Generic host process for win32 services has encountered a problem and needs to close.

Hi everyone I new here so I hope someone can help me, before this problem I had a full head of Hair I am now bauld and that was only a week ago!!!

I have this error everytime I start up, I then close the error and send the report to Microsoft, I then get the same error again instantly, this happens TEN times everytime I start up and its driving me mad

I have installed the update from Microsoft that is supposed to fix this and I have ran RegCure but still I have the same problem.

Please please can someone help.

Thanks

 

Hello CDF and welcome to the Board,

First, does this happen when booting in Safe Mode? - tap the F8 key from a restart.

If not, go into msconfig and uncheck all your startups - do this not connected to the net - pull the plug on the modem, and bootup.

Start > run > type msconfig > ok > startup tab.

Regards - Charles

 

Hi Charles,

Well why didn't I find you sooner. Thanks for that. It did not do it in Safe Mode so I followed your advice and then followed the prompts on start up again and now it seems to be ok.

Only I have another problem well two actually. I now get an error message saying there is a problem with my device monitor and it needs to shut down and I get windows installer trying to install a piece of software that I don't have the cd for or particularly want both of these happen on start up.

Any help would be appreciated and thanks again for help.

 

Hello CDF,

Go back into msconfig and re check the startups one by one and reboot after each one.

You can't keep the startups, especially for AV/Firewall off. The point is to narrow down which of the startups is causing the problem.

Did you uninstall the program you don't want? If not, uninstall it first before using the MS cleanup tool.

If the problem with the unwanted app comes back: use the MS Installer Cleanup tool:
http://support.microsoft.com/default.aspx?scid=kb;en-us;290301

Regards - Charles

 

Hi Charles,

Sorry for not coming back sooner I have been working away the last few days.

I have narrowed the start up problem down to two files:

C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DLA\DLACTRLW.exe

What do I do next as when it comes to things like this I really am a novice.

Many Thanks
Iain

 

Hi Iain,

ctfmon.exe is the Language Bar and Speech and Handwriting recognition for IE. Follow the directions in the thread to disable it.
http://www.windowsbbs.com/showthread.php?t=58841&highlight=ctfmon.exe




C:\WINDOWS\system32\DLA\DLACTRLW.exe I don't what this is, follow the dirctions for posting a HighjackThis log and paste it into your next post.

Please download HijackThis!
SetUp from http://downloads.malwareremoval.com/HJTsetup.exe
Save the file to your desktop.

Double-click the HijackThis!
SetUp icon to begin the installation.

Follow the prompts for the default install location of:'C:\Program Files\HijackThis'.

Tick the 'Create a desktop' button when the option appears.
Select next, then allow HijackThis! to start.

Then press the [Scan] button.
You will notice the [Scan] button will turn into a [Save Log] button.

Click the [Save Log] button and notepad will open up with the contents of the scan.

Right-click in the saved log, and select 'copy'.

Then proceed to your original thread, unless otherwise instructed and click the '[Reply]' button and paste the saved contents to be reviewed.

Do not make any modifications to the log or perform any 'fixes' until told to do so.

Regards - Charles

 

Ok Done as below

Logfile of HijackThis v1.99.1
Scan saved at 13:15:53, on 21/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\WinFax\WFXSWTCH.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Barclays\Business Manager\rsrc\binaries\main\BarclaysBusinessManager0001.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trafficswarm.com/cgi-bin/swarm.cgi?590495&1d9281f76a13020047615375f42ad590
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee Privacy Service Popup Blocker - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\program files\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe "
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Barclays Business Manager] C:\Program Files\Barclays\Business Manager\bin\BarclaysBusinessManager.exe /server
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe "
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe "
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Palo Alto Software Update Manager 8.0.lnk = C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {B40B74C9-C9B3-445C-9397-EC8285292947} (WebImageFX.WIFXLoader) - http://www.responsemagic.com/ewebeditpro4/webimagefx.cab
O16 - DPF: {DB1B4C3B-8690-43B2-9045-91EDA7A12580} (eWebEditProLibCtl4.eWEPLoader) - http://www.responsemagic.com/ewebeditpro4/ewebeditpro4.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

 

Hi Iain,

I do see one problem:

O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file) for Starware Toolbar

It is an adware dropper. It drops adware application on the system, which may generate extra pop-up ads while using Internet Explorer.

You also have multiple tool bars running which is a potential source of conflicts: Google's and Yahoo

Then AOL's anti spyware app along with McAfee's.

