could be located at the back or inside the case.

Next, shut the computer down and check for dust buildup on the fan blades, air intake vents at the front back and side of the machine, and between the fins of the heat sink located on the motherboard's processor. You may need to use compressed air or a small brush, such as an artists brush (preferrably a horsehair brush rather than plastic bristled). If using compressed air, take care to prevent the fans from spinning under the force of the air flow. That can damage the fans and/or computer components.

Once completed, restart the computer in safe mode. Open a command window and type the following command.

sfc /scannow

Be prepared to insert your XP cd if prompted. The system file checker might prompt you for it if corrupted system files are found and replacements needed. Restart when completed, whether prompted to or not.

Let me know if there's any change.

 

just 2 things to note.
this is a laptop, and i don't have the xp disk and never did have as just bought it from a shop already installed

do you advise me to carry on with your instructions??

edit:
what i mean is, will the fact that i don't have the xp disk to correct corrupted files mean that i won't be able to reboot??

 

You could still run sfc anyway. It's possible to be configured to look in a location on the drive instead of the cd. Not likely, but possible. If prompted for the cd you'll just have to skip or cancel. Let me know if that happens.


Accessing the vents, fans and heatsink on a laptop can be a bit daunting for some, and at least a small amount of mechanical ability is required. Depending on the model, step-by-step instructions from the manufacturer might be available.
How long have you owned it?
Do you have indoor pets?
Does the laptop appear to be hotter than expected?
Can you hear the fan run? Feel any air movement around the air intake or exhaust?