I'm moving your thread to the Virus and spyware removal section for the experts to look at.

Regards - Charles

 

Ok Thanks Charles.


If it helps

I don't need Yahoo, I use Google
I don't use AOL I use McAfee

Thanks

 

Hello and welcome to WindowsBBS Removing Spyware & Viruses forum.


This one:
C:\WINDOWS\system32\DLA\DLACTRLW.exe
http://www.liutilities.com/products/wintaskspro/processlibrary/dlactrlw/

And the line which Charles pointed to looks to be a remnant from an uninstall.

I'm not seeing anything malicious in your log file either. A few errant minor items we can fix tho. And I have a question too. Did you set your homepage to 'trafficswarm.com'? I ask because it is in the IESpyads database and upon checking with Whois, I see it's some sort of traffic generating site. Which means they re-direct users to a site. Most of the sites they affiliate with are similar. If you did set it, the ignore that line to fix below.

Open Hijackthis, select the [Do a system scan only] button and look over the following entries I have listed, check the boxes [] next to them and press the [Fix Checked] button. When you are doing this, make sure you have No IE windows, nor any other browsers open, including this one. Reboot if I have specified below, and post a fresh HijackThis log.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...inc&channel=uk

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trafficswarmIE Spyads.com/cgi-bin/...615375f42ad590

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co.uk/ig/dell?hl=e...inc&channel=uk

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/ig/dell?hl=e...inc&channel=uk


O3 - Toolbar: (no name) - {D49E9D35-254C-4c6a-9D17-95018D228FF5} - (no file)


O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

Reboot, run HJT, if the above are gone, no need to repost with new log.

And rather than using MSCONFIG, you may want to get yourself a dedicated start up manager. Something like WinPatrol v10.0.5.0.

 

Hi,

Yes I did set Traffic swarm as my homepage so will ignore that line and carry out the rest will come back to you,

Thanks

 

Hi,

I have done this and yes they have now gone but I still have

Generic host process for win32 services has encountered a problem and needs to close.

on start up and windows installer trying to install some software

Thanks

 

Ok, lets look a little deeper into the system.

Please download SilentRunners from here

Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run.
Silent Runners will ask if you want to skip the supplementary search.
Please select 'No' to include them.
Then select 'Yes' to confirm the search.
When the scan is finished, a message will pop up and a logfile will have been created on the desktop.

Please post the entire contents of this logfile created back into this thread for me to see.

And:

Download Autoruns by Sysinternals from here and save it to your desktop.

Extract the files to your desktop, open the Autoruns folder, and double-click autoruns.exe to run it.

When the scan is finished from the toolbar, select the [Options] tab, then tick the 'Hide Microsoft Entries' option. Then hit the 'refresh' icon.

Post the log here for me to view.

 

OK here goes!

Silent Runners Log

"Silent Runners.vbs ", revision R50, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++} "


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"DellSupport" = " "C:\Program Files\Dell Support\DSAgnt.exe" /startup" [ "Gteko Ltd."]
"Skype" = " "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized" [ "Skype Technologies S.A."]
"MSMSGS" = " "C:\Program Files\Messenger\msmsgs.exe" /background" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"MCUpdateExe" = "C:\PROGRA~1\mcafee.com\agent\McUpdate.exe" [ "McAfee, Inc"]
"DLCCCATS" = "rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16" [MS]
"Barclays Business Manager" = "C:\Program Files\Barclays\Business Manager\bin\BarclaysBusinessManager.exe /server" [null data]
"MSKAGENTEXE" = "C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [ "McAfee Inc."]
"dlccmon.exe" = " "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" " [ "Dell"]
"WinFaxAppPortStarter" = "wfxsnt40.exe" [MS]
"WFXSwtch" = "C:\PROGRA~1\WinFax\WFXSWTCH.exe" [null data]
"VSOCheckTask" = " "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask" [ "McAfee, Inc."]
"VirusScan Online" = "C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [ "McAfee, Inc."]
"TkBellExe" = " "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" [ "RealNetworks, Inc."]
"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [null data]
"SigmatelSysTrayApp" = "stsystra.exe" [ "SigmaTel, Inc."]
"QuickTime Task" = " "C:\Program Files\QuickTime\qttask.exe" -atboottime" [ "Apple Computer, Inc."]
"PWRISOVM.EXE" = "C:\Program Files\PowerISO\PWRISOVM.EXE" [ "PowerISO Computing, Inc."]
"OASClnt" = "C:\Program Files\McAfee.com\VSO\oasclnt.exe" [ "McAfee, Inc."]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS]
"MSKDetectorExe" = "C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup" [ "McAfee, Inc."]
"MPSExe" = "c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding" [ "McAfee, Inc."]
"MPFExe" = "C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [ "McAfee Security"]
"MCAgentExe" = "c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ "McAfee, Inc"]
"iTunesHelper" = " "C:\Program Files\iTunes\iTunesHelper.exe" " [ "Apple Computer, Inc."]
"ISUSScheduler" = " "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start" [ "InstallShield Software Corporation"]
"ISUSPM Startup" = " "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup" [ "InstallShield Software Corporation"]
"IAAnotif" = "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [ "Intel Corporation"]
"HP Software Update" = " "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" " [ "Hewlett-Packard Company"]
"Google Desktop Search" = " "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup" [ "Google"]
"MSConfig" = "C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto" [MS]
"UserFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -u "
"WinPatrol" = "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [ "BillP Studios"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" [ "Adobe Systems Incorporated"]
{227B8AA8-DAF2-4892-BD1D-73F568BCB24E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "McBrwHelper Class "
\InProcServer32\(Default) = "c:\PROGRA~1\mcafee.com\mps\mcbrhlpr.dll" [ "McAfee, Inc."]
{3EC8255F-E043-4cae-8B3B-B191550C2A22}\(Default) = (no title provided)
-> {HKLM...CLSID} = "McAfee Privacy Service Popup Blocker "
\InProcServer32\(Default) = "c:\program files\mcafee.com\mps\popupkiller.dll" [ "McAfee, Inc."]
{41D68ED8-4CFF-4115-88A6-6EBB8AF19000}\(Default) = (no title provided)
-> {HKLM...CLSID} = "McAfee AntiPhishing Filter "
\InProcServer32\(Default) = "c:\program files\mcafee\spamkiller\mcapfbho.dll" [ "McAfee, Inc."]
{5CA3D70E-1895-11CF-8E15-001234567890}\(Default) = (no title provided)
-> {HKLM...CLSID} = "DriveLetterAccess "
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" [ "Sonic Solutions"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper "
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" [ "Google Inc."]
{CA6319C0-31B7-401E-A518-A07C3DB8F777}\(Default) = (no title provided)
-> {HKLM...CLSID} = "CBrowserHelperObject Object "
\InProcServer32\(Default) = "c:\Program Files\BAE\BAE.dll" [ "Dell Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension "
-> {HKLM...CLSID} = "Display Panning CPL Extension "
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext "
-> {HKLM...CLSID} = "HyperTerminal Icon Ext "
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" [ "Hilgraeve, Inc."]
"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class "
-> {HKLM...CLSID} = "DesktopContext Class "
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" [ "NVIDIA Corporation"]
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper "
-> {HKLM...CLSID} = "NVIDIA CPL Extension "
\InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" [ "NVIDIA Corporation"]
"{5CA3D70E-1895-11CF-8E15-001234567890}" = "DriveLetterAccess "
-> {HKLM...CLSID} = "DriveLetterAccess "
\InProcServer32\(Default) = "C:\WINDOWS\System32\DLA\DLASHX_W.DLL" [ "Sonic Solutions"]
"{00020D75-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Desktop Icon Handler "
-> {HKLM...CLSID} = "Microsoft Office Outlook "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\MLSHEXT.DLL" [MS]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Office Outlook Custom Icon Handler "
-> {HKLM...CLSID} = "Outlook File Icon Extension "
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\OFFICE11\msohev.dll" [MS]
"{506F4668-F13E-4AA1-BB04-B43203AB3CC0}" = "{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "
-> {HKLM...CLSID} = "ImageExtractorShellExt Class "
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data]
"{D66DC78C-4F61-447F-942B-3FB6980118CF}" = "{D66DC78C-4F61-447F-942B-3FB6980118CF} "
-> {HKLM...CLSID} = "CInfoTipShellExt Class "
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Visio11\VISSHE.DLL" [null data]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes "
-> {HKLM...CLSID} = "iTunes "
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" [ "Apple Computer, Inc."]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player "
-> {HKLM...CLSID} = "RealOne Player Context Menu Class "
\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshell.dll" [ "RealNetworks, Inc."]
"{967B2D40-8B7D-4127-9049-61EA0C2C6DCE}" = "PowerISO "
-> {HKLM...CLSID} = "PowerISO "
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" [ "PowerISO Computing, Inc."]
"{E0D79304-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]
"{E0D79305-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]
"{E0D79306-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]
"{E0D79307-84BE-11CE-9641-444553540000}" = "WinZip "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{A213B520-C6C2-11d0-AF9D-008029E1027E}" = (no title provided)
-> {HKLM...CLSID} = "WinFax PRO IShellExecuteHook "
\InProcServer32\(Default) = "C:\Program Files\WinFax\WfxSeh32.Dll" [ "Symantec Corporation"]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL" [ "Google"]

HKLM\Software\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945} "
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info "
-> {HKLM...CLSID} = "PDF Shell Extension "
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" [ "Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A} "
-> {HKLM...CLSID} = "MShellExtMenu Class "
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" [ "MagicISO, Inc."]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "
-> {HKLM...CLSID} = "PowerISO "
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" [ "PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A} "
-> {HKLM...CLSID} = "MShellExtMenu Class "
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" [ "MagicISO, Inc."]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "
-> {HKLM...CLSID} = "PowerISO "
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" [ "PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
MagicISO\(Default) = "{DB85C504-C730-49DD-BEC1-7B39C6103B7A} "
-> {HKLM...CLSID} = "MShellExtMenu Class "
\InProcServer32\(Default) = "C:\Program Files\MagicISO\misosh.dll" [ "MagicISO, Inc."]
PowerISO\(Default) = "{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} "
-> {HKLM...CLSID} = "PowerISO "
\InProcServer32\(Default) = "C:\Program Files\PowerISO\PWRISOSH.DLL" [ "PowerISO Computing, Inc."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA} "
-> {HKLM...CLSID} = "WinRAR "
\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
WinZip\(Default) = "{E0D79304-84BE-11CE-9641-444553540000} "
-> {HKLM...CLSID} = "WinZip "
\InProcServer32\(Default) = "C:\PROGRA~1\WINZIP\WZSHLSTB.DLL" [ "WinZip Computing LP"]


Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp "

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\wallpaper.bmp "


Startup items in "IJS" & "All Users" startup folders:
-----------------------------------------------------

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ "Adobe Systems Incorporated"]
"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" [ "BVRP Software"]
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" [ "Hewlett-Packard Co."]
"HP Image Zone Fast Start" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe -s" [null data]
"Palo Alto Software Update Manager 8.0" -> shortcut to: "C:\Program Files\Common Files\Palo Alto Software\8.0\PAS8_Update.exe" [ "Palo Alto Software"]
"WinZip Quick Pick" -> shortcut to: "C:\Program Files\WinZip\WZQKPICK.EXE" [ "WinZip Computing LP"]


Enabled Scheduled Tasks:
------------------------

"McAfee.com Scan for Viruses - My Computer (IAIN-IJS)" -> launches: "c:\program files\mcafee.com\vso\mcmnhdlr.exe /runtask:0" [ "McAfee, Inc."]
"RegCure" -> launches: "C:\Program Files\RegCure\RegCure.exe -t" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
C:\WINDOWS\system32\mclsp.dll [ "McAfee, Inc."], 01 - 11, 23
%SystemRoot%\system32\mswsock.dll [MS], 12 - 14, 17 - 22
%SystemRoot%\system32\rsvpsp.dll [MS], 15 - 16


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F} "
-> {HKLM...CLSID} = "&Google "
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" [ "Google Inc."]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F} "
-> {HKLM...CLSID} = "&Google "
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" [ "Google Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88} "
-> {HKLM...CLSID} = "Yahoo! Toolbar "
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" [ "Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{BA52B914-B692-46C4-B683-905236F6F655}" = "McAfee VirusScan "
-> {HKLM...CLSID} = "McAfee VirusScan "
\InProcServer32\(Default) = "c:\progra~1\mcafee.com\vso\mcvsshl.dll" [ "McAfee, Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google "
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" [ "Google Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Real.com "
\InProcServer32\(Default) = "C:\WINDOWS\system32\Shdocvw.dll" [MS]

HKLM\Software\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Research "
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console "
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501} "

{39FD89BF-D3F1-45B6-BB56-3582CCF489E1}\
"MenuText" = "McAfee AntiPhishing Filter "
"CLSIDExtension" = "{7DD73374-7187-4103-8F29-622AA25E7C40} "
-> {HKLM...CLSID} = "MyCfgDlgCmdTarget Class "
\InProcServer32\(Default) = "c:\program files\mcafee\spamkiller\mcapfbho.dll" [ "McAfee, Inc."]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Research "

{CD67F990-D8E9-11D2-98FE-00C0F0318AFE}\
"ButtonText" = "Real.com "

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001 "
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger "
"MenuText" = "Windows Messenger "
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


HOSTS file
----------

C:\WINDOWS\System32\drivers\etc\HOSTS

maps: 3 domain names to IP addresses,
2 of the IP addresses are *not* localhost!


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

AOL Connectivity Service, AOL ACS, " "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe" " [ "America Online, Inc."]
dlcc_device, dlcc_device, "C:\WINDOWS\system32\dlcccoms.exe -service" [" "]
Intel(R) Matrix Storage Event Monitor, IAANTMon, "C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe" [ "Intel Corporation"]
iPodService, iPodService, "C:\Program Files\iPod\bin\iPodService.exe" [ "Apple Computer, Inc."]
McAfee Personal Firewall Service, MpfService, "C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe" [ "McAfee Corporation"]
McAfee SpamKiller Server, MskService, "C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe" [ "McAfee Inc."]
McAfee Task Scheduler, McTskshd.exe, "c:\PROGRA~1\mcafee.com\agent\mctskshd.exe" [ "McAfee, Inc"]
McAfee WSC Integration, McDetect.exe, "c:\program files\mcafee.com\agent\mcdetect.exe" [ "McAfee, Inc"]
McAfee.com McShield, McShield, "c:\PROGRA~1\mcafee.com\vso\mcshield.exe" [ "McAfee Inc."]
NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" [ "NVIDIA Corporation"]
Pml Driver HPZ12, Pml Driver HPZ12, "C:\WINDOWS\system32\HPZipm12.exe" [ "HP"]
SQL Server (SQLEXPRESS), MSSQL$SQLEXPRESS, " "c:\Program Files\Microsoft SQL Server\MSSQL.3\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WinFax PRO, wfxsvc, "C:\WINDOWS\system32\WFXSVC.EXE" [ "Symantec Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Dell 924 Port\Driver = "dlcclmpm.DLL" [" "]
HP Standard TCP/IP Port\Driver = "hptcpmon.dll" [ "Hewlett Packard"]
hpzlnt12\Driver = "hpzlnt12.dll" [ "HP"]
Microsoft Document Imaging Writer Monitor\Driver = "mdimon.dll" [MS]
Microsoft Shared Fax Monitor\Driver = "FXSMON.DLL" [MS]
WinFax Ports\Driver = "WFXMNT40.DLL" [MS]
WinFax Ports (Photo Quality)\Driver = "WFXMNTHQ.DLL" [MS]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 149 seconds.
---------- (total run time: 202 seconds)

Will have to post Autoruns seperately as too many characters 3387 to many.

 

Autoruns


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ Barclays Business Manager c:\program files\barclays\business manager\bin\barclaysbusinessmanager.exe
+ DLCCCATS Timer DLL c:\windows\system32\spool\drivers\w32x86\3\dlcctime.dll
+ dlccmon.exe DellDevice Monitor Dell c:\program files\dell photo aio printer 924\dlccmon.exe
+ Google Desktop Search Google Desktop Google c:\program files\google\google desktop search\googledesktop.exe
+ HP Software Update hpwuSchd Hewlett-Packard Company c:\program files\hp\hp software update\hpwuschd2.exe
+ IAAnotif Event Monitor User Notification Tool Intel Corporation c:\program files\intel\intel matrix storage manager\iaanotif.exe
+ ISUSPM Startup InstallShield Update Service Update Manager InstallShield Software Corporation c:\program files\common files\installshield\updateservice\isuspm.exe
+ ISUSScheduler InstallShield Update Service Scheduler InstallShield Software Corporation c:\program files\common files\installshield\updateservice\issch.exe
+ iTunesHelper iTunesHelper Module Apple Computer, Inc. c:\program files\itunes\ituneshelper.exe
+ MCAgentExe McAfee SecurityCenter Agent McAfee, Inc c:\program files\mcafee.com\agent\mcagent.exe
+ MCUpdateExe McAfee SecurityCenter Update Engine McAfee, Inc c:\program files\mcafee.com\agent\mcupdate.exe
+ MPFExe McAfee Personal Firewall Tray Monitor McAfee Security c:\program files\mcafee.com\personal firewall\mpftray.exe
+ MPSExe McAfee Privacy Service McAfee, Inc. c:\program files\mcafee.com\mps\mscifapp.exe
+ MSKAGENTEXE McAfee SpamKiller Agent Interface module McAfee Inc. c:\program files\mcafee\spamkiller\mskagent.exe
+ MSKDetectorExe McAfee SpamKiller Account Detector McAfee, Inc. c:\program files\mcafee\spamkiller\mskdetct.exe
+ NvCplDaemon NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
+ OASClnt McAfee VirusScan OAS Client McAfee, Inc. c:\program files\mcafee.com\vso\oasclnt.exe
+ PWRISOVM.EXE PowerISO Virtual Drive Manager PowerISO Computing, Inc. c:\program files\poweriso\pwrisovm.exe
+ QuickTime Task QuickTime Task Apple Computer, Inc. c:\program files\quicktime\qttask.exe
+ SigmatelSysTrayApp Sigmatel Audio system tray application SigmaTel, Inc. c:\windows\stsystra.exe
+ SunJavaUpdateSched c:\program files\java\j2re1.4.2_03\bin\jusched.exe
+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. c:\program files\common files\real\update_ob\realsched.exe
+ VirusScan Online McAfee VirusScan ActiveShield Resource McAfee, Inc. c:\program files\mcafee.com\vso\mcvsshld.exe
+ VSOCheckTask McAfee VirusScan Command Handler McAfee, Inc. c:\program files\mcafee.com\vso\mcmnhdlr.exe
+ WFXSwtch c:\program files\winfax\wfxswtch.exe
+ WinPatrol WinPatrol System Monitor BillP Studios c:\program files\billp studios\winpatrol\winpatrol.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
+ Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
+ Digital Line Detect.lnk Digital Line Detection BVRP Software c:\program files\digital line detect\dlg.exe
+ HP Digital Imaging Monitor.lnk HP Digital Imaging Monitor Hewlett-Packard Co. c:\program files\hp\digital imaging\bin\hpqtra08.exe
+ HP Image Zone Fast Start.lnk HP Image Zone Hewlett-Packard Co. c:\program files\hp\digital imaging\bin\hpqthb08.exe
+ Palo Alto Software Update Manager 8.0.lnk Palo Alto Software Update Manager 8.0 Palo Alto Software c:\program files\common files\palo alto software\8.0\pas8_update.exe
+ WinZip Quick Pick.lnk WinZip Executable WinZip Computing LP c:\program files\winzip\wzqkpick.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
+ DellSupport Dell Support Gteko Ltd. c:\program files\dell support\dsagnt.exe
+ Skype Skype. The whole world can talk for free. Skype Technologies S.A. c:\program files\skype\phone\skype.exe
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
+ 0 File not found: About:Home
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
+ wfxseh32.dll Shell extension for ACT phonebook integration DLL Symantec Corporation c:\program files\winfax\wfxseh32.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
+ Display Panning CPL Extension File not found: deskpan.dll
+ DriveLetterAccess Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\dlashx_w.dll
+ HyperTerminal Icon Ext HyperTerminal Applet Library Hilgraeve, Inc. c:\windows\system32\hticons.dll
+ iTunes iTunes Mini Player DLL Apple Computer, Inc. c:\program files\itunes\itunesminiplayer.dll
+ NvCpl DesktopContext Class NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
+ Play on my TV helper NVIDIA Display Properties Extension NVIDIA Corporation c:\windows\system32\nvcpl.dll
+ PowerISO PowerISOShell DLL PowerISO Computing, Inc. c:\program files\poweriso\pwrisosh.dll
+ Shell Extensions for RealOne Player RealPlayer Shell Extensions RealNetworks, Inc. c:\program files\real\realplayer\rpshell.dll
+ WinRAR shell extension c:\program files\winrar\rarext.dll
+ WinZip WinZip Shell Extension DLL WinZip Computing LP c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL WinZip Computing LP c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL WinZip Computing LP c:\program files\winzip\wzshlstb.dll
+ WinZip WinZip Shell Extension DLL WinZip Computing LP c:\program files\winzip\wzshlstb.dll
+ {506F4668-F13E-4AA1-BB04-B43203AB3CC0} c:\program files\microsoft office\visio11\visshe.dll
+ {D66DC78C-4F61-447F-942B-3FB6980118CF} c:\program files\microsoft office\visio11\visshe.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ Adobe PDF Reader Link Helper Adobe Acrobat IE Helper Version 7.0 for ActiveX Adobe Systems Incorporated c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
+ CBrowserHelperObject Object BAE.dll Dell Inc. c:\program files\bae\bae.dll
+ DriveLetterAccess Drive Letter Access Component Sonic Solutions c:\windows\system32\dla\dlashx_w.dll
+ Google Toolbar Helper Google IE Client Toolbar Google Inc. c:\program files\google\googletoolbar3.dll
+ McAfee AntiPhishing Filter McApfBHO McAfee, Inc. c:\program files\mcafee\spamkiller\mcapfbho.dll
+ McAfee Privacy Service Popup Blocker McAfee Privacy Service Internet Explorer Popup Blocker McAfee, Inc. c:\program files\mcafee.com\mps\popupkiller.dll
+ McBrwHelper Class McAfee Privacy Service Browser Helper DLL McAfee, Inc. c:\program files\mcafee.com\mps\mcbrhlpr.dll
HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ googletoolbar3.dll Google IE Client Toolbar Google Inc. c:\program files\google\googletoolbar3.dll
+ McAfee VirusScan McAfee VirusScan Shell Extension Module McAfee, Inc. c:\program files\mcafee.com\vso\mcvsshl.dll
Task Scheduler
+ McAfee.com Scan for Viruses - My Computer (IAIN-IJS).job McAfee VirusScan Command Handler McAfee, Inc. c:\program files\mcafee.com\vso\mcmnhdlr.exe
+ RegCure.job RegCure Application c:\program files\regcure\regcure.exe
HKLM\System\CurrentControlSet\Services
+ AOL ACS AOL Connectivity Service America Online, Inc. c:\program files\common files\aol\acs\aolacsd.exe
+ IAANTMon RAID Monitor Intel Corporation c:\program files\intel\intel matrix storage manager\iaantmon.exe
+ McDetect.exe McAfee WSC Integration Service McAfee, Inc c:\program files\mcafee.com\agent\mcdetect.exe
+ McShield On-Access Scanner service McAfee Inc. c:\program files\mcafee.com\vso\mcshield.exe
+ McTskshd.exe McAfee Task Scheduler McAfee, Inc c:\program files\mcafee.com\agent\mctskshd.exe
+ MpfService McAfee Personal Firewall Service McAfee Corporation c:\program files\mcafee.com\personal firewall\mpfservice.exe
+ MskService McAfee SpamKiller Server McAfee Inc. c:\program files\mcafee\spamkiller\msksrvr.exe
+ NVSvc Provides system and desktop level support to the NVIDIA display driver NVIDIA Corporation c:\windows\system32\nvsvc32.exe
+ Pml Driver HPZ12 PML Driver HP c:\windows\system32\hpzipm12.exe
+ wfxsvc Symantec WinFax PRO NT Service Symantec Corporation c:\windows\system32\wfxsvc.exe
HKLM\System\CurrentControlSet\Services
+ DRVMCDB Device Driver Sonic Solutions c:\windows\system32\drivers\drvmcdb.sys
+ E100B NDIS 5 driver Intel Corporation c:\windows\system32\drivers\e100b325.sys
+ e1express Intel(R) PRO/1000 Adapter NDIS 5.1 deserialized driver Intel Corporation c:\windows\system32\drivers\e1e5132.sys
+ GEARAspiWDM CDRom Class Filter Driver GEAR Software Inc. c:\windows\system32\drivers\gearaspiwdm.sys
+ HDAudBus High Definition Audio Bus Driver v1.0 Windows (R) Server 2003 DDK provider c:\windows\system32\drivers\hdaudbus.sys
+ HSF_DP HSF_DP driver Conexant Systems, Inc. c:\windows\system32\drivers\hsf_dp.sys
+ HSFHWBS2 HSF_HWB2 WDM driver Conexant Systems, Inc. c:\windows\system32\drivers\hsfhwbs2.sys
+ iastor Intel Matrix Storage Manager driver Intel Corporation c:\windows\system32\drivers\iastor.sys
+ mdmxsdk Diagnostic Interface DRIVER Conexant c:\windows\system32\drivers\mdmxsdk.sys
+ MPFIREWL McAfee Personal Firewall Driver McAfee c:\windows\system32\drivers\mpfirewall.sys
+ NaiAvFilter1 Anti-Virus File System Filter Driver McAfee Inc. c:\windows\system32\drivers\naiavf5x.sys
+ nv NVIDIA Compatible Windows 2000 Miniport Driver, Version 82.65 NVIDIA Corporation c:\windows\system32\drivers\nv4_mini.sys
+ Ptilink Direct Parallel Link Driver Parallel Technologies, Inc. c:\windows\system32\drivers\ptilink.sys
+ PxHelp20 Px Engine Device Driver for Windows 2000/XP Sonic Solutions c:\windows\system32\drivers\pxhelp20.sys
+ Secdrv SafeDisc driver c:\windows\system32\drivers\secdrv.sys
+ SONYPVU1 Sony USB Lower Filter driver Sony Corporation c:\windows\system32\drivers\sonypvu1.sys
+ sscdbus SAMSUNG USB Composite Device Driver MCCI c:\windows\system32\drivers\sscdbus.sys
+ sscdmdfl SAMSUNG CDMA Modem Filter MCCI c:\windows\system32\drivers\sscdmdfl.sys
+ sscdmdm SAMSUNG CDMA Modem Drivers MCCI c:\windows\system32\drivers\sscdmdm.sys
+ STHDA NDRC SigmaTel, Inc. c:\windows\system32\drivers\sthda.sys
+ wanatw Wan Miniport (ATW) America Online, Inc. c:\windows\system32\drivers\wanatw4.sys
+ winachsf HSF_CNXT driver Conexant Systems, Inc. c:\windows\system32\drivers\hsf_cnxt.sys
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
+ C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL Google Desktop Google c:\program files\google\google desktop search\googledesktopnetwork3.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{57968DBB-0943-4077-BB0E-0442506DE9D7}] DATAGRAM 0 McAfee Layered Service Provider McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{57968DBB-0943-4077-BB0E-0442506DE9D7}] SEQPACKET 0 McAfee Layered Service Provider McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{C8FB8631-14EB-4BD0-9EBA-74664FE3AF1E}] DATAGRAM 2 McAfee Layered Service Provider McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{C8FB8631-14EB-4BD0-9EBA-74664FE3AF1E}] SEQPACKET 2 McAfee Layered Service Provider McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA219350-B25F-4304-B0A7-CA6C15D25C3F}] DATAGRAM 1 McAfee Layered Service Provider McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD NetBIOS [\Device\NetBT_Tcpip_{EA219350-B25F-4304-B0A7-CA6C15D25C3F}] SEQPACKET 1 McAfee Layered Service Provider McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD Tcpip [RAW/IP] McAfee Layered Service Provider McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD Tcpip [TCP/IP] McAfee Layered Service Provider McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED MSAFD Tcpip [UDP/IP] McAfee Layered Service Provider McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED RSVP TCP Service Provider McAfee Layered Service Provider McAfee, Inc. c:\windows\system32\mclsp.dll
+ MC_LAYERED RSVP UDP Service Provider McAfee Layered Service Provider McAfee, Inc. c:\windows\system32\mclsp.dll
+ McAfee.com Layered Provider McAfee Layered Service Provider McAfee, Inc. c:\windows\system32\mclsp.dll
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
+ Dell 924 Port Printer Communication System c:\windows\system32\dlcclmpm.dll
+ HP Standard TCP/IP Port Standard TCP/IP Port Monitor DLL Hewlett Packard c:\windows\system32\hptcpmon.dll
+ hpzlnt12 HP c:\windows\system32\hpzlnt12.dll

 

Those logs didn't show me anything.

Can you tell what it is trying to install? Any info shown?

 

yes its trying to install photo gallery??

 

Earlier in this thread I gave you a link to the MS Installer cleanup tool.

In the dialog box, if this install shows, highlight it and only it.

Regards - Charles

 

Hi Charles,

Thanks for this yes this removed the startup problem but I still have the Generic host issue and the speed of my computer has now slowed right down and freezes often, especially when I try to view "My Computer" in explorer it takes about 2 mins to display the contents.

Any help would be appreciated.

Many Thanks

Regards

Iain

 

Lets try a couple of other tools, for specific infections. Running them will not harm the system.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download FixWareout from one of these sites:
Subratam
Bleeping Computing

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once rebooted please post the text that will open (report.txt) and a new Hijackthis log file into this thread.
If you get a file output similar to below:

Go here and run the fix appropriate to your version of Windows:

http://www.tech-forums.net/computer/topic/29806.html

Then re-run Fixwareout please, thanks.


Reboot then run the next one:

Download haxfix.exe and save it to your desktop.

• Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
• Checkmark "Create a desktop icon "
• Click "Next "
• When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
• Click "Finish "

A red "dos window" (dos box) will open with options:

• Make logfile
• Run auto fix
• Run manual fix
• Exit Haxfix

• Select option 1. Make logfile by typing 1 and then pressing Enter
• Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt
• Copy the contents of that logfile and paste it into this thread. (c:\haxfix.txt)